Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Sarif.Sdk from 2.4.16 to 4.3.4 #242

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 6, 2023

Bumps Sarif.Sdk from 2.4.16 to 4.3.4.

Release notes

Sourced from Sarif.Sdk's releases.

v4.2.1

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

v4.2.1 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Resolve NotSupportedException thrown (on .NET 4.8 and earlier) on accessing DeflateStream.Length from MultithreadedZipArchiveArtifactProvider.SizeInBytes property.

v4.0.0

v4.0.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BRK: SarifLogger no longer allows providing a Tool instance. Use the run parameter instead (and populate it with any custom Tool object). #2614
  • BRK: SarifLogger updates version details differently. #2611
  • BRK: Add ToolComponent argument to IAnalysisLogger.Log(ReportingDescriptor, Result) method. #2611
  • BRK: Rename --normalize-for-github argument to --normalize-for-ghas for convert command and mark --normalize-for-github as obsolete. #2581
  • BRK: Update IAnalysisContext.LogToolNotification method to add ReportingDescriptor parameter. This is required in order to populated AssociatedRule data in Notification instances. The new method has an option value of null for the associatedRule parameter to maximize build compatibility. #2604
  • BRK: Correct casing of LogMissingreportingConfiguration helper to LogMissingReportingConfiguration. #2599
  • BRK: Change type of MaxFileSizeInKilobytes from int to long in IAnalysisContext and other classes. #2599
  • BRK: For Guid properties defined in SARIF spec, updated Json schema to use uuid, and updated C# object model to use Guid? instead of string. #2555
  • BRK: Mark AnalyzeCommandBase as obsolete. This type will be removed in the next significant update. #2599
  • BRK: LogUnhandledEngineException no longer has a return value (and updates the RuntimeErrors context property directly as other helpers do). #2599
  • BUG: Populate missing context region data for small, single-line scan targets. #2616
  • BUG: Increase parallelism in MultithreadedAnalyzeCommandBase by correcting task creation. []#2618](microsoft/sarif-sdk#2618)
  • BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. #2599
  • BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. #2600
  • BUG: Another attempt to resolve 'InvalidOperationException' with message Collection was modified; enumeration operation may not execute in MultithreadedAnalyzeCommandBase, raised when analyzing with the --hashes switch. #2459. There was a previous attempt to fix this in #2447.
  • BUG: Resolve issue where match-results-forward command fails to generate VersionControlDetails data. #2487
  • BUG: Remove duplicated rule definitions when executing match-results-forward commands for results with sub-rule ids. #2486
  • BUG: Update merge command to properly produce runs by tool and version when passed the --merge-runs argument. #2488
  • BUG: Eliminate IOException and DirectoryNotFoundException exceptions thrown by merge command when splitting by rule (due to invalid file characters in rule ids). #2513
  • BUG: Fix classes inside NotYetAutoGenerated folder missing virtual keyword for public methods and properties, by regenerate and manually sync the changes. #2537
  • BUG: MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. #2579
  • BUG: Eliminate NullReferenceException when file hashing fails (due to file locked or other errors reading the file). #2596
  • NEW: Provide PluginDriver property (AdditionalOptionsProvider) that allows additional options to be exported (typically for command-line arguments). #2599
  • NEW: Provide LogFileSkippedDueToSize that fires a warning notification if any file is skipped due to exceeding size threshold. #2599
  • NEW: Provide overridable ShouldEnqueue predicate method to filter files from driver processing. #2599
  • NEW: Provide overridable ShouldComputeHashes predicate method to prevent files from hashing. #2601
  • NEW: Allow external set of MaxFileSizeInKilobytes, which will allow SDK users to change the value. (Default value is 1024) #2578
  • NEW: Add a Github validation rule GH1007, which requires flattened result message so GHAS code scanning can ingest the log. #2580
  • NEW: Provide mechanism to populate SarifLogger with a FileRegionsCache instance.
  • NEW: Allow initialization of file regions cache in InsertOptionalDataVisitor (previously initialized exclusively from FileRegionsCache.Instance).
  • NEW: Provide 'RuleScanTimetrace and emitted timing data. ProvideScanExecution` trace with no utilization.
  • NEW: Populate associated rule data in LogToolNotification as called from SarifLogger. #2604
  • NEW: Add --normalize-for-ghas argument to the rewrite command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. #2581
  • NEW: Allow per-line rolling (partial) hash computation for a file. #2605
  • NEW: SarifLogger now supports extensions rules data when logging (by providing a ToolComponent instance to the result logging method). #2661
  • NEW: SarifLogger provides a ComputeHashData callback to provide hash data for in-memory scan targets. #2614
  • NEW: Provide HashUtilities.ComputeHashes(Stream) and `ComputeHashesForText(string) helpers. #2614

v3.1.0

v3.1.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUGFIX: Loosen System.Collections.Immutable minimum version requirement to 1.5.0. #2504

... (truncated)

Changelog

Sourced from Sarif.Sdk's changelog.

v4.3.4 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Disable certain console outputs (such as reporting of threads count) when AnalyzeContextBase.Quiet is set.

v4.3.3 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Update dump-events command to be resilient in cases where the thread id changes between artifact enumeration start/stop event pairs.
  • BUG: Resolve trace parsing InvalidOperationException by updating dump-events command to process PartitionInfoExtension session event as we do PartitionInfoExtensionV2.

v4.3.2 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Correct multitool query OR logic #2709

v4.3.1 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Improve HdfConverter to ensure uri data is populated and to provide location and region data property from SourceLocation. #2704
  • BUG: Correct run.language regex in JSON schema. [#2708]microsoft/sarif-sdk#2708
  • BUG: Improve HdfConverter to set precision and tags as recommended by GitHub. #2712

v4.3.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Resolve NullReferenceException retrieving MultithreadedZipArchiveArtifactProvider.SizeInBytes after content have been faulted in.
  • BUG: Improve HDF->SARIF conversion to properly map various properties (e.g., kind, level, rank) and generally prepare the converted SARIF for ingestion to GitHub Advanced Security.

v4.2.1 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Resolve NotSupportedException thrown (on .NET 4.8 and earlier) on accessing DeflateStream.Length from MultithreadedZipArchiveArtifactProvider.SizeInBytes property.

v4.2.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BRK: Change ArtifactProvicer.SizeInBytes property type from ulong to long. #2675
  • BRK: Update SarifLog.Post(Uri, StreamWriter, HttpClient) return value to HttpResponseMessage (to make returned correlation id and error messages available). #2672
  • BRK: RuntimeConditions now of type long to permit more flag values. Many literal values have changed for individual members. #2660
  • BRK: RuntimeConditions.OneOrMoreFilesSkippedDueToSize renamed to OneOrMoreFilesSkippedDueToExceedingSizeLimits. #2660
  • BRK: Notes.LogFileSkippedDueToSize renamed to LogFileExceedingSizeLimitSkipped. #2660
  • BRK: Command-line argument automationGuid renamed to automation-guid. #2647
  • BRK: Command-line argument automationId renamed to automation-id. #2647
  • BRK: Update AnalyzeOptionsBase Quiet, Recurse, LogEnvironment, and RichReturnCode properties to bool? type. #2644
  • BRK: Rename Errors.LogExceptionCreatingLogFile to Errors.LogExceptionCreatingOutputFile to reflect its general purpose. #2643
  • BRK: Add IAnalysisContext.FileRegionsCache property. Used for data sharing across analysis phases. #2642
  • BRK: Remove FileRegionsCache.Instance singleton object. Analysis should always prefer context file region context instead. #2642
  • BRK: fileRegionsCache parameter is now required for the InsertOptionalDataVisitor. #2642
  • BRK: Add IAnalysisLogger.TargetAnalysisComplete method. #2637
  • BRK: Remove unused quiet parameter from SarifLogger. [Add a check list walkthrough for onboarding a workspace microsoft/PSRule#2639]microsoft/sarif-sdk#2639
  • BRK: Remove ComputeHashData and AnalysisTargetToHashDataMap properties from SarifLogger (in preference of new fileRegionsCache parameter. #2639
  • BRK: Eliminate proactive hashing of artifacts in SarifLogger constructor when OptionallyEmittedData.Hashes is specified. #2639
  • BUG: Provider better size return values for in-memory EnumeratedArtifact instances. #2674
  • BUG: Fixed ERR999.UnhandledEngineException: System.InvalidOperationException: This operation is not supported for a relative URI when running in Linux with files skipped due to zero byte size. #2664
  • BUG: Properly report skipping empty files (rather than reporting file was skipped due to exceeding size limits). #2660
  • BUG: Update user messages and code comments that refer to --force (replaced by --log ForceOverwrite). #2656
  • BUG: Handle return code 422 UnprocessableEntity when validating that log file POST endpoint is available. #2656
  • BUG: Eliminate erroneous Posted log file successfully message when context PostUri is non-null but empty. #2655
  • BUG: Resolves IOException raised by calling FileSystem.ReadAllText on file locked for write (but not read). #2655
  • BUG: Correct toolComponent.language regex in JSON schema. [Bump mocha from 10.8.2 to 11.0.1 microsoft/PSRule#2653]microsoft/sarif-sdk#2653
  • BUG: Generate IAnalysisLogger.AnalyzingTarget callbacks from MulthreadedAnalyzeCommandBase. #2637
  • BUG: Persist fileRegionsCache parameter in SarifLogger to support retrieving hash data. #2639
  • BUG: Allow override of FailureLevels and ResultKinds in context objects. #2639

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [Sarif.Sdk](https://github.com/Microsoft/sarif-sdk) from 2.4.16 to 4.3.4.
- [Release notes](https://github.com/Microsoft/sarif-sdk/releases)
- [Changelog](https://github.com/microsoft/sarif-sdk/blob/main/ReleaseHistory.md)
- [Commits](https://github.com/Microsoft/sarif-sdk/commits)

---
updated-dependencies:
- dependency-name: Sarif.Sdk
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 6, 2023

Dependabot tried to add @BernieWhite/psrule as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/BernieWhite/PSRule/pulls/242/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the BernieWhite/PSRule repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 6, 2023

The following labels could not be found: dependencies.

Copy link
Author

dependabot bot commented on behalf of github Nov 3, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/nuget/Sarif.Sdk-4.3.4 branch November 3, 2023 06:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant