Bump Microsoft.ComponentDetection.Contracts from 5.2.19 to 5.2.27 by dependabot[bot] · Pull Request #1204 · microsoft/sbom-tool (original) (raw)

Updated Microsoft.ComponentDetection.Contracts from 5.2.19 to 5.2.27.

Release notes

Sourced from Microsoft.ComponentDetection.Contracts's releases.

5.2.27

⚙️ Changes

• Reintroduce CargoSBOM detector experiments by @​grvillic (#​1463)
• Update framework package data by @​ericstj (#​1454)
• Update smoke test workflow to install all requirements manually on new vanilla ubuntu image by @​grvillic (#​1452)
• Remove superfluous verification test file flagging CodeQL tooling by @​grvillic (#​1450)
• Removed RustCLI experiments by @​jcfiorenzano (#​1449)
• Update .NET SDK minimum version and install procedure for smoke tests by @​gpcastro (#​1445)
• Supress CodeQL Warning in SPDX parsing by @​gpcastro (#​1444)
• Updating the md for vcpkg to reflect some recent updates by @​jdotson166 (#​1442)
• Fix NullReferenceException in NpmLockfileDetectorBase when dependencies object is missing by @​copilot-swe-agent (#​1437)

5.2.26

⚙️ Changes

• Promote RustSbom to IExperimentalDetector by @​nathanhammond (#​1440)
• add uv.lock support by @​cataggar (#​1425)
• Updates to the VCPKG detector to use manifest-info.json for resolving vcpkg.json location. by @​jdotson166 (#​1436)

5.2.25

⚙️ Changes

• User/aamaini/go sort requests by @​AMaini503 (#​1432)
• Improve docs on default, fallback strategy by @​AMaini503 (#​1430)

5.2.24

⚙️ Changes

• Fix Go detector Unit Tests by @​AMaini503 (#​1429)
• Replace existing Go detector with Go117 detector by @​AMaini503 (#​1426)

5.2.23

⚙️ Changes

• Remove test trace by @​AMaini503 (#​1422)

5.2.22

⚙️ Changes

• Ignore local package references when parsing go.mod at Go117 by @​AMaini503 (#​1421)

🧰 Maintenance

• Bump actions/upload-artifact from 4.4.3 to 4.6.2 by @​dependabot (#​1395)
• Bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot (#​1415)
• Bump codecov/codecov-action from 4.6.0 to 5.4.3 by @​dependabot (#​1406)
• Bump github/codeql-action from 3.28.8 to 3.28.18 by @​dependabot (#​1407)

5.2.21

⚙️ Changes

• Go117 experimental detector changes by @​AMaini503 (#​1409)

5.2.20

⚙️ Changes

• Initial implementation of cargo-sbom detector by @​arlosi (#​1387)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)