81c00b847d
chore(deps): update dependency newtonsoft.json.schema to v3.0.16 ( #1117 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-23 17:15:14 +01:00
3947eee67a
Small updates to PipReport detector ( #1131 )
...
Co-authored-by: Coby Allred <coallred@microsoft.com>
2024-05-23 09:13:54 -07:00
e9a146ca76
Add Pip installation report experimental detector ( #1129 )
...
* Add PipReport experimental detector
* Don't use primary constructor
* Fix CI break
* Address PR comments
* Update src/Microsoft.ComponentDetection.Detectors/pip/PipReportUtilities.cs
Co-authored-by: Jamie Magee <jamagee@microsoft.com>
* Update src/Microsoft.ComponentDetection.Detectors/pip/PipReportComponentDetector.cs
Co-authored-by: Jamie Magee <jamagee@microsoft.com>
* Log cmd failure
---------
Co-authored-by: Coby Allred <coallred@microsoft.com>
Co-authored-by: Jamie Magee <jamagee@microsoft.com>
2024-05-22 18:43:13 -07:00
5894c27af3
Update RustCli Parsing to process pkgId, and introduce manual override ( #1106 )
...
* Update RustCli Parsing to process pkgId, and allow manual override to fallback with DisableRustCliScan
* add tests
* Update detector version
* Update cli detector to use manifest packages instead of manually parsing
2024-05-16 14:15:54 -07:00
04776cc59b
chore(deps): update dependency polly to v8.4.0 ( #1118 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-16 09:11:35 -07:00
d8dfec74ac
chore(deps): update dependency coverlet.msbuild to v6.0.2 ( #1036 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-15 14:14:17 -07:00
850ea5490a
build(deps): bump github/codeql-action from 3.25.3 to 3.25.5 ( #1104 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.3 to 3.25.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d39d31e687...b7cec75265
2024-05-15 14:13:51 -07:00
a03ea433e4
build(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #1099 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-15 14:05:32 -07:00
e5b9b04bb7
build(deps): bump codecov/codecov-action from 4.3.1 to 4.4.0 ( #1107 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5ecb98a3c6...6d798873df
2024-05-15 13:50:46 -07:00
95c12a8b4e
Add pnpm v6 support as an experimental detector ( #1110 )
...
* Add pnpm v6 support
* PR comments
---------
Co-authored-by: Coby Allred <coallred@microsoft.com>
2024-05-15 12:57:49 -07:00
d7118c4b52
build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 ( #1103 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 16:22:15 -07:00
551850f884
Use random name for IvyDetector working folder to avoid problems when multiple detectors are running in parallel. ( #1101 )
2024-05-13 15:43:27 -07:00
a513de5a27
build(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 ( #1095 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](84508663e9...5ecb98a3c6
2024-05-02 13:26:45 -07:00
63a111001d
build(deps): bump github/codeql-action from 3.25.2 to 3.25.3 ( #1090 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8f596b4ae3...d39d31e687
2024-05-02 12:14:08 -07:00
ebee9743d1
build(deps): bump actions/checkout from 4.1.3 to 4.1.4 ( #1085 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada
2024-05-02 11:57:26 -07:00
e25e9f7a41
Lower experiments log severity ( #1094 )
2024-05-01 09:50:38 -07:00
6e2070a61c
build(deps): bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 ( #1074 )
...
* build(deps): bump stefanzweifel/git-auto-commit-action
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](8756aa072e...8621497c8c
2024-04-24 10:56:14 -07:00
63c53a135b
build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 ( #1081 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
2024-04-24 09:50:09 -07:00
f5709fd1c3
chore(deps): update dependency microsoft.net.test.sdk to v17.9.0 ( #1082 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-24 09:49:47 -07:00
e0c3bc4340
build(deps): bump github/codeql-action from 3.25.1 to 3.25.2 ( #1079 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.1 to 3.25.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f9125735...8f596b4ae3
2024-04-24 09:35:58 -07:00
9f5913a990
chore(deps): update dependency valleysoft.dockerfilemodel to v1.1.1 ( #1075 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-23 15:29:23 -07:00
627208faea
build(deps): bump codecov/codecov-action from 4.1.0 to 4.3.0 ( #1060 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](54bcd8715e...84508663e9
2024-04-23 15:28:28 -07:00
d3e2ca44d5
build(deps): bump actions/checkout from 4.1.2 to 4.1.3 ( #1077 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1
2024-04-23 15:26:34 -07:00
614aced289
build(deps): bump shogo82148/actions-upload-release-asset ( #1056 )
...
Bumps [shogo82148/actions-upload-release-asset](https://github.com/shogo82148/actions-upload-release-asset ) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/shogo82148/actions-upload-release-asset/releases )
- [Commits](5bd52f05dd...8f032eff02
2024-04-23 15:26:08 -07:00
3dd4d94b18
chore(deps): update actions/upload-artifact action to v4.3.2 ( #1072 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-18 15:40:34 -07:00
74bb47a128
build(deps): bump danhellem/github-actions-issue-to-work-item ( #1058 )
...
Bumps [danhellem/github-actions-issue-to-work-item](https://github.com/danhellem/github-actions-issue-to-work-item ) from 2.2 to 2.3.
- [Release notes](https://github.com/danhellem/github-actions-issue-to-work-item/releases )
- [Commits](3072da42ab...e077ff031c
2024-04-18 15:39:24 -07:00
fad3a603e1
build(deps): bump actions/checkout from 4.1.1 to 4.1.2 ( #1040 )
...
* build(deps): bump actions/checkout from 4.1.1 to 4.1.2
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-04-18 22:29:09 +00:00
5ed1776b5b
chore(deps): update release-drafter/release-drafter action to v6 ( #1002 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-18 15:27:48 -07:00
a4144f4302
build(deps): bump github/codeql-action from 3.24.6 to 3.25.1 ( #1068 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.25.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8a470fddaf...c7f9125735
2024-04-18 15:21:33 -07:00
410d58871f
adding go with replace experiment ( #1067 )
...
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-04-17 13:38:27 -07:00
2de3cc0db2
Go CLI Replacement ( #1052 )
...
* adding go cli replace strategy
* adding test for replace section
* revert gocomponent detector
* reverting
* adding replace module test
* adding tests and null checks
---------
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-04-01 10:17:14 -07:00
90a1031c63
Replace in Go Mod ( #1045 )
...
* adding replace from go mod file
* removing condition
* changing comments
* adding experiment
* adding experimental detector
* version change
---------
Co-authored-by: Amitla Vannikumar <avannikumar@microsoft.com>
2024-03-27 14:24:16 -07:00
1165716c72
Update VCPKG component identifier in detector ( #1046 )
2024-03-25 10:39:26 -07:00
c06abda25f
Add new VCPKG experiment ( #1042 )
...
* Add new VCPKG experiment
2024-03-20 18:24:45 -07:00
c54943343a
Flip prod switch for rust detector and clean up root dependencies ( #1034 )
...
* Flip prod switch for rust detector and clean up root dependency resolution
* comments
2024-03-19 12:01:13 -06:00
0f5e6a925c
build(deps): bump mshick/add-pr-comment from 2.8.1 to 2.8.2 ( #998 )
...
Bumps [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment ) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/mshick/add-pr-comment/releases )
- [Commits](7c0890544f...b8f338c590
2024-03-15 08:46:23 -07:00
3040f1a429
build(deps): bump shogo82148/actions-upload-release-asset ( #1024 )
...
Bumps [shogo82148/actions-upload-release-asset](https://github.com/shogo82148/actions-upload-release-asset ) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/shogo82148/actions-upload-release-asset/releases )
- [Commits](dccd6d23e6...5bd52f05dd
2024-03-15 08:43:23 -07:00
60dbfdd10d
build(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 ( #1003 )
...
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter ) from 5.25.0 to 6.0.0.
- [Release notes](https://github.com/release-drafter/release-drafter/releases )
- [Commits](09c613e259...3f0f87098b
2024-03-15 08:41:58 -07:00
56f248edc2
build(deps): bump codecov/codecov-action from 4.0.0 to 4.1.0 ( #1019 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](f30e4959ba...54bcd8715e
2024-03-15 08:37:31 -07:00
5f070aad80
chore(deps): update mstest monorepo to v3.2.2 ( #985 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-15 08:36:31 -07:00
ef20b7f7a8
build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #1005 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-03-15 08:35:45 -07:00
cd5e3010e5
Support for release candidate versions python detector ( #1021 )
...
* Support for release candidate versions python detector
* Allow SimplePythonResolver to detect release candidate versions
* bumped detectors version
2024-03-15 08:35:17 -07:00
9a600c8690
Evaluating invalid maven scope as "Compile" ( #1033 )
...
* Evaluating invalid maven scope as "Compile"
* upgrading component version
* fixed typos in test names
2024-03-14 20:54:13 -07:00
fb464caf8d
Handle comments gracefully by the go fallback detector ( #1027 )
2024-03-14 08:16:53 -07:00
0bbeeee418
Added optional dependency detection for npm lockfiles (version 2 and 3) ( #1030 )
2024-03-13 14:55:31 -07:00
5be87280bf
Ignore leading and trailing spaces on versions ( #1025 )
2024-03-06 15:31:08 -08:00
1eea9ac522
Resolve security vulnerabilities ( #1023 )
2024-03-05 03:07:13 +00:00
bb153af95c
chore(deps): update github/codeql-action action to v3.24.6 ( #988 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-01 13:38:07 -08:00
f85b6c4363
Support development dependencies for the Gradle detector ( #878 )
...
* Support development dependencies for the Gradle detector
Lack of development dependency detection for Gradle is a problem for
Android teams, especially in the context of Component Governance
alerts. Unfortunately Gradle doesn't provide enough information to
definitively identify dev dependencies in all cases, so manual
configuration is required. This change adds dev dependency
classification through two mechanisms
1. `buildscript-gradle.lockfile` and `settings-gradle.lockfile`
contain only build-system dependencies, so always classify these as
development dependencies.
2. Processing based on two new environment variables:
`GRADLE_PROD_CONFIGURATIONS_REGEX` and
`GRADLE_DEV_CONFIGURATIONS_REGEX`. Gradle lockfiles indicate which
Gradle configuration(s) each dependency is required by.
`GRADLE_PROD_CONFIGURATIONS_REGEX` allows specifying
production configurations explicitly. All other configurations are
considered development. Alternately, dev configurations may be
specified in `GRADLE_DEV_CONFIGURATIONS_REGEX` and all others are
considered production.
* Changes based on meeting prior to the holidays
* fluent assertions
* Visual studio recommendations
* More fluent assertsions
* Fix test to be cross-platform
* Fix the cross-platform test fix
* Fix code coverage by removing dead code check
* Address code review comments
2024-02-27 10:39:53 -08:00
0b8a2e6889
Update RustCLI processing to handle virtual manifests / skip over vendor packages ( #1015 )
...
* Update RustCLI processing to handle virtual manifests and skip over vendor packages
* update tests for new logic
* update detector version
* resolve comment
2024-02-23 18:09:29 -07:00
renovate[bot]
Coby Allred
Fernando Rojo
dependabot[bot]
Simon Abykov
Amitla Vannikumar
Greg Villicana
Juan Carlos Fiorenzano
Rushabh
James Oakley