Update dependency Sarif.Sdk to 4.6.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Sarif.Sdk	4.5.4 -> 4.6.0

---

Release Notes

Microsoft/sarif-sdk (Sarif.Sdk)

v4.6.0

• BRK: Remove defunct and unsupported kusto command in Sarif.Multitool.
• BRK: Remove support for .NET Core 3.1 and .NET 6.0 in preference of a supported version of .NET, net8.0.
• BRK: Remove HashData.MD5, HashUtilities.ComputeMD5Hash due to the inherent insecurity of this algorithm.
• BRK: 'HashUtilities.ComputeHash' no longer generates MD5 hashes (only SHA1 and SHA256).
• DEP: Remove dependency on Microsoft.Azure.Kusto.Data.
• DEP: Update Azure.Identity reference from 1.10.2 to 1.13.1 in WorkItems and Sarif.Multitool.Library to resolve CVE-2024-29992 and other CVEs.
• DEP: Update Azure.Core from 1.35.0 to 1.41.1 to satisfy minimum requirement of Azure.Identity 1.12.1 (that has no known vulnerabilities).
• DEP: Update System.Text.Encodings.Web from 5.0.1 to 6.0.0 (required by transitive closure of dependency requirements from other updates).
• DEP: Update all Newtonsoft.Json references to 13.0.3 to resolve CVE-2024-21907.
• DEP: Update Microsoft.Data.SqlClient from 2.1.7 to 5.2.2 so its dependencies Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt upgrade to non-vulnerable version 6.35.0 (GHSA-59j7-ghrg-fj52).
• BUG: Resolve process hangs when a file path is provided with a wildcard, but without a -r (recurse) flag during the multi-threaded analysis file enumeration phase.
• BUG: Fix error ERR997.NoValidAnalysisTargets when scanning symbolic link files.
• BUG: Fix error ERR997.NoValidAnalysisTargets when passing wildcard patterns (e.g., *.txt) to OrderedFileSpecifier. A recent change limited our wildcard support strictly to use of * only.
• BUG: Fix ERR999.UnhandledEngineException: System.IO.FileNotFoundException: Could not find file when a file name or directory path contains URL-encoded characters.
• BUG: Fix error ERR997.NoValidAnalysisTargets when ambiguous file/directory references are provided to OrderedFileSpecifier. Previously, the code required an explicit directory separator to be added to the end of a directory path. Now, the code inspects the file system and assumes that a reference to an existing directory was intended by the user (even without a trailing separator).
• BUG: Fixed error ERR997.NoValidAnalysisTargets | TargetParseError when processing OPC files by correctly handling programmatic usage and skipping redundant file access when a stream is provided via EnumeratedArtifact.
• BUG: Eliminate unhandled UriFormatException: Invalid URI: The format of the URI could not be determined. when creating a ZipArchiveArtifact with a relative URI.
• BUG: Refactored MultithreadedCommandBase to check for empty or oversized artifacts before attempting to load OPC artifacts. This avoids unnecessary processing and improves performance by skipping invalid inputs early.
• NEW: Allow null archive uri in MultithreadedZipArchiveArtifactProvider (which indicates that enumerated artifact paths should not include the base archive).
• NEW: Update LogTargetParseError(IAnalysisContext, Region, string, Exception) to include optional exception argument to denote code location where parse error occurred.
• NEW: MultithreadedAnalyzeCommandBase.EnumerateArtifact now supports scanning into compressed (OPC) files. Initial support file extensions are: .apk, .appx, .appxbundle, .docx, .epub, .jar, .msix, .msixbundle, .odp, .ods, .odt, .onepkg, .oxps, .pkg, .pptx, .unitypackage, .vsix, .vsdx, .xps, .xlsx, .zip.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/Cake.Issues.DocFx.Tests/packages.lock.json, src/Cake.Issues.DocFx/packages.lock.json, src/Cake.Issues.EsLint.Tests/packages.lock.json, src/Cake.Issues.EsLint/packages.lock.json, src/Cake.Issues.GitRepository.Tests/packages.lock.json, src/Cake.Issues.GitRepository/packages.lock.json, src/Cake.Issues.InspectCode.Tests/packages.lock.json, src/Cake.Issues.InspectCode/packages.lock.json, src/Cake.Issues.Markdownlint.Tests/packages.lock.json, src/Cake.Issues.Markdownlint/packages.lock.json, src/Cake.Issues.MsBuild.Tests/packages.lock.json, src/Cake.Issues.MsBuild/packages.lock.json, src/Cake.Issues.PullRequests.AppVeyor.Tests/packages.lock.json, src/Cake.Issues.PullRequests.AppVeyor/packages.lock.json, src/Cake.Issues.PullRequests.AzureDevOps.Tests/packages.lock.json, src/Cake.Issues.PullRequests.AzureDevOps/packages.lock.json, src/Cake.Issues.PullRequests.GitHubActions.Tests/packages.lock.json, src/Cake.Issues.PullRequests.GitHubActions/packages.lock.json, src/Cake.Issues.PullRequests.Tests/packages.lock.json, src/Cake.Issues.PullRequests/packages.lock.json, src/Cake.Issues.Reporting.Console.Tests/packages.lock.json, src/Cake.Issues.Reporting.Console/packages.lock.json, src/Cake.Issues.Reporting.Generic.Tests/packages.lock.json, src/Cake.Issues.Reporting.Generic/packages.lock.json, src/Cake.Issues.Reporting.Sarif.Tests/packages.lock.json, src/Cake.Issues.Reporting.Sarif/packages.lock.json, src/Cake.Issues.Reporting.Tests/packages.lock.json, src/Cake.Issues.Reporting/packages.lock.json, src/Cake.Issues.Sarif.Tests/packages.lock.json, src/Cake.Issues.Sarif/packages.lock.json, src/Cake.Issues.Tap.Tests/packages.lock.json, src/Cake.Issues.Tap/packages.lock.json, src/Cake.Issues.Terraform.Tests/packages.lock.json, src/Cake.Issues.Terraform/packages.lock.json, src/Cake.Issues.Testing/packages.lock.json, src/Cake.Issues.Tests/packages.lock.json, src/Cake.Issues/packages.lock.json

  Determining projects to restore...
  Restored /tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues/Cake.Issues.csproj (in 341 ms).
  Restored /tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Testing/Cake.Issues.Testing.csproj (in 13 ms).
  Restored /tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting/Cake.Issues.Reporting.csproj (in 4 ms).
/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif/Cake.Issues.Reporting.Sarif.csproj : error NU1605: Warning As Error: Detected package downgrade: Newtonsoft.Json from 13.0.3 to 13.0.1. Reference the package directly from the project to select a different version.  [/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif.Tests/Cake.Issues.Reporting.Sarif.Tests.csproj]
/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif/Cake.Issues.Reporting.Sarif.csproj : error NU1605:  Cake.Issues.Reporting.Sarif -> Sarif.Sdk 4.6.0 -> Newtonsoft.Json (>= 13.0.3)  [/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif.Tests/Cake.Issues.Reporting.Sarif.Tests.csproj]
/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif/Cake.Issues.Reporting.Sarif.csproj : error NU1605:  Cake.Issues.Reporting.Sarif -> Newtonsoft.Json (>= 13.0.1) [/tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif.Tests/Cake.Issues.Reporting.Sarif.Tests.csproj]
  Failed to restore /tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif/Cake.Issues.Reporting.Sarif.csproj (in 682 ms).
  Restored /tmp/renovate/repos/github/cake-contrib/Cake.Issues/src/Cake.Issues.Reporting.Sarif.Tests/Cake.Issues.Reporting.Sarif.Tests.csproj (in 55 ms).

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.