v6.5.0

⚙️ Changes

• Update dependency yamldotnet to v16 by @renovate[bot] (#1659)
• Update vulnerable dependencies in verification test fixtures by @JamieMagee (#1670)
• Bump express, typescript, re2, @types/react in pnpm verification test resources by @JamieMagee (#1665)
• Bump express, typescript, re2, @types/react in yarn verification test resources by @JamieMagee (#1667)
• Bump commons-text to 1.12.0 in maven verification test resources by @JamieMagee (#1661)
• Bump Microsoft.Owin packages to 4.2.2 in nuget verification test resources by @JamieMagee (#1663)
• Bump go directive to 1.22 in verification test resources by @JamieMagee (#1660)
• Bump certifi, zipp, setuptools, azure-identity in pip verification test resources by @JamieMagee (#1664)
• Bump black, ipython in poetry verification test resources by @JamieMagee (#1666)
• Bump express, typescript, re2, @types/react in npm verification test resources by @JamieMagee (#1662)
• Add application-layer Syft factories for 6 new ecosystems by @JamieMagee (#1632)
• Fix System.Text.Json MSB3277 version conflict by @JamieMagee (#1669)
• Fix snapshot verify workflow on Windows by @JamieMagee (#1668)
• Update dependency python to 3.14 by @renovate[bot] (#1658)
• Update dotnet monorepo by @renovate[bot] (#1644)
• Update dependency MinVer to v7 by @renovate[bot] (#1656)
• Fix zizmor workflow security findings by @JamieMagee (#1657)
• Update dependency AwesomeAssertions to 9.4.0 by @renovate[bot] (#1654)
• Update dependency Tomlyn.Signed to 0.20.0 by @renovate[bot] (#1655)
• Update dependency Spectre.Console.Cli.Extensions.DependencyInjection to 0.23.0 by @renovate[bot] (#1578)
• Update dependency MinVer to 6.1.0 by @renovate[bot] (#1653)
• Bump urllib3 from 2.6.0 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-2 by @dependabot[bot] (#1652)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-4 by @dependabot[bot] (#1651)
• Bump requests from 2.28.1 to 2.32.4 in /test/Microsoft.ComponentDetection.Detectors.Tests/Mocks/InvalidJsonReport by @dependabot[bot] (#1650)
• Bump urllib3 from 2.4.0 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#1622)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-3 by @dependabot[bot] (#1649)
• Update dependency Serilog to 4.3.1 by @renovate[bot] (#1648)
• Update release-drafter/release-drafter digest to 6db134d by @renovate[bot] (#1647)
• Bump azure-core from 1.34.0 to 1.38.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#1625)
• Update actions/setup-dotnet action to v5.1.0 by @renovate[bot] (#1640)
• Update nuget monorepo to 7.3.0 by @renovate[bot] (#1646)
• Update mstest monorepo to 4.1.0 by @renovate[bot] (#1645)
• Update step-security/harden-runner action to v2.14.2 by @renovate[bot] (#1639)
• Update zizmorcore/zizmor-action action to v0.5.0 by @renovate[bot] (#1643)
• Update actions/setup-python digest to a309ff8 by @renovate[bot] (#1635)
• Update github/codeql-action action to v4.32.3 by @renovate[bot] (#1641)
• Update codecov/codecov-action action to v5.5.2 by @renovate[bot] (#1637)
• Update stefanzweifel/git-auto-commit-action action to v7.1.0 by @renovate[bot] (#1642)
• Update actions/checkout action to v6.0.2 by @renovate[bot] (#1636)
• Update shogo82148/actions-upload-release-asset action to v1.9.2 by @renovate[bot] (#1638)
• Bump cryptography from 45.0.3 to 46.0.5 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#1634)
• Bump werkzeug from 3.1.3 to 3.1.5 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#1623)
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/go by @dependabot[bot] (#1585)
• Bump requests from 2.31.0 to 2.32.4 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#1427)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-5 by @dependabot[bot] (#1609)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-1 by @dependabot[bot] (#1604)
• Bump urllib3 from 2.2.1 to 2.6.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-2 by @dependabot[bot] (#1589)
• Bump azure-core from 1.30.0 to 1.38.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#1611)
• Bump requests from 2.28.1 to 2.32.4 in /test/Microsoft.ComponentDetection.Detectors.Tests/Mocks/EmptyReport by @dependabot[bot] (#1608)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#1605)
• Bump cryptography from 43.0.1 to 46.0.5 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#1630)
• Bump requests from 2.32.3 to 2.32.4 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#1624)
• Fix Docker image ID test for Docker 29 by @JamieMagee (#1633)

🧰 Maintenance

• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] (#1597)
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @dependabot[bot] (#1596)
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] (#1593)

v6.4.0

⚙️ Changes

• Maven combined detector experiment by @zhenghao104 (#1628)

v6.3.0

⚙️ Changes

• Fix package json deserialization 'engines' property by @grvillic (#1629)
• Mask feed credentials for CLI commands + remove superfluous risky logs by @grvillic (#1627)
• Introduce C++ SDK component type by @grvillic (#1626)
• Add image scope scanning option to the Linux detector by @grvillic (#1621)
• Improve serialization compatibility with new component types by @grvillic (#1620)

v6.2.7

⚙️ Changes

• Fix Npm Transitive Dependency Calculation by @RushabhBhansali (#1617)
• Reduce log level for per file level logs in RustSbomDetector by @AMaini503 (#1603)

v6.2.6

⚙️ Changes

• Update LinuxApplicationLayerExperiment control group by @JamieMagee (#1616)
• Configure dotnet component factory by @JamieMagee (#1615)

v6.2.5

⚙️ Changes

• Revert "Add image scope scanning option to the Linux detector" by @zhenghao104 (#1613)
• Revert "Introduce C++ SDK component type" by @grvillic (#1612)
• Add image scope scanning option to the Linux detector by @jasonpaulos (#1600)

v6.2.4

⚙️ Changes

• Fix System.Text.Json deserialization issues by @grvillic (#1607)

v6.2.3

⚙️ Changes

• Introduce C++ SDK component type by @grvillic (#1599)

v6.2.2

⚙️ Changes

• LinuxApplicationLayerExperiment adjustments. by @sebasgomez238 (#1595)

v6.2.1

⚙️ Changes

• Downgrade 9.x packages by @sebasgomez238 (#1592)
• Migrate npm detectors from Newtonsoft.Json to System.Text.Json by @JamieMagee (#1572)
• Update MSTest to 4.0.2 by @Youssef1313 (#1584)
• Update step-security/harden-runner action to v2.13.3 by @renovate[bot] (#1582)
• Update github/codeql-action action to v4.31.6 by @renovate[bot] (#1581)
• Migrate Spdx22ComponentDetector from Newtonsoft.Json to System.Text.json by @JamieMagee (#1571)
• Migrate vcpkg and Go detectors from Newtonsoft.Json to System.TextJson by @JamieMagee (#1570)
• Add support for NuGet components in containers by @JamieMagee (#1548)
• Update actions/setup-dotnet action to v5.0.1 by @renovate[bot] (#1575)
• Update nuget monorepo to 7.0.1 by @renovate[bot] (#1577)
• Update dependency Spectre.Console.Cli to 0.53.1 by @renovate[bot] (#1576)
• Update actions/setup-python digest to 83679a8 by @renovate[bot] (#1574)
• Migrate LinuxScanner from Newtonsoft.Json to System.Text.Json by @JamieMagee (#1567)
• Migrate simple JSON serialization from Newtonsoft.Json to System.Text.Json by @JamieMagee (#1566)
• Migrate Swift, Ivy, and pip detectors from Newtonsoft.Json to System.Text.Json by @JamieMagee (#1565)
• Update github/codeql-action action to v4.31.5 by @renovate[bot] (#1563)
• Update zizmorcore/zizmor-action action to v0.3.0 by @renovate[bot] (#1564)
• Migrate test serialization from Newtonsoft.Json to System.Text.Json by @JamieMagee (#1560)

🧰 Maintenance

• Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] (#1583)