v3.0.1

⚙️ Changes

• Add support for osx-arm64 by @DaveTryon (#756)

v3.0.0

⚙️ Changes

• BREAKING CHANGE : Update to .NET 8 versions of Component Detection by @DaveTryon (#755)
• BREAKING CHANGE : Include dependency tree data about nuget and maven packages by @jalkire (#746)
• Add dependency graph support to remaining ecosystems by @jalkire (#754)
• Fix typos and Markdown lint warnings by @bact (#740)
• build(deps): bump github/codeql-action from 3.26.8 to 3.26.13 by @dependabot (#753)
• build(deps): bump MSTest.TestFramework from 3.6.0 to 3.6.1 by @dependabot (#735)
• build(deps): bump MSTest.TestAdapter from 3.6.0 to 3.6.1 by @dependabot (#736)
• build(deps): bump Microsoft.Extensions.Http from 8.0.0 to 8.0.1 by @dependabot (#752)
• build(deps): bump Microsoft.Extensions.Hosting, Microsoft.Extensions.DependencyInjection.Abstractions, Microsoft.Extensions.DependencyInjection and Microsoft.Extensions.Logging.Abstractions by @dependabot (#749)
• Bump Microsoft.IO.Redist version by @sfoslund (#751)
• build(deps): bump NuGet.Configuration from 6.11.0 to 6.11.1 by @dependabot (#742)
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot (#741)
• Use tool-driven indents for *.props by @DaveTryon (#750)
• Address CVE-2024-43485 by updating System.Text.Json by @DaveTryon (#748)
• build(deps): bump Microsoft.Extensions.DependencyModel and System.Text.Json by @dependabot (#744)
• Deprecate .NET 6 support by @DaveTryon (#739)
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot (#724)
• build(deps): bump MinVer from 5.0.0 to 6.0.0 by @dependabot (#695)
• build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @dependabot (#732)
• Make targets package a dev dependency and fix package supplier trimming by @sfoslund (#726)
• Include SBOM tool in targets nuget package by @sfoslund (#722)
• build(deps): bump Serilog.Sinks.Console and System.Threading.Channels by @dependabot (#648)
• build(deps): bump Serilog.Sinks.File and System.Threading.Channels by @dependabot (#632)
• build(deps): bump Serilog.Sinks.Async and System.Threading.Channels by @dependabot (#647)
• build(deps): bump Serilog.Sinks.Map and System.Threading.Channels by @dependabot (#631)
• build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot (#720)

v2.2.9

⚙️ Changes

• Add support for Conan package to spdx file again by @tarun06 (#549)
• build(deps): bump MSTest.TestAdapter from 3.5.2 to 3.6.0 by @dependabot (#701)
• build(deps): bump Microsoft.Build.Utilities.Core and Microsoft.Build.Framework by @dependabot (#699)
• build(deps): bump FluentAssertions from 6.12.0 to 6.12.1 by @dependabot (#698)
• build(deps): bump Moq from 4.20.70 to 4.20.72 by @dependabot (#697)
• build(deps): bump Microsoft.NET.Test.Sdk from 17.11.0 to 17.11.1 by @dependabot (#696)
• build(deps): bump MSTest.TestFramework from 3.5.2 to 3.6.0 by @dependabot (#702)
• Include multiple DirectoryExclusionList example in sbom-tool-cli-reference.md documentation by @ChristophHornung (#705)
• build(deps): bump github/codeql-action from 3.26.5 to 3.26.7 by @dependabot (#706)
• Use ComponentDetection 4.9.6 by @DaveTryon (#700)

v2.2.8

⚙️ Changes

• Add a SBOM Generation Task by @gustavoaca1997 (#674)
• build(deps): bump NuGet.Configuration from 6.10.1 to 6.11.0 by @dependabot (#691)
• build(deps): bump NuGet.Frameworks from 6.10.1 to 6.11.0 by @dependabot (#668)
• build(deps): bump Microsoft.VisualStudio.Threading.Analyzers from 17.10.48 to 17.11.20 by @dependabot (#667)
• build(deps): bump MSTest.TestAdapter from 3.5.1 to 3.5.2 by @dependabot (#665)
• build(deps): bump MSTest.TestFramework from 3.5.1 to 3.5.2 by @dependabot (#669)
• build(deps): bump Microsoft.NET.Test.Sdk from 17.10.0 to 17.11.0 by @dependabot (#680)
• build(deps): bump github/codeql-action from 3.26.0 to 3.26.5 by @dependabot (#689)
• Fix CodeQL language config by @sfoslund (#690)
• build(deps): bump Scrutor from 4.2.0 to 4.2.2 by @dependabot (#646)
• build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions by @dependabot (#650)
• build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection by @dependabot (#649)
• build(deps): bump MinVer from 4.3.0 to 5.0.0 by @dependabot (#634)
• build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 by @dependabot (#645)
• build(deps): bump StyleCop.Analyzers from 1.2.0-beta.507 to 1.2.0-beta.556 by @dependabot (#636)
• build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 by @dependabot (#641)
• build(deps): bump Moq from 4.17.2 to 4.20.70 by @dependabot (#640)
• build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 by @dependabot (#652)
• build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 by @dependabot (#653)
• build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot (#654)
• build(deps): bump Microsoft.VisualStudio.Threading.Analyzers from 17.7.30 to 17.10.48 by @dependabot (#638)
• build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 by @dependabot (#642)
• build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 by @dependabot (#625)
• build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 by @dependabot (#637)
• build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 by @dependabot (#644)
• build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 by @dependabot (#630)
• build(deps): bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 by @dependabot (#552)
• Raise dependabot PR limit by @DaveTryon (#629)

v2.2.7

⚙️ Changes

• Bump Component Detection version by @JoseRenan (#624)
• Make the process exit with the correct exit code. by @gustavoaca1997 (#617)
• build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot (#614)
• build(deps): bump actions/setup-dotnet from 4.0.0 to 4.0.1 by @dependabot (#610)
• Bump System.Text.Json to 8.0.4. by @gustavoaca1997 (#618)
• Add simple integration tests by @DaveTryon (#606)
• chore: Fix JSON002 error by @DaveTryon (#603)
• chore: Remove SA1124 override by @DaveTryon (#604)
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot (#594)
• build(deps): bump codecov/codecov-action from 4.0.1 to 4.5.0 by @dependabot (#597)
• build(deps): bump github/codeql-action from 3.25.8 to 3.25.11 by @dependabot (#602)
• build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 by @dependabot (#591)
• build(deps): bump actions/checkout from 4.1.1 to 4.1.6 by @dependabot (#574)

v2.2.6

⚙️ Changes

• Add redact documentation by @sfoslund (#582)
• Add redaction workflow logic by @sfoslund (#581)
• Add Validate Format functionality by @alisonlomaka (#580)
• Add validate-format verb with placeholder for future validation by @alisonlomaka (#577)
• Tweaks to some analyzer rules by @alisonlomaka (#576)
• Add redact verb to CLI by @sfoslund (#575)
• Loosen constraints on SBOM/SPDX validation by @alisonlomaka (#572)
• Remove an unneeded comment (formatted as a heading) in documentation by @Jeanot-Zubler (#533)
• Clarify validate -o argument description by @alisonlomaka (#567)
• Explicitly install .NET 6.0 and 8.0 in CI by @sfoslund (#568)

v2.2.5

⚙️ Changes

• Fix main build failures by @pownkel (#557)
• fix: Output correct case-sensitive message by @DaveTryon (#556)
• fix: Remap errors to warnings if logged inside ComponentDetection by @DaveTryon (#554)
• fix: Improve logging on a corrupted manifest file by @DaveTryon (#551)
• fix: Improve case-sensitive handling by @DaveTryon (#550)
• fix: Add logging to Windows permissions checks by @DaveTryon (#548)
• chore: Output failure telemetry if signing validation fails by @DaveTryon (#547)
• removed the arm warning for Macs from the readme by @filipw (#546)
• fix: Return failing error code on invalid parameter by @DaveTryon (#544)
• fix: Improve error if a file is passed as directory parameter by @DaveTryon (#543)
• fix: Don't throw a warning if an output folder is specified by @DaveTryon (#542)
• fix: Improve visibility of logging from inside exception handlers by @DaveTryon (#540)
• Convert SBOM Tool Main Build to 1ESPT by @sfoslund (#535)

v2.2.4

⚙️ Changes

• Update component detection from 4.2.0 to 4.2.2 by @pownkel (#524)
• Update Component Detection version from 4.0.11 to 4.2.0 by @pownkel (#519)
• Fix style errors in build by @pownkel (#521)
• build(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 by @dependabot (#491)
• build(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 by @dependabot (#493)
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.3 by @dependabot (#503)
• Add link to component detection arguments by @pownkel (#499)
• Revise docs to clarify IHostedService impl is optional by @jlperkins (#486)
• build(deps): bump actions/setup-dotnet from 3.2.0 to 4.0.0 by @dependabot (#456)
• build(deps): bump actions/github-script from 6.4.1 to 7.0.1 by @dependabot (#451)
• build(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 by @dependabot (#485)
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot (#487)
• Add linux component license/author info in SBOM by @sebasgomez238 (#476)

v2.2.3

⚙️ Changes

• build(deps): bump github/codeql-action from 2.22.5 to 3.23.1 by @dependabot (#484)
• Updates to documentation by @sebasgomez238 (#482)
• Fix IsSuccess return value in SBOMValidator by @micyunmsft (#472)

v2.2.2

⚙️ Changes

• Switch to use ScanCommand Component Detection API by @sfoslund (#471)
• Fix bug in RubyUtils by @sebasgomez238 (#464)
• Use absolute path on directory exclusion list. by @sebasgomez238 (#462)