Paul Dorsch
1d1e13bfa7
update packages to fix pack ( #1234 )
2024-08-23 15:27:44 -04:00
Paul Dorsch
9297f055e6
Pauldorsch/fix invalid version bug ( #1232 )
...
* catch exceptions thrown from manual dependency scanning
* handle argument exceptions thrown, skipping those packages
* whitespace
* pr feedback
2024-08-22 10:07:36 -04:00
stan-sz
2dcd512bfa
Use MSTest meta package ( #1215 )
...
* Use MSTest meta package
This enables running MSTest Analyzers on test code to help avoid common test problems.
* Fix code coverage
* Fixes
Upgrade to latest and fix unnecessary type param
* Fix tests
* PR feedback
* Fix CC
2024-08-22 08:03:39 -04:00
Paul Dorsch
00edc78bf5
Pauldorsch/pipreport version fix ( #1229 )
...
* check for valid python versions before adding to the dependency graph
* bump version
* compiled regex
2024-08-19 12:49:12 -04:00
Paul Dorsch
edf0c8dc6e
Fix bug where pipreport used index-urls from requirements.txt ( #1227 )
...
* fix bug where pipreport used index urls in requirements.txt
* update tests
* docs
* add --no-input to pip install, so we do not hang waiting for user input
* pr feedback: performance and cleanup
* bump version
2024-08-19 14:28:52 +00:00
Paul Dorsch
f27fe8e98e
Add support to persist pip reports ( #1224 )
...
* add support to persist pip report
* pr feedback
2024-08-12 21:22:00 +00:00
Paul Dorsch
924c4ea498
Pauldorsch/fix support python m pip (unit tests) ( #1223 )
...
* add support for python -m pip
* update pip command service to accept python exe
* swap so we use pip as default
* fixing remote build
* fix tests
* add unit tests
2024-08-08 17:06:32 -04:00
Paul Dorsch
84e9308790
Pauldorsch/fix support python m pip ( #1222 )
...
* add support for python -m pip
* update pip command service to accept python exe
* swap so we use pip as default
* fixing remote build
* fix tests
2024-08-08 16:30:12 -04:00
Paul Dorsch
3d161b08b2
graduate pipreport ( #1219 )
2024-08-06 16:44:26 -04:00
Greg Villicana
80146ce1b9
Add logs to MvnCLI and use dictionaries to improve perf on large repos ( #1213 )
...
* Add logs to MvnCLI and use dictionaries to improve perf on large repos
* Add cancellation token to MvnCLI command
2024-07-30 15:56:59 -07:00
Greg Villicana
80cff26bd7
Fix security alert ( #1208 )
...
* Fix security alert
2024-07-22 09:01:08 -07:00
Paul Dorsch
f0f16b4643
remove azure artifacts publish step ( #1206 )
2024-07-19 19:56:55 -04:00
Paul Dorsch
f4d84a84e8
Pauldorsch/bugfix invalid pipreport files ( #1205 )
...
* ignore pregenerated pipreports that don't cover the correct set of dependencies
* add validation to the pre-generated pipreport to prevent underdetection for overridden reports
* dispose of telemetry object
* move re-used code to a common utility method
2024-07-19 16:09:52 -04:00
Greg Villicana
13744eeec1
Promote VCPKG detector to enabled by default ( #1203 )
2024-07-17 10:50:26 -07:00
Paul Dorsch
024e2a57ce
PipReport back to experimental, add pre-generated PipReport parsing ( #1201 )
...
* revert experiment graduation, bump threads, and enable fast deps
* put reqs back
* add ability for pip to detect pregenerated reports with a specific naming scheme
* better directory handling
* improve logging
2024-07-16 15:49:35 -04:00
dependabot[bot]
dd3f531747
Bump github/codeql-action from 3.25.11 to 3.25.12 ( #1202 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...4fa2a79536
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 09:31:43 -07:00
dependabot[bot]
3f18b478eb
Bump actions/setup-dotnet from 4.0.0 to 4.0.1 ( #1197 )
...
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-dotnet/releases )
- [Commits](4d6c8fcf3c...6bd8b7f777
)
---
updated-dependencies:
- dependency-name: actions/setup-dotnet
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 09:31:18 -07:00
Robert Schumacher
99e6d43884
Create vcpkg.md ( #1195 )
...
* Create vcpkg.md
---------
Co-authored-by: Greg Villicana <58237075+grvillic@users.noreply.github.com>
2024-07-15 16:29:15 -07:00
Amitla Vannikumar
0707d99b36
Revert "Move Go With Replace Detector to the Standard Go Detector" ( #1198 )
...
* Revert "go detector (#1194 )"
This reverts commit 39058c5561
.
* Update ServiceCollectionExtensions.cs
* Update ServiceCollectionExtensions.cs
2024-07-10 14:18:24 -07:00
Paul Dorsch
683f30ee44
Graduate pipreport ( #1199 )
...
* graduate pipreport
* bump versions
2024-07-10 16:24:06 -04:00
dependabot[bot]
a2fbc9adeb
Bump actions/upload-artifact from 4.3.3 to 4.3.4 ( #1192 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65462800fd...0b2256b8c0
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 14:24:26 -07:00
dependabot[bot]
09a7b85dd9
Bump github/codeql-action from 3.25.10 to 3.25.11 ( #1189 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.10 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](23acc5c183...b611370bb5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 14:24:06 -07:00
Amitla Vannikumar
39058c5561
go detector ( #1194 )
...
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-07-08 12:54:11 -07:00
Paul Dorsch
fb9423e93c
PipReport option to fallback and parse roots from source ( #1190 )
...
* add fallback logic to pipreport for cases where we shouldn't reach out to remote feed, and should parse source instead
* add the manual detection as fallback if pip report fails
* add option to skip or fallback to a source code scan
* add docs and fix tests
* remove fallback
* add fallback back, and env var to allow for skipping fallback
2024-07-08 12:39:27 -04:00
Paul Dorsch
52daf67864
Add ADO package release pipeline ( #1187 )
...
* initial commit to add ado release pipeline
* remove nuget auth task that was not used
* use internal feed for pulling
2024-06-25 12:53:48 -04:00
Paul Dorsch
cf13ef1b10
fix timeout lower bound ( #1186 )
2024-06-24 14:27:37 -04:00
Paul Dorsch
c20c3b0f56
Pauldorsch/reconcile dependency graph logic ( #1183 )
...
* reconcile dependency graph logic
* handle null / empty conditional vars
* remove files
* current pip detector case insensitive metadata file match
* some cleanup
* fix tests
* test with reverted reqs
* Revert "test with reverted reqs"
This reverts commit 293a4b53cc
.
* disable parallelism for all but pip report
* whitespace
* pr feedback, fix ignore packages, bump versions
2024-06-21 13:25:42 -07:00
Amitla Vannikumar
2284e06a29
Go With Replace Detector no File Parsing ( #1181 )
...
* not parsing for replace module
* require
---------
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-06-19 15:11:43 -07:00
Meir Blachman
dafe52772a
optimize regular expression creation in NpmComponentDetector ( #1177 )
...
* optimize regular expression creation in NpmComponentDetector
* optimize regular expression creation in NpmComponentDetector
* Update src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Co-authored-by: Coby Allred <cobyallred@gmail.com>
---------
Co-authored-by: Coby Allred <cobyallred@gmail.com>
2024-06-19 09:38:39 -07:00
dependabot[bot]
155b742e08
Bump github/codeql-action from 3.25.9 to 3.25.10 ( #1173 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.9 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](530d4feaa9...23acc5c183
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 09:59:31 -07:00
dependabot[bot]
e21ed2268c
Bump codecov/codecov-action from 4.4.1 to 4.5.0 ( #1174 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](125fc84a9a...e28ff129e5
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 09:59:13 -07:00
Paul Dorsch
b635ce6a43
bump pip detector version ( #1175 )
2024-06-14 14:30:24 -07:00
Paul Dorsch
6c4ca4f842
Enable parallelism by detector ( #1171 )
...
* conflicts
* save
* resolving remaining conflicts
* change location of default max thread var
* add input validation
* reduce default parallelism
* Update default max threads
---------
Co-authored-by: Coby Allred <cobyallred@gmail.com>
2024-06-14 13:21:12 -07:00
Fernando Rojo
22a88b52af
Add python version conditional dependency check ( #973 )
...
* Add python version conditional dependency check
* add sys_platform condition, and some tests
* add comments / string comparison
---------
Co-authored-by: Coby Allred <cobyallred@gmail.com>
Co-authored-by: Paul Dorsch <pauldorsch@microsoft.com>
2024-06-14 13:10:26 -07:00
Paul Dorsch
e626211624
Add CancellationToken support to CD processes ( #1167 )
...
* add cancellation tokens to pip report
* update timeouts for experimental runs
* fix tests
* simplify logic
* update registration
* remove out/err timeout
* fix ci build
* swallow certain invalid operation exceptions from killing processes
* add pip command test
* pr feedback
2024-06-13 18:08:42 -07:00
dependabot[bot]
44a30a94b7
Bump actions/checkout from 4.1.6 to 4.1.7 ( #1170 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-12 16:48:27 -07:00
dependabot[bot]
6a36c33b9c
Bump github/codeql-action from 3.25.8 to 3.25.9 ( #1169 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.8 to 3.25.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...530d4feaa9
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-12 16:29:56 -07:00
Paul Dorsch
e8c72a1b00
Add env var that allows customers to skip pip report ( #1166 )
...
* add env var to skip pip report
* fixed log messages
2024-06-10 16:17:44 -07:00
renovate[bot]
5e496e383d
chore(deps): update mstest monorepo to v3.4.3 ( #1160 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-07 08:56:33 -07:00
Greg Villicana
2b5b6573c9
Sanitize another Docker telemetry event ( #1164 )
2024-06-06 21:02:09 -07:00
Greg Villicana
341b036de7
Sanitize Docker environment vars in logs ( #1163 )
2024-06-06 17:50:14 -07:00
renovate[bot]
e1b4ada2a8
chore(deps): update dependency system.reactive to v6.0.1 ( #1136 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 15:45:21 -07:00
renovate[bot]
67fdc4ba25
chore(deps): update dependency serilog to v4 ( #1161 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 15:43:49 -07:00
Coby Allred
967d63af3d
Update renovate.json configuration ( #1157 )
...
Update renovate.json configuration to limit open branches and add weekly lock file maintenance.
2024-06-06 13:40:13 -07:00
Coby Allred
3145e53fbd
Update Gradle parsing to reduce calls to IsDevDependencyByLockfile ( #1156 )
2024-06-06 13:39:12 -07:00
renovate[bot]
72abdcc33d
chore(deps): update dependency yamldotnet to v15 ( #982 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:57:33 -07:00
renovate[bot]
dd8f6d73c6
chore(deps): update nuget monorepo to v6.10.0 ( #1138 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:55:31 -07:00
renovate[bot]
f3167067a2
chore(deps): update dependency minver to v5 ( #1140 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:55:00 -07:00
dependabot[bot]
b7ead0cb0d
Bump github/codeql-action from 3.25.6 to 3.25.8 ( #1153 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...2e230e8fe0
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 12:53:20 -07:00
Greg Villicana
07a2e84f94
Simple sanitization in strings used in CLI before logging ( #1155 )
2024-06-05 18:10:19 -07:00