Skip to content

Bump Microsoft.Sbom.Extensions.DependencyInjection and 2 others #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump Microsoft.Sbom.Extensions.DependencyInjection and 2 others #8

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 30, 2025

Updated Microsoft.Sbom.Extensions.DependencyInjection from 3.1.0 to 4.1.0.

Release notes

Sourced from Microsoft.Sbom.Extensions.DependencyInjection's releases.

4.1.0

⚙️ Changes

  • Fix externalRefs parser bug by @​jlperkins (#​1147)
  • Add aggregation docs by @​DaveTryon (#​1145)
  • Bump github/codeql-action from 3.29.0 to 3.29.3 by @dependabot[bot] (#​1144)
  • Ignore SHA1 codeQL warnings by @​sfoslund (#​1143)
  • Refactor constructor for Generator class by @​DaveTryon (#​1142)
  • Add E2E tests for aggregation, fix race condition by @​DaveTryon (#​1141)
  • Include package relationships when aggregating by @​DaveTryon (#​1139)
  • Ignore SHA1 codeQL warnings by @​sfoslund (#​1138)
  • Restore writing of root dependencies by @​DaveTryon (#​1137)
  • Include empty files and relationships arrays in aggregated SBOMs by @​sfoslund (#​1136)
  • Convert info message about invalid aggregation input to warn by @​sfoslund (#​1135)
  • Capture more package fields in MergeableContent by @​DaveTryon (#​1134)
  • Add correct relationships to MergeableContent by @​DaveTryon (#​1133)
  • Fix SBOM aggregation signing bug by @​sfoslund (#​1132)
  • Add a simple class to wrap the SbomConsolidationWorkflow by @​DaveTryon (#​1130)
  • Add aggregation telemetry by @​DaveTryon (#​1128)
  • Add telemetry file path option to aggregate verb by @​sfoslund (#​1129)
  • Rename Consolidation to Aggregation by @​DaveTryon (#​1127)
  • Generated a consolidated SBOM by @​DaveTryon (#​1126)
  • Do not require outputPath in consolidate config file by @​sfoslund (#​1124)
  • Ignore SPDX 3.0 SBOMs in consolidation by @​sfoslund (#​1123)
  • Running validation workflow in consolidate by @​sfoslund (#​1118)
  • Follow try standard by @​DaveTryon (#​1121)
  • remove pointless returns xml docs by @​SimonCropp (#​1112)
  • Pass set of validated SBOMs to consolidation by @​DaveTryon (#​1119)
  • Add plumbing to collect packages from SPDX 2.2 files by @​DaveTryon (#​1117)
  • Adding validate plumbing to consolidate verb by @​sfoslund (#​1115)
  • remove broken param docs by @​SimonCropp (#​1111)
  • remove redundant interpolation by @​SimonCropp (#​1113)
  • Add simple unit tests for SbomConsolidationWorkflow by @​DaveTryon (#​1114)
  • Add SPDXFormatDetector for SPDX version detection by @​sfoslund (#​1108)
  • JSON encode env var values before config file insertion by @​sfoslund (#​1109)
  • Add config file for Consolidate action by @​DaveTryon (#​1110)
  • SBOM content diff checker between SPDX 2.2 and SPDX 3.0 by @​pragnya17 (#​1011)
  • Bump Microsoft.Build.Locator to 1.7.8, 1.9.1 by @dependabot[bot] (#​1102)
  • Expand env vars included in input config files by @​sfoslund (#​1105)
  • Complete the stubbed plumbing for Consolidate action by @​DaveTryon (#​1106)
  • Add skeleton for consolidation action by @​DaveTryon (#​1104)
  • Fix for package dependency bug by @​pragnya17 (#​1101)
  • build(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 by @dependabot[bot] (#​1099)
  • build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot[bot] (#​1100)
  • Create GitHub-targeted artifacts by @​DaveTryon (#​1091)
  • Add IsPackable to target condition by @​bording (#​1075)
  • Properly account for the number of files validated in ValidationResult by @​joshuamay-ms (#​1095)
  • remove build badge by @​SimonCropp (#​1085)
  • remove redundant FileHashesDictionarySingleton by @​SimonCropp (#​1084)
  • remove unused Program fields by @​SimonCropp (#​1086)
  • remove some dead variables by @​SimonCropp (#​1087)
  • disable this prefix convention by @​SimonCropp (#​1088)
    ... (truncated)

4.0.3

⚙️ Changes

  • Bump component-detection from 5.2.13 to 5.2.19 by @​DaveTryon (#​1051)
  • Add migration guide to V4 API by @​DaveTryon (#​1028)
  • Add documentation for SPDX 3.0 by @​pragnya17 (#​1027)

4.0.2

API BREAKING CHANGES

  • Please see #​1028 for details

New features

  • This release enables SPDX 3.0 support in generation and validation (not yet in redaction). Specify the -mi:SPDX3.0 parameter on the command line to enable the new functionality. Please see #​1027 for more details.

⚙️ Changes

  • Tidy interfaces just a bit by @​DaveTryon (#​1044)
  • Generate only supported manifests, get target configs, and use SourcesProviders as the source of truth by @​pragnya17 (#​1043)
  • Avoid Exception if an unsupported format is requested by @​DaveTryon (#​1034)
  • Teach ManifestValidator about extensions by @​DaveTryon (#​1033)
  • Rename NTIA to NTIAMin - no functional changes by @​DaveTryon (#​1031)
  • Rename "Compliance" to "Conformance" by @​DaveTryon (#​1030)
  • Add ability to pass additional telemetry data back from ISignValidator.Validate by @​DaveTryon (#​1026)
  • Fix SPDX 3.0 relationship generation by @​pragnya17 (#​1015)
  • Fix casing of ValidatedSbomFactory.CreateValidatedSBOM by @​DaveTryon (#​1023)
  • Bug fix for supplier and suppliedBy for root package in SPDX 3.0 by @​pragnya17 (#​1019)
  • NoAssertion bug for SBOM file and package generation by @​pragnya17 (#​1016)
  • Package DependOnId bug fix by @​pragnya17 (#​1017)
  • Add null check for SPDX 3.0 external identifiers by @​pragnya17 (#​1020)
  • Update spdx22 external doc ref extension by @​pragnya17 (#​1018)
  • Add AdditionalComponentDetectorArgs to RuntimeConfiguration by @​MichielOda (#​996)
  • Add SPDX 3.0 extensions to convert to internal SBOM components by @​pragnya17 (#​1012)
  • External Map generation bug by @​pragnya17 (#​1014)
  • Introduce new telemetry method to record signature validation results by @​ZhengHong-Tan (#​1002)
  • Write E2E tests for validation success and failure (SPDX 2.2 and 3.0) by @​pragnya17 (#​1005)
  • Refactor SPDX 3.0 extension methods by @​pragnya17 (#​1001)
  • Move spdx extensions to common utils and refactor SPDX 2.2 by @​pragnya17 (#​998)
  • Validate compliance standard for SPDX 3.0 by @​pragnya17 (#​992)
  • Fix SPDX 3.0 manifest missing files bug by @​pragnya17 (#​997)
  • Add DotNet Component Adapter by @​grvillic (#​994)
  • Don't run auto-comment workflow on PR's from forks by @​DaveTryon (#​1000)
  • build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] (#​990)
  • Delay E2E tests until other test projects have built by @​DaveTryon (#​985)
  • Remove suppression of IDE0040 by @​DaveTryon (#​984)
  • Address new warnings from .NET 9 by @​DaveTryon (#​982)
  • Fix problems running E2E tests locally by @​DaveTryon (#​957)
  • Refactor GenerationResult to restore the original behavior of writing JSON arrays for SPDX 2.2 by @​pragnya17 (#​975)
  • Throw validation error if customer attempts to redact SPDX 3.0 SBOM by @​pragnya17 (#​977)
  • build(deps): bump System.Threading.Tasks.Extensions from 4.6.0 to 4.6.1 by @dependabot[bot] (#​978)
  • build(deps): bump Microsoft.Testing.Extensions.TrxReport from 1.6.2 to 1.6.3 by @dependabot[bot] (#​980)
  • build(deps): bump actions/setup-dotnet from 4.3.0 to 4.3.1 by @dependabot[bot] (#​976)
  • Manifest info name should be case insensitive by @​pragnya17 (#​973)
  • Validate manifest info with attributes by @​pragnya17 (#​961)
  • build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot[bot] (#​966)
  • Parsing SPDX 3.0 packages and validating with NTIA by @​pragnya17 (#​963)
  • Generate singular SBOM based on manifestInfo parameter by @​pragnya17 (#​959)
  • build(deps): bump Microsoft.Testing.Extensions.TrxReport from 1.5.3 to 1.6.2 by @dependabot[bot] (#​937)
  • build(deps): bump Microsoft.NETFramework.ReferenceAssemblies, NuGet.Configuration and NuGet.Frameworks by @dependabot[bot] (#​960)
  • API BREAKING CHANGE: Remove back-compat interface shims by @​DaveTryon (#​952)
    ... (truncated)

Commits viewable in compare view.

Updated MSTest from 3.8.3 to 3.10.0.

Release notes

Sourced from MSTest's releases.

3.10.0

See the release notes here

3.9.3

What's Changed

See the MSTest changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog.md#​3.9.3
See the Microsoft.Testing.Platform changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog-Platform.md#​1.7.3

Full Changelog: microsoft/testfx@v3.9.2...v3.9.3

3.9.2

What's Changed

  • Fix MSTEST0042 (duplicate data row) false positive with Zero/NegativeZero by @​Youssef1313 in #​5684
  • Allow framework authors to use TestCase.FullyQualifiedName as the TestNodeUid by @​Youssef1313 in #​5658
  • Ensure TestMethodAttribute.Execute is run on the correct execution context by @​Youssef1313 in #​5688
  • Avoid loading System.Threading.Tasks.Extensions when not needed by @​Youssef1313 in #​5694
  • Fix UseAsync property in TestMethodAttribute derived classes to use type checks by @​Youssef1313 and @​Copilot in #​5708
  • Fix UnitTestRunner leaking some test class instances by @​Youssef1313 in #​5715

See the MSTest changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog.md#​3.9.2
See the Microsoft.Testing.Platform changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog-Platform.md#​1.7.2

Full Changelog: microsoft/testfx@v3.9.1...v3.9.2

3.9.1

What's Changed

See the MSTest changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog.md#​3.9.1
See the Microsoft.Testing.Platform changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog-Platform.md#​1.7.1

Full Changelog: microsoft/testfx@v3.9.0...v3.9.1

3.9.0

In this release we focused a lot on providing fixes for MSTest and Microsoft.Testing.Platform. The most notable new features and fixes are:

MSTest

Microsoft.Testing.Platform

We've also improved the dotnet test experience in dotnet SDK, especially around Retry plugin experience, and started dogfooding the experience in our own repository. Please check out how to enable the new dotnet test experience for Microsoft.Testing.Platform in net10 by following this link, and help us dogfood it.

New Contributors

See the MSTest changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog.md#​3.9.0
See the Microsoft.Testing.Platform changelog here: https://github.com/microsoft/testfx/blob/main/docs/Changelog-Platform.md#​1.7.0

Full Changelog: microsoft/testfx@v3.8.3...v3.9.0

3.9.0-preview.25167.10

Commits viewable in compare view.

Updated System.CommandLine.Hosting from 0.4.0-alpha.22272.1 to 0.4.0-alpha.25306.1.

Release notes

Sourced from System.CommandLine.Hosting's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump Microsoft.Sbom.Extensions.DependencyInjection and 2 others
7f92b08 
Bumps Microsoft.Sbom.Extensions.DependencyInjection from 3.1.0 to 4.1.0
Bumps MSTest from 3.8.3 to 3.10.0
Bumps System.CommandLine.Hosting from 0.4.0-alpha.22272.1 to 0.4.0-alpha.25306.1

---
updated-dependencies:
- dependency-name: Microsoft.Sbom.Extensions.DependencyInjection
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: MSTest
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: System.CommandLine.Hosting
  dependency-version: 0.4.0-alpha.25306.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jul 30, 2025
@dependabot dependabot bot mentioned this pull request Jul 30, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 6, 2025

Superseded by #9.

@dependabot dependabot bot closed this Aug 6, 2025
@dependabot dependabot bot deleted the dependabot/nuget/CICD.Tools.Sbom/multi-6928fbcee9 branch August 6, 2025 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant