Bump Microsoft.Sbom.Targets from 4.0.3 to 4.1.2

[dependabot]

Updated Microsoft.Sbom.Targets from 4.0.3 to 4.1.2.

Release notes

Sourced from Microsoft.Sbom.Targets's releases.

4.1.1

⚙️ Changes

• Temporarily make NI policy permissive by @​pragnya17 (#​1157)
• Scope FileHasher awaiting to just aggregation by @​DaveTryon (#​1160)
• Add telemetry to record depends on relationships by @​pragnya17 (#​1153)
• Exclude samples folder from externaldocreferences by @​DaveTryon (#​1146)

4.1.0

⚙️ Changes

• Fix externalRefs parser bug by @​jlperkins (#​1147)
• Add aggregation docs by @​DaveTryon (#​1145)
• Bump github/codeql-action from 3.29.0 to 3.29.3 by @dependabot[bot] (#​1144)
• Ignore SHA1 codeQL warnings by @​sfoslund (#​1143)
• Refactor constructor for Generator class by @​DaveTryon (#​1142)
• Add E2E tests for aggregation, fix race condition by @​DaveTryon (#​1141)
• Include package relationships when aggregating by @​DaveTryon (#​1139)
• Ignore SHA1 codeQL warnings by @​sfoslund (#​1138)
• Restore writing of root dependencies by @​DaveTryon (#​1137)
• Include empty files and relationships arrays in aggregated SBOMs by @​sfoslund (#​1136)
• Convert info message about invalid aggregation input to warn by @​sfoslund (#​1135)
• Capture more package fields in MergeableContent by @​DaveTryon (#​1134)
• Add correct relationships to MergeableContent by @​DaveTryon (#​1133)
• Fix SBOM aggregation signing bug by @​sfoslund (#​1132)
• Add a simple class to wrap the SbomConsolidationWorkflow by @​DaveTryon (#​1130)
• Add aggregation telemetry by @​DaveTryon (#​1128)
• Add telemetry file path option to aggregate verb by @​sfoslund (#​1129)
• Rename Consolidation to Aggregation by @​DaveTryon (#​1127)
• Generated a consolidated SBOM by @​DaveTryon (#​1126)
• Do not require outputPath in consolidate config file by @​sfoslund (#​1124)
• Ignore SPDX 3.0 SBOMs in consolidation by @​sfoslund (#​1123)
• Running validation workflow in consolidate by @​sfoslund (#​1118)
• Follow try standard by @​DaveTryon (#​1121)
• remove pointless returns xml docs by @​SimonCropp (#​1112)
• Pass set of validated SBOMs to consolidation by @​DaveTryon (#​1119)
• Add plumbing to collect packages from SPDX 2.2 files by @​DaveTryon (#​1117)
• Adding validate plumbing to consolidate verb by @​sfoslund (#​1115)
• remove broken param docs by @​SimonCropp (#​1111)
• remove redundant interpolation by @​SimonCropp (#​1113)
• Add simple unit tests for SbomConsolidationWorkflow by @​DaveTryon (#​1114)
• Add SPDXFormatDetector for SPDX version detection by @​sfoslund (#​1108)
• JSON encode env var values before config file insertion by @​sfoslund (#​1109)
• Add config file for Consolidate action by @​DaveTryon (#​1110)
• SBOM content diff checker between SPDX 2.2 and SPDX 3.0 by @​pragnya17 (#​1011)
• Bump Microsoft.Build.Locator to 1.7.8, 1.9.1 by @dependabot[bot] (#​1102)
• Expand env vars included in input config files by @​sfoslund (#​1105)
• Complete the stubbed plumbing for Consolidate action by @​DaveTryon (#​1106)
• Add skeleton for consolidation action by @​DaveTryon (#​1104)
• Fix for package dependency bug by @​pragnya17 (#​1101)
• build(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 by @dependabot[bot] (#​1099)
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot[bot] (#​1100)
• Create GitHub-targeted artifacts by @​DaveTryon (#​1091)
• Add IsPackable to target condition by @​bording (#​1075)
• Properly account for the number of files validated in ValidationResult by @​joshuamay-ms (#​1095)
• remove build badge by @​SimonCropp (#​1085)
• remove redundant FileHashesDictionarySingleton by @​SimonCropp (#​1084)
• remove unused Program fields by @​SimonCropp (#​1086)
• remove some dead variables by @​SimonCropp (#​1087)
• disable this prefix convention by @​SimonCropp (#​1088)
  ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)