Граф коммитов

735 Коммитов

Автор SHA1 Сообщение Дата
Amitla Vannikumar 0707d99b36
Revert "Move Go With Replace Detector to the Standard Go Detector" (#1198)
* Revert "go detector (#1194)"

This reverts commit 39058c5561.

* Update ServiceCollectionExtensions.cs

* Update ServiceCollectionExtensions.cs
2024-07-10 14:18:24 -07:00
Paul Dorsch 683f30ee44
Graduate pipreport (#1199)
* graduate pipreport

* bump versions
2024-07-10 16:24:06 -04:00
dependabot[bot] a2fbc9adeb
Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#1192)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65462800fd...0b2256b8c0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 14:24:26 -07:00
dependabot[bot] 09a7b85dd9
Bump github/codeql-action from 3.25.10 to 3.25.11 (#1189)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](23acc5c183...b611370bb5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 14:24:06 -07:00
Amitla Vannikumar 39058c5561
go detector (#1194)
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-07-08 12:54:11 -07:00
Paul Dorsch fb9423e93c
PipReport option to fallback and parse roots from source (#1190)
* add fallback logic to pipreport for cases where we shouldn't reach out to remote feed, and should parse source instead

* add the manual detection as fallback if pip report fails

* add option to skip or fallback to a source code scan

* add docs and fix tests

* remove fallback

* add fallback back, and env var to allow for skipping fallback
2024-07-08 12:39:27 -04:00
Paul Dorsch 52daf67864
Add ADO package release pipeline (#1187)
* initial commit to add ado release pipeline

* remove nuget auth task that was not used

* use internal feed for pulling
2024-06-25 12:53:48 -04:00
Paul Dorsch cf13ef1b10
fix timeout lower bound (#1186) 2024-06-24 14:27:37 -04:00
Paul Dorsch c20c3b0f56
Pauldorsch/reconcile dependency graph logic (#1183)
* reconcile dependency graph logic

* handle null / empty conditional vars

* remove files

* current pip detector case insensitive metadata file match

* some cleanup

* fix tests

* test with reverted reqs

* Revert "test with reverted reqs"

This reverts commit 293a4b53cc.

* disable parallelism for all but pip report

* whitespace

* pr feedback, fix ignore packages, bump versions
2024-06-21 13:25:42 -07:00
Amitla Vannikumar 2284e06a29
Go With Replace Detector no File Parsing (#1181)
* not parsing for replace module

* require

---------

Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-06-19 15:11:43 -07:00
Meir Blachman dafe52772a
optimize regular expression creation in NpmComponentDetector (#1177)
* optimize regular expression creation in NpmComponentDetector

* optimize regular expression creation in NpmComponentDetector

* Update src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs

Co-authored-by: Coby Allred <cobyallred@gmail.com>

---------

Co-authored-by: Coby Allred <cobyallred@gmail.com>
2024-06-19 09:38:39 -07:00
dependabot[bot] 155b742e08
Bump github/codeql-action from 3.25.9 to 3.25.10 (#1173)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.9 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](530d4feaa9...23acc5c183)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 09:59:31 -07:00
dependabot[bot] e21ed2268c
Bump codecov/codecov-action from 4.4.1 to 4.5.0 (#1174)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](125fc84a9a...e28ff129e5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 09:59:13 -07:00
Paul Dorsch b635ce6a43
bump pip detector version (#1175) 2024-06-14 14:30:24 -07:00
Paul Dorsch 6c4ca4f842
Enable parallelism by detector (#1171)
* conflicts

* save

* resolving remaining conflicts

* change location of default max thread var

* add input validation

* reduce default parallelism

* Update default max threads

---------

Co-authored-by: Coby Allred <cobyallred@gmail.com>
2024-06-14 13:21:12 -07:00
Fernando Rojo 22a88b52af
Add python version conditional dependency check (#973)
* Add python version conditional dependency check

* add sys_platform condition, and some tests

* add comments / string comparison

---------

Co-authored-by: Coby Allred <cobyallred@gmail.com>
Co-authored-by: Paul Dorsch <pauldorsch@microsoft.com>
2024-06-14 13:10:26 -07:00
Paul Dorsch e626211624
Add CancellationToken support to CD processes (#1167)
* add cancellation tokens to pip report

* update timeouts for experimental runs

* fix tests

* simplify logic

* update registration

* remove out/err timeout

* fix ci build

* swallow certain invalid operation exceptions from killing processes

* add pip command test

* pr feedback
2024-06-13 18:08:42 -07:00
dependabot[bot] 44a30a94b7
Bump actions/checkout from 4.1.6 to 4.1.7 (#1170)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-12 16:48:27 -07:00
dependabot[bot] 6a36c33b9c
Bump github/codeql-action from 3.25.8 to 3.25.9 (#1169)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2e230e8fe0...530d4feaa9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-12 16:29:56 -07:00
Paul Dorsch e8c72a1b00
Add env var that allows customers to skip pip report (#1166)
* add env var to skip pip report

* fixed log messages
2024-06-10 16:17:44 -07:00
renovate[bot] 5e496e383d
chore(deps): update mstest monorepo to v3.4.3 (#1160)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-07 08:56:33 -07:00
Greg Villicana 2b5b6573c9
Sanitize another Docker telemetry event (#1164) 2024-06-06 21:02:09 -07:00
Greg Villicana 341b036de7
Sanitize Docker environment vars in logs (#1163) 2024-06-06 17:50:14 -07:00
renovate[bot] e1b4ada2a8
chore(deps): update dependency system.reactive to v6.0.1 (#1136)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 15:45:21 -07:00
renovate[bot] 67fdc4ba25
chore(deps): update dependency serilog to v4 (#1161)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 15:43:49 -07:00
Coby Allred 967d63af3d
Update renovate.json configuration (#1157)
Update renovate.json configuration to limit open branches and add weekly lock file maintenance.
2024-06-06 13:40:13 -07:00
Coby Allred 3145e53fbd
Update Gradle parsing to reduce calls to IsDevDependencyByLockfile (#1156) 2024-06-06 13:39:12 -07:00
renovate[bot] 72abdcc33d
chore(deps): update dependency yamldotnet to v15 (#982)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:57:33 -07:00
renovate[bot] dd8f6d73c6
chore(deps): update nuget monorepo to v6.10.0 (#1138)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:55:31 -07:00
renovate[bot] f3167067a2
chore(deps): update dependency minver to v5 (#1140)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-06 12:55:00 -07:00
dependabot[bot] b7ead0cb0d
Bump github/codeql-action from 3.25.6 to 3.25.8 (#1153)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9fdb3e4972...2e230e8fe0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 12:53:20 -07:00
Greg Villicana 07a2e84f94
Simple sanitization in strings used in CLI before logging (#1155) 2024-06-05 18:10:19 -07:00
Paul Dorsch dec038ae37
fix the requested_extras parsing for pip report (#1154) 2024-06-05 12:42:53 -04:00
Coby Allred 9f1e5a9083
Update NormalizePath to be more robust (#1152) 2024-06-04 22:10:30 +00:00
Paul Dorsch b3e3c9de59
Pauldorsch/remove pip report throw (#1151)
* remove throw for pip report so all pip files will be scanned

* fix tests
2024-06-04 15:03:27 -07:00
Paul Dorsch 393db4724c
Merged pnpm6 experiment into pnpm detector (#1145)
* merged pnpm6 into pnpm detector

* bump version and make the factory method private

* name of type

* improved logging

* added telemetry record for pnpm, and other minor updates to methods for conciseness

* standardize the invalid version telemetry object

* removed invalid version file
2024-06-03 13:02:49 -04:00
Coby Allred 9c3b0d55a4
Increase Python cache window (#1144)
* Increase Python cache window

* Update pip.md

* Update IPyPiClient.cs
2024-05-31 17:54:09 +00:00
Coby Allred fb58fbe3db
Add CodeQL debug (#1142) 2024-05-29 08:58:04 -07:00
renovate[bot] 7841ed7ebd
chore(deps): update mstest monorepo to v3.4.0 (#1119)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 10:23:01 -07:00
renovate[bot] 4a329b434f
chore(deps): update dependency microsoft.net.test.sdk to v17.10.0 (#1137)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 10:14:45 -07:00
renovate[bot] dcac58d323
chore(deps): update dotnet monorepo (#958)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 10:10:47 -07:00
renovate[bot] 343c425057
chore(deps): update codecov/codecov-action action to v4.4.1 (#1133)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 10:01:48 -07:00
dependabot[bot] 9cb1784c8f
--- (#1126)
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 09:51:07 -07:00
renovate[bot] 6e68243983
chore(deps): update actions/checkout action to v4.1.6 (#1132)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 09:41:05 -07:00
renovate[bot] 3b5dac6d33
chore(deps): update dependency morelinq to v4.2.0 (#1084)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 16:30:57 +00:00
renovate[bot] 81c00b847d
chore(deps): update dependency newtonsoft.json.schema to v3.0.16 (#1117)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 17:15:14 +01:00
Coby Allred 3947eee67a
Small updates to PipReport detector (#1131)
Co-authored-by: Coby Allred <coallred@microsoft.com>
2024-05-23 09:13:54 -07:00
Coby Allred e9a146ca76
Add Pip installation report experimental detector (#1129)
* Add PipReport experimental detector

* Don't use primary constructor

* Fix CI break

* Address PR comments

* Update src/Microsoft.ComponentDetection.Detectors/pip/PipReportUtilities.cs

Co-authored-by: Jamie Magee <jamagee@microsoft.com>

* Update src/Microsoft.ComponentDetection.Detectors/pip/PipReportComponentDetector.cs

Co-authored-by: Jamie Magee <jamagee@microsoft.com>

* Log cmd failure

---------

Co-authored-by: Coby Allred <coallred@microsoft.com>
Co-authored-by: Jamie Magee <jamagee@microsoft.com>
2024-05-22 18:43:13 -07:00
Fernando Rojo 5894c27af3
Update RustCli Parsing to process pkgId, and introduce manual override (#1106)
* Update RustCli Parsing to process pkgId, and allow manual override to fallback with DisableRustCliScan

* add tests

* Update detector version

* Update cli detector to use manifest packages instead of manually parsing
2024-05-16 14:15:54 -07:00
renovate[bot] 04776cc59b
chore(deps): update dependency polly to v8.4.0 (#1118)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-16 09:11:35 -07:00