From 60cce777c808138724d335aef98b620ab6e6c87e Mon Sep 17 00:00:00 2001
From: Gabriel Pedro de Castro <gadecast@microsoft.com>
Date: Mon, 30 Jun 2025 16:00:30 -0700
Subject: [PATCH 1/3] Supress CodeQL Warning in SPDX parsing

---
 .../spdx/Spdx22ComponentDetector.cs                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.ComponentDetection.Detectors/spdx/Spdx22ComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/spdx/Spdx22ComponentDetector.cs
index ccede688c..df181e696 100644
--- a/src/Microsoft.ComponentDetection.Detectors/spdx/Spdx22ComponentDetector.cs
+++ b/src/Microsoft.ComponentDetection.Detectors/spdx/Spdx22ComponentDetector.cs
@@ -121,7 +121,7 @@ private SpdxComponent ConvertJObjectToSbomComponent(ProcessRequest processReques
     private string GetSHA1HashFromStream(Stream stream)
     {
 #pragma warning disable CA5350 // Suppress Do Not Use Weak Cryptographic Algorithms because we use SHA1 intentionally in SPDX format
-        return BitConverter.ToString(SHA1.Create().ComputeHash(stream)).Replace("-", string.Empty).ToLower();
+        return BitConverter.ToString(SHA1.Create().ComputeHash(stream)).Replace("-", string.Empty).ToLower(); // CodeQL [SM02196] Sha1 is used in SPDX 2.2 format this file is parsing (https://spdx.github.io/spdx-spec/v2.2.2/file-information/).
 #pragma warning restore CA5350
     }
 }

From fa2de492c23ead26e03902640d39d8e68dba3281 Mon Sep 17 00:00:00 2001
From: Gabriel Pedro de Castro <gadecast@microsoft.com>
Date: Tue, 1 Jul 2025 10:33:56 -0700
Subject: [PATCH 2/3] Update .NET SDK version

---
 global.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global.json b/global.json
index a99f94e05..01fea35a7 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
 {
 	"sdk": {
-		"version": "8.0.408",
+		"version": "8.0.411",
 		"rollForward": "latestMinor"
 	}
 }

From cd83917b66e815c6dba22420c613ba301de54d6a Mon Sep 17 00:00:00 2001
From: Gabriel Pedro de Castro <gadecast@microsoft.com>
Date: Tue, 1 Jul 2025 10:51:24 -0700
Subject: [PATCH 3/3] Update dotnet install for smoke tests

---
 .github/workflows/smoke-test.yml | 2 +-
 global.json                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml
index e180ab167..c2088b621 100644
--- a/.github/workflows/smoke-test.yml
+++ b/.github/workflows/smoke-test.yml
@@ -42,7 +42,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup .NET
-        uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
 
       - name: Install Apache Ivy
         run: curl https://downloads.apache.org/ant/ivy/2.5.2/apache-ivy-2.5.2-bin.tar.gz | tar xOz apache-ivy-2.5.2/ivy-2.5.2.jar > /usr/share/ant/lib/ivy.jar
diff --git a/global.json b/global.json
index 01fea35a7..979a7a264 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
 {
 	"sdk": {
 		"version": "8.0.411",
-		"rollForward": "latestMinor"
+		"rollForward": "latestFeature"
 	}
 }