Skip to content

Bump sarif-tools from 2.0.0 to 3.0.3 #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 10, 2024
Merged

Bump sarif-tools from 2.0.0 to 3.0.3 #464

merged 1 commit into from
Oct 10, 2024

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 7, 2024
edited
Loading

Bumps sarif-tools from 2.0.0 to 3.0.3.

Release notes

Sourced from sarif-tools's releases.

v3.0.3

Fixed:

  • #43 Support getting level from ruleConfigurationOverrides and defaultConfiguration.
  • #68 Fixed regression where reversing diff direction gave different results.

v3.0.2

Fixed

  • #55 part 2: Added executionSuccessful to copy operation output for SARIF schema compliance.

v3.0.1

Fixed

  • #58 Fixed regression that broke sarif diff command in v3.0.0.

v3.0.0

Breaking Changes

  • Changed Python API to use new IssueReport type for issue grouping and sorting:
    • SarifFileSet now has a get_report() method
    • s.get_result_count_by_severity() replaced by s.get_report().get_issue_type_histogram_for_severity(severity)
    • s.get_result_count_by_severity() replaced by s.get_report().get_issue_count_for_severity(severity)
    • s.get_records_grouped_by_severity() replaced by s.get_report().get_issues_for_severity(severity)

Added

  • Support "none" severity level. It's only included in the output if present in the input.

Fixed

  • #39 Truncate long summaries.
  • Made issue sorting and grouping more consistent across the various reports.
  • Multiple occurrences of a single issue are now sorted by location in the Word report.
  • Improved debug and version reporting for when multiple versions are installed.
  • For the copy operation, "invocation" in the resulting sarif is changed to an object to match the spec.
  • #53 Fix the blame command for file:/// URL locations.

Compatibility

  • Python 3.8+
Changelog

Sourced from sarif-tools's changelog.

[3.0.3] - 2024-09-30

  • #43 Support getting level from ruleConfigurationOverrides and defaultConfiguration.
  • #68 Fixed regression where reversing diff direction gave different results.

[3.0.2] - 2024-09-18

  • #55 part 2: Add executionSuccessful to copy operation output for SARIF schema compliance.

[3.0.1] - 2024-09-16

Fixed

  • #58 Fixed regression that broke sarif diff command in v3.0.0.

3.0.0 - 2024-09-10

Breaking Changes

  • Changed Python API to use new IssueReport type for issue grouping and sorting:
    • SarifFileSet now has a get_report() method
    • s.get_result_count_by_severity() replaced by s.get_report().get_issue_type_histogram_for_severity(severity)
    • s.get_result_count_by_severity() replaced by s.get_report().get_issue_count_for_severity(severity)
    • s.get_records_grouped_by_severity() replaced by s.get_report().get_issues_for_severity(severity)

Added

  • Support "none" severity level. It's only included in the output if present in the input.

Fixed

  • #39 Truncate long summaries.
  • Made issue sorting and grouping more consistent across the various reports.
  • Multiple occurrences of a single issue are now sorted by location in the Word report.
  • Improved debug and version reporting for when multiple versions are installed.
  • For the copy operation, "invocation" in the resulting sarif is changed to an object to match the spec.
  • #53 Fix the blame command for file:/// URL locations.

Compatibility

  • Python 3.8+
Commits
  • ff00b86 Prepare release 3.0.3 (#71)
  • 6732313 Improve logic for calculating result level (#69)
  • d41747d Fix issue grouping bug that gave different results based on ordering (#70)
  • 509f7c7 Upgrade GitHub Actions to actions/checkout@v4 (#67)
  • abfae6b Add GitHub Actions for PR validation (#66)
  • 686547d Release and CI build pipelines (#65)
  • 7898414 Blank YAML to bootstrap AzDO build pipeline (#64)
  • 1066402 Prepare release 3.0.2 (#63)
  • aafa048 Fix copy command output SARIF JSON schema compliance (#62)
  • 02132ae Prepare release 3.0.1 (#61)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 7, 2024
@dependabot dependabot bot mentioned this pull request Oct 7, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/pip/sarif-tools-3.0.3 branch 2 times, most recently from 2980871 to a0d8e7d Compare October 10, 2024 14:05
@dependabot
Bump sarif-tools from 2.0.0 to 3.0.3
1ef8d54 
Bumps [sarif-tools](https://github.com/microsoft/sarif-tools) from 2.0.0 to 3.0.3.
- [Release notes](https://github.com/microsoft/sarif-tools/releases)
- [Changelog](https://github.com/microsoft/sarif-tools/blob/main/CHANGELOG.md)
- [Commits](microsoft/sarif-tools@v2.0.0...v3.0.3)

---
updated-dependencies:
- dependency-name: sarif-tools
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/sarif-tools-3.0.3 branch from a0d8e7d to 1ef8d54 Compare October 10, 2024 14:10
@sobregosodd sobregosodd merged commit b46587a into main Oct 10, 2024
9 checks passed
@sobregosodd sobregosodd deleted the dependabot/pip/sarif-tools-3.0.3 branch October 10, 2024 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sobregosodd sobregosodd sobregosodd approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sobregosodd