From c67882648ce1b9a23d833ec959394ff83c93ad69 Mon Sep 17 00:00:00 2001
From: Rhys Koedijk <rhys@koedijk.co.nz>
Date: Thu, 21 Nov 2024 22:03:19 +1300
Subject: [PATCH 1/4] Update vulnerable packages

---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e496c53..e4d3cf0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -41,9 +41,9 @@
       "dev": true
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
       "dependencies": {
         "path-key": "^3.1.0",

From 3f7bf3cdd868e78a1595c5fa6526a427875ebb4b Mon Sep 17 00:00:00 2001
From: Rhys Koedijk <rhys@koedijk.co.nz>
Date: Thu, 21 Nov 2024 22:05:11 +1300
Subject: [PATCH 2/4] Require minimum agent version 3.232.1

---
 task/task.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/task/task.json b/task/task.json
index c4f337e..c7cae89 100644
--- a/task/task.json
+++ b/task/task.json
@@ -10,6 +10,7 @@
   "category": "Azure Pipelines",
   "visibility": ["Build"],
   "runsOn": ["Agent"],
+  "minimumAgentVersion": "3.232.1",
   "author": "Rhys Koedijk",
   "version": {
     "Major": 0,

From 3e3f6bdb978f2e155ee5496d07697e5759ca0e90 Mon Sep 17 00:00:00 2001
From: Rhys Koedijk <rhys@koedijk.co.nz>
Date: Thu, 21 Nov 2024 22:05:27 +1300
Subject: [PATCH 3/4] Require minimum server API version 5.0

---
 vss-extension.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vss-extension.json b/vss-extension.json
index c9a95e0..b3082dc 100644
--- a/vss-extension.json
+++ b/vss-extension.json
@@ -13,6 +13,7 @@
       "id": "Microsoft.VisualStudio.Services"
     }
   ],
+  "demands": ["api-version/5.0"],
   "categories": ["Azure Pipelines"],
   "tags": [
     "sbom",

From 01ba0b492fdd36b5dbb1b68669624cf0e09cec7d Mon Sep 17 00:00:00 2001
From: Rhys Koedijk <rhys@koedijk.co.nz>
Date: Thu, 21 Nov 2024 22:06:12 +1300
Subject: [PATCH 4/4] Use server API version 5.0 with BuildRestClient

---
 ui/sbom-report-tab.tsx       |  3 +-
 ui/utils/BuildRestClient.tsx | 64 ++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 ui/utils/BuildRestClient.tsx

diff --git a/ui/sbom-report-tab.tsx b/ui/sbom-report-tab.tsx
index 2a169b2..a0f35c6 100644
--- a/ui/sbom-report-tab.tsx
+++ b/ui/sbom-report-tab.tsx
@@ -3,13 +3,14 @@ import * as React from 'react';
 import * as ReactDOM from 'react-dom';
 
 import { CommonServiceIds, getClient, IProjectPageService } from 'azure-devops-extension-api';
-import { BuildRestClient, BuildServiceIds, IBuildPageDataService } from 'azure-devops-extension-api/Build';
+import { BuildServiceIds, IBuildPageDataService } from 'azure-devops-extension-api/Build';
 import { Spinner } from 'azure-devops-ui/Spinner';
 import { ZeroData } from 'azure-devops-ui/ZeroData';
 
 import { SpdxDocumentPage } from './components/SpdxDocumentPage';
 import { ISpdx22Document } from './models/Spdx22';
 
+import { BuildRestClient } from './utils/BuildRestClient';
 import './utils/StringExtensions';
 
 import './sbom-report-tab.scss';
diff --git a/ui/utils/BuildRestClient.tsx b/ui/utils/BuildRestClient.tsx
new file mode 100644
index 0000000..1d0ff25
--- /dev/null
+++ b/ui/utils/BuildRestClient.tsx
@@ -0,0 +1,64 @@
+import { IVssRestClientOptions } from 'azure-devops-extension-api/Common';
+import { RestClientBase } from 'azure-devops-extension-api/Common/RestClientBase';
+
+import * as Build from 'azure-devops-extension-api/Build';
+
+export class BuildRestClient extends RestClientBase {
+  constructor(options: IVssRestClientOptions) {
+    super(options);
+  }
+
+  public static readonly API_VERSION = '5.0';
+
+  /**
+   * Gets the list of attachments of a specific type that are associated with a build.
+   *
+   * @param project - Project ID or project name
+   * @param buildId - The ID of the build.
+   * @param type - The type of attachment.
+   */
+  public async getAttachments(project: string, buildId: number, type: string): Promise<Build.Attachment[]> {
+    return this.beginRequest<Build.Attachment[]>({
+      apiVersion: BuildRestClient.API_VERSION,
+      routeTemplate: '{project}/_apis/build/builds/{buildId}/attachments/{type}',
+      routeValues: {
+        project: project,
+        buildId: buildId,
+        type: type,
+      },
+    });
+  }
+
+  /**
+   * Gets a specific attachment.
+   *
+   * @param project - Project ID or project name
+   * @param buildId - The ID of the build.
+   * @param timelineId - The ID of the timeline.
+   * @param recordId - The ID of the timeline record.
+   * @param type - The type of the attachment.
+   * @param name - The name of the attachment.
+   */
+  public async getAttachment(
+    project: string,
+    buildId: number,
+    timelineId: string,
+    recordId: string,
+    type: string,
+    name: string,
+  ): Promise<ArrayBuffer> {
+    return this.beginRequest<ArrayBuffer>({
+      apiVersion: BuildRestClient.API_VERSION,
+      httpResponseType: 'application/octet-stream',
+      routeTemplate: '{project}/_apis/build/builds/{buildId}/{timelineId}/{recordId}/attachments/{type}/{name}',
+      routeValues: {
+        project: project,
+        buildId: buildId,
+        timelineId: timelineId,
+        recordId: recordId,
+        type: type,
+        name: name,
+      },
+    });
+  }
+}