From ad9b9c066955d83eb05736152e0c42634c8d75b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:43:44 -0700 Subject: [PATCH 1/7] build(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#574) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...a5ac7e51b41094c92402da3b24376905380afc29) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/gen-docs.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6d7efb25..ce38ecfd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: MINVERBUILDMETADATA: build.${{github.run_number}} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d41b757b..0bdb7377 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Initialize CodeQL uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 diff --git a/.github/workflows/gen-docs.yml b/.github/workflows/gen-docs.yml index e2162198..87123b41 100644 --- a/.github/workflows/gen-docs.yml +++ b/.github/workflows/gen-docs.yml @@ -16,7 +16,7 @@ jobs: gen-docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup .NET uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 From 5db6afd3bb01963084cd2fdcc059360294bcdc29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 14:48:27 -0700 Subject: [PATCH 2/7] build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 (#591) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/379614612a29c9e28f31f39a59013eb8012a51f0...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0bdb7377..74276c3d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,12 +26,12 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Initialize CodeQL - uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: languages: csharp - name: Autobuild - uses: github/codeql-action/autobuild@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 From 97f5488dd171c7dc46061fbd232016a1ff8a4268 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 09:54:48 -0700 Subject: [PATCH 3/7] build(deps): bump github/codeql-action from 3.25.8 to 3.25.11 (#602) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2e230e8fe0ad3a14a340ad0815ddb96d599d2aff...b611370bb5703a7efb587f9d136a52ea24c5c38c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 74276c3d..02f85f58 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,12 +26,12 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: languages: csharp - name: Autobuild - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 From ce97f28e3d3874bee6b3eb2bd2fbfbc60b53de6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 11:10:44 -0700 Subject: [PATCH 4/7] build(deps): bump codecov/codecov-action from 4.0.1 to 4.5.0 (#597) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e0b68c6749509c5f83f984dd99a76a1c1a231044...e28ff129e5465c2c0dcc6f003fc735cb6ae0c673) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ce38ecfd..381fc9da 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,6 +43,6 @@ jobs: run: dotnet test --collect:"XPlat Code Coverage" - name: Upload code coverage - uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} From 9556747f0480904af7c03bc00f9b1103b5701e52 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 14:10:32 -0700 Subject: [PATCH 5/7] build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#594) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/gen-docs.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 381fc9da..bd34b31d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: MINVERBUILDMETADATA: build.${{github.run_number}} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 02f85f58..2df249c3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/.github/workflows/gen-docs.yml b/.github/workflows/gen-docs.yml index 87123b41..606dc96c 100644 --- a/.github/workflows/gen-docs.yml +++ b/.github/workflows/gen-docs.yml @@ -16,7 +16,7 @@ jobs: gen-docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup .NET uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 From 494fa7543fd2afcc34978087abebbd04142de1f0 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 2 Jul 2024 09:27:55 -0700 Subject: [PATCH 6/7] chore: Remove SA1124 override (#604) --- .editorconfig | 4 ---- .../Manifest/Configuration/SBOMConfig.cs | 4 ---- .../Configuration/SbomConfigProvider.cs | 8 -------- src/Microsoft.Sbom.Api/Utils/Constants.cs | 4 ---- src/Microsoft.Sbom.Api/Utils/Events.cs | 2 -- src/Microsoft.Sbom.Extensions/MetadataKey.cs | 4 ---- .../Constants.cs | 7 ------- .../Entities/Enums/ExternalRepositoryType.cs | 18 ------------------ 8 files changed, 51 deletions(-) diff --git a/.editorconfig b/.editorconfig index f1b2ec00..41e3fe09 100644 --- a/.editorconfig +++ b/.editorconfig @@ -521,10 +521,6 @@ dotnet_diagnostic.SA1024.severity = suggestion # SA1101: Prefix local calls with this dotnet_diagnostic.SA1101.severity = suggestion -# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1124.md -# SA1124: Do not use regions -dotnet_diagnostic.SA1124.severity = suggestion - # https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1200.md # SA1200: Using directive should appear within a namespace declaration dotnet_diagnostic.SA1200.severity = suggestion diff --git a/src/Microsoft.Sbom.Api/Manifest/Configuration/SBOMConfig.cs b/src/Microsoft.Sbom.Api/Manifest/Configuration/SBOMConfig.cs index da293ecc..aee31d73 100644 --- a/src/Microsoft.Sbom.Api/Manifest/Configuration/SBOMConfig.cs +++ b/src/Microsoft.Sbom.Api/Manifest/Configuration/SBOMConfig.cs @@ -87,8 +87,6 @@ public void StartJsonSerialization() JsonSerializer = new ManifestToolJsonSerializer(fileStream); } - #region Disposable implementation - public void Dispose() { Dispose(disposing: true); @@ -138,6 +136,4 @@ protected virtual async ValueTask DisposeAsyncCore() fileStream = null; JsonSerializer = null; } - - #endregion } diff --git a/src/Microsoft.Sbom.Api/Manifest/Configuration/SbomConfigProvider.cs b/src/Microsoft.Sbom.Api/Manifest/Configuration/SbomConfigProvider.cs index ea6d370a..0d5ebb03 100644 --- a/src/Microsoft.Sbom.Api/Manifest/Configuration/SbomConfigProvider.cs +++ b/src/Microsoft.Sbom.Api/Manifest/Configuration/SbomConfigProvider.cs @@ -136,8 +136,6 @@ public void ApplyToEachConfig(Action action) } } - #region IInternalMetadataProvider implementation - public object GetMetadata(MetadataKey key) { if (MetadataDictionary.TryGetValue(key, out var value)) @@ -207,10 +205,6 @@ public string GetSBOMNamespaceUri() throw new Exception($"Unable to find any provider to generate the namespace."); } - #endregion - - #region Disposable implementation - public void Dispose() { Dispose(disposing: true); @@ -240,6 +234,4 @@ protected virtual async ValueTask DisposeAsyncCore() await config.Value.DisposeAsync().ConfigureAwait(false); } } - - #endregion } diff --git a/src/Microsoft.Sbom.Api/Utils/Constants.cs b/src/Microsoft.Sbom.Api/Utils/Constants.cs index 3a8d4c3a..5771039f 100644 --- a/src/Microsoft.Sbom.Api/Utils/Constants.cs +++ b/src/Microsoft.Sbom.Api/Utils/Constants.cs @@ -46,9 +46,5 @@ public static class Constants public const string CatalogFileName = "manifest.cat"; public const string BsiFileName = "bsi.json"; - #region Configuration switches - public const string DeleteManifestDirBoolVariableName = "DeleteManifestDirIfPresent"; - - #endregion } diff --git a/src/Microsoft.Sbom.Api/Utils/Events.cs b/src/Microsoft.Sbom.Api/Utils/Events.cs index 84d370d3..80f14cc3 100644 --- a/src/Microsoft.Sbom.Api/Utils/Events.cs +++ b/src/Microsoft.Sbom.Api/Utils/Events.cs @@ -5,7 +5,6 @@ namespace Microsoft.Sbom.Api.Utils; internal static class Events { - #region Generation internal const string SBOMGenerationWorkflow = "Total generation time"; internal const string SBOMParseMetadata = "Total metadata parsing time"; internal const string FilesGeneration = "Files generation time"; @@ -14,6 +13,5 @@ internal static class Events internal const string MetadataBuilder = "Metadata build time for {0} format"; internal const string ExternalDocumentReferenceGeneration = "External document reference generation time"; - #endregion internal const string SBOMValidationWorkflow = "Total validation time"; } diff --git a/src/Microsoft.Sbom.Extensions/MetadataKey.cs b/src/Microsoft.Sbom.Extensions/MetadataKey.cs index 3d139a79..0ebee803 100644 --- a/src/Microsoft.Sbom.Extensions/MetadataKey.cs +++ b/src/Microsoft.Sbom.Extensions/MetadataKey.cs @@ -50,8 +50,6 @@ public enum MetadataKey /// these variables, go to /// https://docs.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#build-variables-devops-services /// - #region Azure DevOps Pipelines metadata - Build_BuildId, Build_DefinitionName, Build_Repository_Uri, @@ -62,6 +60,4 @@ public enum MetadataKey ImageVersion, OrganizationId, ProjectId - - #endregion } diff --git a/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Constants.cs b/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Constants.cs index e591fe00..ec7f877e 100644 --- a/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Constants.cs +++ b/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Constants.cs @@ -14,7 +14,6 @@ internal static class Constants internal const string SPDXDocumentIdValue = "SPDXRef-DOCUMENT"; internal const string RootPackageIdValue = "SPDXRef-RootPackage"; internal const string SPDXRefFile = "SPDXRef-File"; - #region Headers internal const string SPDXVersionHeaderName = "spdxVersion"; internal const string DataLicenseHeaderName = "dataLicense"; @@ -29,17 +28,11 @@ internal static class Constants internal const string RelationshipsArrayHeaderName = "relationships"; internal const string ExternalDocumentRefArrayHeaderName = "externalDocumentRefs"; - #endregion - internal const int ReadBufferSize = 4096; - #region Value format strings - internal const string SPDXDocumentNameFormatString = "{0} {1}"; internal const string PackageSupplierFormatString = "Organization: {0}"; - #endregion - /// /// Use if there is no available information for a field. /// diff --git a/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Entities/Enums/ExternalRepositoryType.cs b/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Entities/Enums/ExternalRepositoryType.cs index 4841a1e8..5b3b60cc 100644 --- a/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Entities/Enums/ExternalRepositoryType.cs +++ b/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Entities/Enums/ExternalRepositoryType.cs @@ -17,31 +17,13 @@ namespace Microsoft.Sbom.Parsers.Spdx22SbomParser.Entities.Enums; Justification = "These are enum types that are case sensitive and defined by external code.")] public enum ExternalRepositoryType { - #region Security cpe22, cpe23, - - #endregion - - #region Persistent-Id - swh, - - #endregion - - #region Package-Manager - maven_central, npm, nuget, bower, purl, - - #endregion - - #region Other - idstring - - #endregion } From cdc046a2d963b056c5ea7f339107f7f1c0cc63a3 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:53:43 -0700 Subject: [PATCH 7/7] chore: Fix JSON002 error (#603) --- .../Config/ConfigurationBuilderTestsBase.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/Microsoft.Sbom.Api.Tests/Config/ConfigurationBuilderTestsBase.cs b/test/Microsoft.Sbom.Api.Tests/Config/ConfigurationBuilderTestsBase.cs index 73c48d5c..13640dad 100644 --- a/test/Microsoft.Sbom.Api.Tests/Config/ConfigurationBuilderTestsBase.cs +++ b/test/Microsoft.Sbom.Api.Tests/Config/ConfigurationBuilderTestsBase.cs @@ -62,6 +62,6 @@ object Ctor(Type type) mapper = mapperConfiguration.CreateMapper(); } - protected const string JSONConfigWithManifestPath = "{ \"ManifestDirPath\": \"manifestDirPath\"}"; - protected const string JSONConfigGoodWithManifestInfo = "{ \"ManifestInfo\": [{ \"Name\":\"manifest\", \"Version\":\"1\"}]}"; + protected const string JSONConfigWithManifestPath = $"{{ \"ManifestDirPath\": \"manifestDirPath\"}}"; + protected const string JSONConfigGoodWithManifestInfo = $"{{ \"ManifestInfo\": [{{ \"Name\":\"manifest\", \"Version\":\"1\"}}]}}"; }