Merge from main.

ReleaseHistory.md

@@ -1,6 +1,9 @@
 # SARIF Package Release History (SDK, Driver, Converters, and Multitool)
 
 ## **v4.4.0 UNRELEASED
+* DEP: Explicitly add `Azure.Identity` 1.10.2 in `Sarif.Multitool.Library` and `WorkItems` to avoid the vulnerable 1.3.0 package via `Microsoft.Azure.Kusto.Data` 10.0.3 per compliance requirements.
+* DEP: Explicitly add `Microsoft.Data.SqlClient` 2.1.2 in `Sarif.Multitool.Library` and `WorkItems` to avoid the vulnerable 2.1.1 package via `Microsoft.Azure.Kusto.Data` 10.0.3 per compliance requirements.
+* DEP: Explicitly add `System.Data.SqlClient` 4.8.5 in `WorkItems` to avoid the vulnerable 4.2.2 package via `Microsoft.TeamFoundationServer.Client` 16.170.0 per compliance requirements.
 * BRK: `EnumeratedArtifact` now sniffs artifacts to distinguish between textual and binary data. The `Contents` property will be null for binary files (use `Bytes` instead).
 * BRK: `MultithreadedZipArchiveArtifactProvider` now distinguishes binary vs. textual data using a hard-coded binary files extensions list. This data will be made configurable in a future change. Current extensions include `.bmp`, `.cer`, `.der`, `.dll`, `.exe`, `.gif`, `.gz`, `.iso`, `.jpe`, `.jpeg`, `.lock`, `.p12`, `.pack`, `.pfx`, `.pkcs12`, `.png`, `.psd`, `.rar`, `.tar`, `.tif`, `.tiff`, `.xcf`, `.zip`.
 * NEW: `EnumeratedArtifact` now automatically detects and populates a `Bytes` property for binary files such as executables and certificates.

src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj

@@ -14,7 +14,9 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.10.2" />
     <PackageReference Include="Microsoft.Azure.Kusto.Data" Version="10.0.3" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
     <PackageReference Include="Microsoft.Json.Pointer" Version="2.1.0" />
     <PackageReference Include="Microsoft.Json.Schema" Version="2.1.0" />
     <PackageReference Include="Microsoft.Json.Schema.Validation" Version="2.1.0" />

src/Test.UnitTests.Sarif.Driver/Test.UnitTests.Sarif.Driver.csproj

@@ -35,7 +35,7 @@
     <PackageReference Include="Microsoft.Coyote" Version="$(CoyoteVersion)" />
     <PackageReference Include="Microsoft.Coyote.Test" Version="$(CoyoteVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.18.4" />
     <PackageReference Include="System.Composition" Version="5.0.0" />
     <PackageReference Include="xunit" Version="2.5.1" />
     <PackageReference Include="xunit.runner.console" Version="2.5.1">

src/WorkItems/WorkItems.csproj

@@ -24,7 +24,9 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.10.2" />
     <PackageReference Include="Microsoft.Azure.Kusto.Data" Version="10.0.3" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="3.1.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.2" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.2" />
@@ -34,6 +36,7 @@
     <PackageReference Include="Microsoft.Json.Schema.Validation" Version="2.1.0" />
     <PackageReference Include="Microsoft.TeamFoundationServer.Client" Version="16.170.0" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.5" />
     <PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
 
     <!-- We have to ship pre-patch versions of NewtonSoft for VisualStudio SDK.