Releases: microsoft/sbom-tool
Releases · microsoft/sbom-tool
v3.1.0
⚙️ Changes
- Add interface pin, split IConfiguration to be non-breaking by @DaveTryon (#919)
- Update metadata contract to be backcompatible with SPDX 2.2 parser by @pragnya17 (#918)
- Remove unnecessary parser errors which disallow syft SBOMs by @sfoslund (#917)
- Disable CodeQL until they fix the osx-arm64 problem by @DaveTryon (#916)
- build(deps): bump github/codeql-action from 3.28.3 to 3.28.8 by @dependabot[bot] (#914)
- Specify correct image for running on osx-arm64 by @DaveTryon (#913)
- Update MSTest to metapackage and MTP by @Youssef1313 (#881)
- build(deps): bump actions/setup-dotnet from 4.2.0 to 4.3.0 by @dependabot[bot] (#911)
- Target E2E tests with net472 only on Windows by @DaveTryon (#910)
- Bump GitHub Actions versions in sample code by @rufer7 (#908)
- build(deps): bump MSTest.TestAdapter from 3.7.2 to 3.7.3 by @dependabot[bot] (#905)
- build(deps): bump MSTest.TestFramework from 3.7.2 to 3.7.3 by @dependabot[bot] (#906)
- Enable MSTest analyzers by @Youssef1313 (#898)
- Address a targeted set of analyzer warnings by @DaveTryon (#901)
- Revert extra dependency that we added in #758 by @DaveTryon (#902)
- Update CLI arg help text by @sfoslund (#899)
- Bump component-detection from 5.1.6 to 5.2.1 by @DaveTryon (#894)
- Remove FluentAssertions from tests by @DaveTryon (#896)
- build(deps): bump release-drafter/release-drafter from 6.0.0 to 6.1.0 by @dependabot[bot] (#883)
- build(deps): bump Scrutor from 5.1.0 to 6.0.1 by @dependabot[bot] (#872)
- build(deps): bump github/codeql-action from 3.28.0 to 3.28.3 by @dependabot[bot] (#892)
- build(deps): bump coverlet.collector from 6.0.3 to 6.0.4 by @dependabot[bot] (#882)
- build(deps): bump stefanzweifel/git-auto-commit-action from 5.0.1 to 5.1.0 by @dependabot[bot] (#861)
- build(deps): bump System.Threading.Channels from 9.0.0 to 9.0.1 by @dependabot[bot] (#871)
- Bump MSTest.Test* from 3.7.0 to 3.7.2 by @DaveTryon (#891)
- Add a workflow to comment on API changes by @DaveTryon (#885)
- Switch DataTestMethod to DataTestMethod (part 2) by @DaveTryon (#880)
- Switch DataTestMethod to TestMethod by @Youssef1313 (#849)
- Add skipBuildTagsForGitHubPullRequests setting to PR pipeline by @sfoslund (#879)
- Reenable SBOM targets e2e test by @sfoslund (#876)
- Remove GH action PR build by @sfoslund (#875)
- Add ADO PR build by @sfoslund (#874)
- Spdx 3.0 Parser for SBOM files by @pragnya17 (#860)
- Revert bump to Microsoft.Extensions.DependencyModel (Revert part of #847) by @DaveTryon (#851)
- Pin ubuntu runner to 22.04 by @DaveTryon (#856)
- build(deps): bump Microsoft.Extensions.DependencyModel from 8.0.2 to 9.0.0 by @dependabot[bot] (#847)
- Decouple test packages from release bits by @DaveTryon (#850)
- build(deps): bump coverlet.collector from 6.0.2 to 6.0.3 by @dependabot[bot] (#846)
- Revert "build(deps): bump Microsoft.Extensions.DependencyModel" by @DaveTryon (#845)
- build(deps): bump FluentAssertions from 6.12.2 to 7.0.0 by @dependabot[bot] (#818)
- build(deps): bump Microsoft.Extensions.DependencyModel from 8.0.2 to 9.0.0 by @dependabot[bot] (#784)
- build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot[bot] (#840)
- build(deps): bump Scrutor from 5.0.2 to 5.1.0 by @dependabot[bot] (#842)
- build(deps): bump actions/setup-dotnet from 4.1.0 to 4.2.0 by @dependabot[bot] (#843)
- build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot[bot] (#832)
- build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.2 by @dependabot[bot] (#838)
- Defining and generating spdx 3.0 json elements by @pragnya17 (#830)
- Add running unit tests to CI pipeline by @sfoslund (#835)
- Made the Timeout in LicenseInformationService configurable via CLI argument (#584) by @kidcline1 (#773)
- build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot[bot] (#825)
- build(deps): bump NuGet.Configuration from 6.11.1 to 6.12.1 by @dependabot[bot] (#817)
- build(deps): bump MSTest.TestAdapter from 3.6.3 to 3.6.4 by @dependabot[bot] (#823)
- build(deps): bump MSTest.TestFramework from 3.6.3 to 3.6.4 by @dependabot[bot] (#824)
- Use the fully qualified name for the Zip and Unzip tasks by @bstadick (#803)
- Add missing linefeed from API sample by @DaveTryon (#819)
- build(deps): bump System.Threading.Channels from 6.0.0 to 8.0.0 by @dependabot[bot] (#635)
- build(deps): bump codecov/codecov-action from 5.0.2 to 5.0.7 by @dependabot[bot] (#810)
- build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot[bot] (#809)
- build(deps): bump Scrutor from 5.0.1 to 5.0.2 by @dependabot[bot] (#779)
- build(deps): bump NuGet.Frameworks from 6.11.1 to 6.12.1 by @dependabot[bot] (#785)
- build(deps): bump Microsoft.VisualStudio.Threading.Analyzers from 17.11.20 to 17.12.19 by @dependabot[bot] (#790)
- Unbreak build pipeline after most recent drop of Analyzers by @DaveTryon (#813)
- build(deps): bump Microsoft.NET.Test.Sdk and Newtonsoft.Json by @dependabot[bot] (#808)
- build(deps): bump System.Threading.Tasks.Extensions from 4.5.4 to 4.6.0 by @dependabot[bot] (#792)
- build(deps): bump MSTest.TestFramework from 3.6.2 to 3.6.3 by @dependabot[bot] (#793)
- build(deps): bump FluentAssertions from 6.12.1 to 6.12.2 by @dependabot[bot] (#781)
- build(deps): bump MSTest.TestAdapter from 3.6.2 to 3.6.3 by @dependabot[bot] (#794)
- Bump System.Net.Http version by @sfoslund (#806)
- build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @dependabot[bot] (#799)
- build(deps): bump Microsoft.IO.Redist from 6.0.1 to 6.1.0 by @dependabot[bot] (#787)
- build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 by @dependabot[bot] (#805)
- Address CG issue in Microsoft.IO.Redist by @DaveTryon (#757)
- build(deps): bump Serilog.Sinks.Async from 2.0.0 to 2.1.0 by @dependabot[bot] (#777)
- Scrub dotnet 6 references by @DaveTryon (#775)
- Expand osx coverage in PR builds by @DaveTryon (#774)
- build(deps): bump MSTest.TestFramework from 3.6.1 to 3.6.2 by @dependabot[bot] (#772)
- build(deps): bump MSTest.TestAdapter from 3.6.1 to 3.6.2 by @dependabot[bot] (#771)
- build(deps): bump Microsoft.Build from 17.10.4 to 17.11.4 by @dependabot[bot] (#764)
- typo: ThrowArguement -> ThrowArgument; fix SPDX URL anchor by @bact (#769)
- Add language tag to code blocks and correct indented code block by @bact (#770)
- Update EsrpCodeSigning task to version 5 by @jlperkins (#761)
- Update SPDX spec links to current by @bact (#765)
- Fix several typos in Markdown files and in a comment by @bact (#766)
- build(deps): bump System.Reactive from 5.0.0 to 6.0.1 by @dependabot[bot] (#588)
- build(deps): bump dotnet/runtime-deps from 6.0.8-bullseye-slim-amd64 to 7.0.20-bullseye-slim-amd64 by @dependabot[bot] (#589)
- build(deps): bump actions/setup-dotnet from 4.0.1 to 4.1.0 by @dependabot[bot] (#763)
- build(deps): bump System.Threading.Tasks.Dataflow from 4.11.1 to 8.0.1 by @dependabot[bot] (#611)
- build(deps): bump Serilog.Extensions.Hosting from 7.0.0 to 8.0.0 by @dependabot[bot] (#657)
- build(deps): bump Scrutor from 4.2.2 to 5.0.1 by @dependabot[bot] (#727)
- build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot[bot] (#760)
- build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot[bot] (#759)
- Bump Microsoft.Extensions.Caching.Memory for CVE by @DaveTryon (#758)
Contributors
bact, bstadick, and 7 other contributors
Assets 9
v3.0.1
⚙️ Changes
- Add support for osx-arm64 by @DaveTryon (#756)
Contributors
DaveTryon
Assets 10
v3.0.0
⚙️ Changes
- BREAKING CHANGE : Update to .NET 8 versions of Component Detection by @DaveTryon (#755)
- BREAKING CHANGE : Include dependency tree data about nuget and maven packages by @jalkire (#746)
- Add dependency graph support to remaining ecosystems by @jalkire (#754)
- Fix typos and Markdown lint warnings by @bact (#740)
- build(deps): bump github/codeql-action from 3.26.8 to 3.26.13 by @dependabot (#753)
- build(deps): bump MSTest.TestFramework from 3.6.0 to 3.6.1 by @dependabot (#735)
- build(deps): bump MSTest.TestAdapter from 3.6.0 to 3.6.1 by @dependabot (#736)
- build(deps): bump Microsoft.Extensions.Http from 8.0.0 to 8.0.1 by @dependabot (#752)
- build(deps): bump Microsoft.Extensions.Hosting, Microsoft.Extensions.DependencyInjection.Abstractions, Microsoft.Extensions.DependencyInjection and Microsoft.Extensions.Logging.Abstractions by @dependabot (#749)
- Bump Microsoft.IO.Redist version by @sfoslund (#751)
- build(deps): bump NuGet.Configuration from 6.11.0 to 6.11.1 by @dependabot (#742)
- build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot (#741)
- Use tool-driven indents for *.props by @DaveTryon (#750)
- Address CVE-2024-43485 by updating System.Text.Json by @DaveTryon (#748)
- build(deps): bump Microsoft.Extensions.DependencyModel and System.Text.Json by @dependabot (#744)
- Deprecate .NET 6 support by @DaveTryon (#739)
- build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot (#724)
- build(deps): bump MinVer from 5.0.0 to 6.0.0 by @dependabot (#695)
- build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @dependabot (#732)
- Make targets package a dev dependency and fix package supplier trimming by @sfoslund (#726)
- Include SBOM tool in targets nuget package by @sfoslund (#722)
- build(deps): bump Serilog.Sinks.Console and System.Threading.Channels by @dependabot (#648)
- build(deps): bump Serilog.Sinks.File and System.Threading.Channels by @dependabot (#632)
- build(deps): bump Serilog.Sinks.Async and System.Threading.Channels by @dependabot (#647)
- build(deps): bump Serilog.Sinks.Map and System.Threading.Channels by @dependabot (#631)
- build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot (#720)
Contributors
bact, jalkire, and 3 other contributors
Assets 8
v2.2.9
⚙️ Changes
- Add support for Conan package to spdx file again by @tarun06 (#549)
- build(deps): bump MSTest.TestAdapter from 3.5.2 to 3.6.0 by @dependabot (#701)
- build(deps): bump Microsoft.Build.Utilities.Core and Microsoft.Build.Framework by @dependabot (#699)
- build(deps): bump FluentAssertions from 6.12.0 to 6.12.1 by @dependabot (#698)
- build(deps): bump Moq from 4.20.70 to 4.20.72 by @dependabot (#697)
- build(deps): bump Microsoft.NET.Test.Sdk from 17.11.0 to 17.11.1 by @dependabot (#696)
- build(deps): bump MSTest.TestFramework from 3.5.2 to 3.6.0 by @dependabot (#702)
- Include multiple DirectoryExclusionList example in sbom-tool-cli-reference.md documentation by @ChristophHornung (#705)
- build(deps): bump github/codeql-action from 3.26.5 to 3.26.7 by @dependabot (#706)
- Use ComponentDetection 4.9.6 by @DaveTryon (#700)
Contributors
tarun06, ChristophHornung, and 2 other contributors
Assets 8
v2.2.8
⚙️ Changes
- Add a SBOM Generation Task by @gustavoaca1997 (#674)
- build(deps): bump NuGet.Configuration from 6.10.1 to 6.11.0 by @dependabot (#691)
- build(deps): bump NuGet.Frameworks from 6.10.1 to 6.11.0 by @dependabot (#668)
- build(deps): bump Microsoft.VisualStudio.Threading.Analyzers from 17.10.48 to 17.11.20 by @dependabot (#667)
- build(deps): bump MSTest.TestAdapter from 3.5.1 to 3.5.2 by @dependabot (#665)
- build(deps): bump MSTest.TestFramework from 3.5.1 to 3.5.2 by @dependabot (#669)
- build(deps): bump Microsoft.NET.Test.Sdk from 17.10.0 to 17.11.0 by @dependabot (#680)
- build(deps): bump github/codeql-action from 3.26.0 to 3.26.5 by @dependabot (#689)
- Fix CodeQL language config by @sfoslund (#690)
- build(deps): bump Scrutor from 4.2.0 to 4.2.2 by @dependabot (#646)
- build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions by @dependabot (#650)
- build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection by @dependabot (#649)
- build(deps): bump MinVer from 4.3.0 to 5.0.0 by @dependabot (#634)
- build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 by @dependabot (#645)
- build(deps): bump StyleCop.Analyzers from 1.2.0-beta.507 to 1.2.0-beta.556 by @dependabot (#636)
- build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 by @dependabot (#641)
- build(deps): bump Moq from 4.17.2 to 4.20.70 by @dependabot (#640)
- build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 by @dependabot (#652)
- build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 by @dependabot (#653)
- build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot (#654)
- build(deps): bump Microsoft.VisualStudio.Threading.Analyzers from 17.7.30 to 17.10.48 by @dependabot (#638)
- build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 by @dependabot (#642)
- build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 by @dependabot (#625)
- build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 by @dependabot (#637)
- build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 by @dependabot (#644)
- build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 by @dependabot (#630)
- build(deps): bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 by @dependabot (#552)
- Raise dependabot PR limit by @DaveTryon (#629)
Contributors
sfoslund, dependabot, and 2 other contributors
Assets 8
v2.2.7
⚙️ Changes
- Bump Component Detection version by @JoseRenan (#624)
- Make the process exit with the correct exit code. by @gustavoaca1997 (#617)
- build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot (#614)
- build(deps): bump actions/setup-dotnet from 4.0.0 to 4.0.1 by @dependabot (#610)
- Bump System.Text.Json to 8.0.4. by @gustavoaca1997 (#618)
- Add simple integration tests by @DaveTryon (#606)
- chore: Fix JSON002 error by @DaveTryon (#603)
- chore: Remove SA1124 override by @DaveTryon (#604)
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot (#594)
- build(deps): bump codecov/codecov-action from 4.0.1 to 4.5.0 by @dependabot (#597)
- build(deps): bump github/codeql-action from 3.25.8 to 3.25.11 by @dependabot (#602)
- build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 by @dependabot (#591)
- build(deps): bump actions/checkout from 4.1.1 to 4.1.6 by @dependabot (#574)
Contributors
JoseRenan, dependabot, and 2 other contributors
Assets 8
v2.2.6
⚙️ Changes
- Add redact documentation by @sfoslund (#582)
- Add redaction workflow logic by @sfoslund (#581)
- Add Validate Format functionality by @alisonlomaka (#580)
- Add validate-format verb with placeholder for future validation by @alisonlomaka (#577)
- Tweaks to some analyzer rules by @alisonlomaka (#576)
- Add redact verb to CLI by @sfoslund (#575)
- Loosen constraints on SBOM/SPDX validation by @alisonlomaka (#572)
- Remove an unneeded comment (formatted as a heading) in documentation by @Jeanot-Zubler (#533)
- Clarify validate -o argument description by @alisonlomaka (#567)
- Explicitly install .NET 6.0 and 8.0 in CI by @sfoslund (#568)
Contributors
sfoslund, Jeanot-Zubler, and alisonlomaka
Assets 8
v2.2.5
⚙️ Changes
- Fix main build failures by @pownkel (#557)
- fix: Output correct case-sensitive message by @DaveTryon (#556)
- fix: Remap errors to warnings if logged inside ComponentDetection by @DaveTryon (#554)
- fix: Improve logging on a corrupted manifest file by @DaveTryon (#551)
- fix: Improve case-sensitive handling by @DaveTryon (#550)
- fix: Add logging to Windows permissions checks by @DaveTryon (#548)
- chore: Output failure telemetry if signing validation fails by @DaveTryon (#547)
- removed the arm warning for Macs from the readme by @filipw (#546)
- fix: Return failing error code on invalid parameter by @DaveTryon (#544)
- fix: Improve error if a file is passed as directory parameter by @DaveTryon (#543)
- fix: Don't throw a warning if an output folder is specified by @DaveTryon (#542)
- fix: Improve visibility of logging from inside exception handlers by @DaveTryon (#540)
- Convert SBOM Tool Main Build to 1ESPT by @sfoslund (#535)
Contributors
filipw, sfoslund, and 2 other contributors
Assets 8
v2.2.4
⚙️ Changes
- Update component detection from 4.2.0 to 4.2.2 by @pownkel (#524)
- Update Component Detection version from 4.0.11 to 4.2.0 by @pownkel (#519)
- Fix style errors in build by @pownkel (#521)
- build(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 by @dependabot (#491)
- build(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 by @dependabot (#493)
- build(deps): bump github/codeql-action from 3.23.2 to 3.24.3 by @dependabot (#503)
- Add link to component detection arguments by @pownkel (#499)
- Revise docs to clarify IHostedService impl is optional by @jlperkins (#486)
- build(deps): bump actions/setup-dotnet from 3.2.0 to 4.0.0 by @dependabot (#456)
- build(deps): bump actions/github-script from 6.4.1 to 7.0.1 by @dependabot (#451)
- build(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 by @dependabot (#485)
- build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot (#487)
- Add linux component license/author info in SBOM by @sebasgomez238 (#476)
Contributors
dependabot, jlperkins, and 2 other contributors
Assets 8
v2.2.3
⚙️ Changes
- build(deps): bump github/codeql-action from 2.22.5 to 3.23.1 by @dependabot (#484)
- Updates to documentation by @sebasgomez238 (#482)
- Fix IsSuccess return value in SBOMValidator by @micyunmsft (#472)
Contributors
dependabot, sebasgomez238, and micyunmsft