Bump Microsoft.Sbom.Targets from 4.0.3 to 4.1.4

[dependabot]

Updated Microsoft.Sbom.Targets from 4.0.3 to 4.1.4.

Release notes

Sourced from Microsoft.Sbom.Targets's releases.

4.1.4

⚙️ Changes

• Fix release pipeline internal feed release by @​sfoslund (#​1325)
• Fix release pipeline internal feed logic by @​sfoslund (#​1324)
• Major version bump for Component Detection by @​jlperkins (#​1323)
• Fix validation errors for SBOM tool release by @​pragnya17 (#​1282)
• Bump Microsoft.Build, Microsoft.Build.Framework, and Microsoft.Build.Utilities.Core by @dependabot[bot] (#​1276)
• Revert "Update pipeline to use shared service connection" by @​pragnya17 (#​1275)
• Bump System.Threading.Channels from 9.0.8 to 9.0.10 by @dependabot[bot] (#​1273)
• Update pipeline to use shared service connection by @​pragnya17 (#​1262)

4.1.3

⚙️ Changes

• Fix validation errors for SBOM tool release by @​pragnya17 (#​1282)
• Bump Microsoft.Build, Microsoft.Build.Framework, and Microsoft.Build.Utilities.Core by @dependabot[bot] (#​1276)
• Revert "Update pipeline to use shared service connection" by @​pragnya17 (#​1275)
• Bump System.Threading.Channels from 9.0.8 to 9.0.10 by @dependabot[bot] (#​1273)
• Update pipeline to use shared service connection by @​pragnya17 (#​1262)
• Bump Microsoft.ComponentDetection.Contracts from 5.2.19 to 5.2.27 by @dependabot[bot] (#​1204)
• Update readme to reflect new contribution policy by @​alisonlomaka (#​1235)
• Bump NuGet.Configuration from 6.13.2 to 6.14.0 by @dependabot[bot] (#​1178)
• Bump NuGet.Frameworks from 6.13.2 to 6.14.0 by @dependabot[bot] (#​1179)
• Bump System.Linq.Async from 6.0.1 to 6.0.3 by @dependabot[bot] (#​1184)
• Bump Scrutor from 6.0.1 to 6.1.0 by @dependabot[bot] (#​1181)
• Bump Newtonsoft.Json from 13.0.3 to 13.0.4 by @dependabot[bot] (#​1226)
• Bump actions/setup-dotnet from 4.3.1 to 5.0.0 by @dependabot[bot] (#​1202)
• Bump System.Text.Json from 9.0.2 to 9.0.9 by @dependabot[bot] (#​1218)
• Bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] (#​1207)
• Bump github/codeql-action from 3.29.11 to 3.30.3 by @dependabot[bot] (#​1219)
• Convert SBOM tool release pipeline from classic to governed by @​pragnya17 (#​1212)
• Bump Microsoft.VisualStudio.Threading.Analyzers from 17.12.19 to 17.14.15 by @dependabot[bot] (#​1176)
• Bump System.Threading.Channels from 9.0.2 to 9.0.8 by @dependabot[bot] (#​1186)
• Bump System.Threading.Tasks.Extensions from 4.6.1 to 4.6.3 by @dependabot[bot] (#​1187)
• Bump github/codeql-action from 3.29.3 to 3.29.11 by @dependabot[bot] (#​1164)
• Bump actions/checkout from 4 to 5 by @dependabot[bot] (#​1156)

4.1.2

• Add COSE paths to SbomConfig by @​JoseRenan (#​1152)
• Exit with appropriate exit code when providing version by @​GDWR (#​1161)

4.1.1

⚙️ Changes

• Temporarily make NI policy permissive by @​pragnya17 (#​1157)
• Scope FileHasher awaiting to just aggregation by @​DaveTryon (#​1160)
• Add telemetry to record depends on relationships by @​pragnya17 (#​1153)
• Exclude samples folder from externaldocreferences by @​DaveTryon (#​1146)

4.1.0

⚙️ Changes

• Fix externalRefs parser bug by @​jlperkins (#​1147)
• Add aggregation docs by @​DaveTryon (#​1145)
• Bump github/codeql-action from 3.29.0 to 3.29.3 by @dependabot[bot] (#​1144)
• Ignore SHA1 codeQL warnings by @​sfoslund (#​1143)
• Refactor constructor for Generator class by @​DaveTryon (#​1142)
• Add E2E tests for aggregation, fix race condition by @​DaveTryon (#​1141)
• Include package relationships when aggregating by @​DaveTryon (#​1139)
• Ignore SHA1 codeQL warnings by @​sfoslund (#​1138)
• Restore writing of root dependencies by @​DaveTryon (#​1137)
• Include empty files and relationships arrays in aggregated SBOMs by @​sfoslund (#​1136)
• Convert info message about invalid aggregation input to warn by @​sfoslund (#​1135)
• Capture more package fields in MergeableContent by @​DaveTryon (#​1134)
• Add correct relationships to MergeableContent by @​DaveTryon (#​1133)
• Fix SBOM aggregation signing bug by @​sfoslund (#​1132)
• Add a simple class to wrap the SbomConsolidationWorkflow by @​DaveTryon (#​1130)
• Add aggregation telemetry by @​DaveTryon (#​1128)
• Add telemetry file path option to aggregate verb by @​sfoslund (#​1129)
• Rename Consolidation to Aggregation by @​DaveTryon (#​1127)
• Generated a consolidated SBOM by @​DaveTryon (#​1126)
• Do not require outputPath in consolidate config file by @​sfoslund (#​1124)
• Ignore SPDX 3.0 SBOMs in consolidation by @​sfoslund (#​1123)
• Running validation workflow in consolidate by @​sfoslund (#​1118)
• Follow try standard by @​DaveTryon (#​1121)
• remove pointless returns xml docs by @​SimonCropp (#​1112)
• Pass set of validated SBOMs to consolidation by @​DaveTryon (#​1119)
• Add plumbing to collect packages from SPDX 2.2 files by @​DaveTryon (#​1117)
• Adding validate plumbing to consolidate verb by @​sfoslund (#​1115)
• remove broken param docs by @​SimonCropp (#​1111)
• remove redundant interpolation by @​SimonCropp (#​1113)
• Add simple unit tests for SbomConsolidationWorkflow by @​DaveTryon (#​1114)
• Add SPDXFormatDetector for SPDX version detection by @​sfoslund (#​1108)
• JSON encode env var values before config file insertion by @​sfoslund (#​1109)
• Add config file for Consolidate action by @​DaveTryon (#​1110)
• SBOM content diff checker between SPDX 2.2 and SPDX 3.0 by @​pragnya17 (#​1011)
• Bump Microsoft.Build.Locator to 1.7.8, 1.9.1 by @dependabot[bot] (#​1102)
• Expand env vars included in input config files by @​sfoslund (#​1105)
• Complete the stubbed plumbing for Consolidate action by @​DaveTryon (#​1106)
• Add skeleton for consolidation action by @​DaveTryon (#​1104)
• Fix for package dependency bug by @​pragnya17 (#​1101)
• build(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 by @dependabot[bot] (#​1099)
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot[bot] (#​1100)
• Create GitHub-targeted artifacts by @​DaveTryon (#​1091)
• Add IsPackable to target condition by @​bording (#​1075)
• Properly account for the number of files validated in ValidationResult by @​joshuamay-ms (#​1095)
• remove build badge by @​SimonCropp (#​1085)
• remove redundant FileHashesDictionarySingleton by @​SimonCropp (#​1084)
• remove unused Program fields by @​SimonCropp (#​1086)
• remove some dead variables by @​SimonCropp (#​1087)
• disable this prefix convention by @​SimonCropp (#​1088)
  ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)