Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Component Detection v5 Major Version [DO NOT MERGE] #1141

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Component Detection v5 Major Version [DO NOT MERGE] #1141

wants to merge 3 commits into from

Conversation

cobya
Copy link
Contributor

@cobya cobya commented May 28, 2024
edited
Loading

This will incorporate all breaking changes for the next major version of Component Detection, v5, which has changes being tracked at #1135.

PRs included in this change:

@chriskarlsson
Minimatch for directory exclusion (#1091)
e52ef78 
* Minimatch for directory exclusion

* PR comment fixes

* License attribution
* RegexOptions.Compiled
* Better exception message
* Better test coverage
@cobya cobya added version:major status:blocked Issue is blocked by another issue or external requirement type:feature Feature (new functionality) breaking change Breaking change, requires major version bump labels May 28, 2024
@cobya cobya requested a review from a team as a code owner May 28, 2024 16:58
@cobya cobya requested a review from melotic May 28, 2024 16:58
@codecov Codecov
Copy link

codecov bot commented May 28, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 87.86611% with 87 lines in your changes missing coverage. Please review.

Project coverage is 76.7%. Comparing base (967d63a) to head (d79c577).

Files Patch % Lines
...osoft.ComponentDetection.Orchestrator/Minimatch.cs 87.6% 29 Missing and 21 partials ⚠️
...ComponentDetection.Detectors/pip/PythonResolver.cs 0.0% 1 Missing and 5 partials ⚠️
...entDetection.Detectors/rust/CargoDependencyData.cs 0.0% 4 Missing ⚠️
...ft.ComponentDetection.Common/PathUtilityService.cs 25.0% 0 Missing and 3 partials ⚠️
...Detection.Detectors/npm/NpmLockfileDetectorBase.cs 72.7% 3 Missing ⚠️
...entDetection.Detectors/pip/SimplePythonResolver.cs 62.5% 0 Missing and 3 partials ⚠️
...ection.Common/DependencyGraph/ComponentRecorder.cs 66.6% 2 Missing ⚠️
...ion.Detectors/go/GoComponentWithReplaceDetector.cs 83.3% 0 Missing and 2 partials ⚠️
...etection.Detectors/linux/LinuxContainerDetector.cs 60.0% 1 Missing and 1 partial ⚠️
...tDetection.Detectors/nuget/NuGetNuspecUtilities.cs 33.3% 2 Missing ⚠️
... and 10 more
Additional details and impacted files 
@@           Coverage Diff           @@
##            main   #1141     +/-   ##
=======================================
+ Coverage   76.3%   76.7%   +0.4%     
=======================================
  Files        256     257      +1     
  Lines      11316   11672    +356     
  Branches    1135    1199     +64     
=======================================
+ Hits        8636    8961    +325     
- Misses      2348    2359     +11     
- Partials     332     352     +20

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cobya cobya mentioned this pull request Jun 6, 2024
Closed
1 task
@cobya @pauld-msft
@grvillic @dependabot @renovate
Update to .NET 8 (#1150)
6d2e344 
* Add CodeQL debug (#1142)

* Increase Python cache window (#1144)

* Increase Python cache window

* Update pip.md

* Update IPyPiClient.cs

* Merged pnpm6 experiment into pnpm detector (#1145)

* merged pnpm6 into pnpm detector

* bump version and make the factory method private

* name of type

* improved logging

* added telemetry record for pnpm, and other minor updates to methods for conciseness

* standardize the invalid version telemetry object

* removed invalid version file

* Use .NET 8

* Fix new analyzer errors

* Update integration tests

* Update minimatch

* Pauldorsch/remove pip report throw (#1151)

* remove throw for pip report so all pip files will be scanned

* fix tests

* Update NormalizePath to be more robust (#1152)

* fix the requested_extras parsing for pip report (#1154)

* Simple sanitization in strings used in CLI before logging (#1155)

* Bump github/codeql-action from 3.25.6 to 3.25.8 (#1153)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9fdb3e4...2e230e8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): update dependency minver to v5 (#1140)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update nuget monorepo to v6.10.0 (#1138)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update dependency yamldotnet to v15 (#982)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Gradle parsing to reduce calls to IsDevDependencyByLockfile (#1156)

* Update renovate.json configuration (#1157)

Update renovate.json configuration to limit open branches and add weekly lock file maintenance.

* Specifiy smoke test config

* Set restore target

* Use new NuGet smoke test repo

* Update NuGet test

* Add workload step

* Update test repo

* Add Python install

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Paul Dorsch <[email protected]>
Co-authored-by: Greg Villicana <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 6, 2024

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

This was linked to issues Jun 6, 2024
Investigate our use of ** with Dotnet.Glob #201
Open
Switch to .NET 8 #771
Closed
@cobya cobya mentioned this pull request Jun 6, 2024
Closed
1 task
@cobya cobya self-assigned this Jun 10, 2024
This was referenced Jun 17, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melotic melotic Awaiting requested review from melotic melotic is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

@cobya cobya

Labels
breaking change Breaking change, requires major version bump status:blocked Issue is blocked by another issue or external requirement type:feature Feature (new functionality) version:major
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Investigate our use of ** with Dotnet.Glob Switch to .NET 8
2 participants
@cobya @chriskarlsson