From d1d587bf1aaa84d2c99ee52b44ad5c3bbb7738fc Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Mon, 12 Feb 2024 15:27:39 -0800
Subject: [PATCH 01/26] [ci] Migrate to the 1ES template

Context: https://aka.ms/1espt

The build pipeline has been updated to extend the 1ES pipeline template,
which will keep the pipeline up to date with the latest compliance and
security requirements.

Compliance tasks and scans will run automatically as part of artifact
upload steps, which are now referred to as "outputs".  Template outputs
have replaced all instances of the `PublishPipelineArtifact` task.
---
 azure-pipelines.yml | 623 +++++++++++++++++++++++---------------------
 1 file changed, 326 insertions(+), 297 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index ff3ae3cc..e760bd67 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -3,6 +3,7 @@ trigger:
     include:
       - main
       - refs/tags/*
+
 resources:
   repositories:
     - repository: internal-templates
@@ -10,309 +11,337 @@ resources:
       name: xamarin/yaml-templates
       endpoint: xamarin
       ref: refs/heads/main
+    - repository: 1esPipelines
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+parameters:
+  - name: OneLocSourceBranch
+    default: refs/heads/main
+
 variables:
   - group: Xamarin-Secrets
   - name: DisablePipelineConfigDetector
     value: true
-stages:
-  - stage: Build
-    jobs:
-    - job: buildWindows
-      pool:
-        name: AzurePipelines-EO
-        demands:
-        - ImageOverride -equals AzurePipelinesWindows2022compliant
-      variables:
-        Codeql.Enabled: true
-      steps:
-        - script: |
-            echo "Hello"
-            git submodule update --init --recursive
-          displayName: "Update Submodules"
-        - script: |
-            build_windows.bat
-          displayName: "Build"
-        - task: ArchiveFiles@2
-          inputs:
-            rootFolderOrFile: lzsbuild\lib\win32\RelWithDebInfo\
-            includeRootFolder: false
-            archiveType: 7z
-            replaceExistingArchive: true
-            archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x86.7z
-        - task: ArchiveFiles@2
-          inputs:
-            rootFolderOrFile: lzsbuild\lib\win64\RelWithDebInfo\
-            includeRootFolder: false
-            archiveType: 7z
-            replaceExistingArchive: true
-            archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x64.7z
-        - task: ArchiveFiles@2
-          inputs:
-            rootFolderOrFile: lzsbuild\lib\winarm64\RelWithDebInfo\
-            includeRootFolder: false
-            archiveType: 7z
-            replaceExistingArchive: true
-            archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-arm-x64.7z
-        - task: PublishBuildArtifacts@1
-          displayName: upload artifacts
-          inputs:
-            artifactName: 'native'
-            pathtoPublish: $(Build.ArtifactStagingDirectory)
-    - job: buildLinux
-      pool:
-        name: AzurePipelines-EO
-        demands:
-        - ImageOverride -equals AzurePipelinesUbuntu18.04compliant
-      variables:
-        Codeql.Enabled: true
-      steps:
-        - bash: |
-            sudo dpkg --add-architecture i386
-            sudo apt -y update
-            sudo apt -f -u install ninja-build -y
-            git submodule update --init --recursive
-          displayName: 'Install Tools'
-        - bash: |
-            ./build.sh -v
-          displayName: 'Build Linux x64'
-        - task: ArchiveFiles@2
-          inputs:
-            rootFolderOrFile: lzsbuild/lib/Linux/
-            includeRootFolder: false
-            archiveType: 7z
-            replaceExistingArchive: true
-            archiveFile: $(Build.ArtifactStagingDirectory)/libzip-linux-x64.7z
-        - task: PublishBuildArtifacts@1
-          displayName: upload artifacts
-          inputs:
-            artifactName: 'native'
-            pathtoPublish: $(Build.ArtifactStagingDirectory)
-    - job: buildMacOS
-      dependsOn:
-        - buildlinux
-        - buildWindows
-      pool:
-        vmImage: internal-macos-11
-      variables:
-        Codeql.Enabled: true
-      steps:
-        - bash: |
-            brew install ninja
-            git submodule update --init --recursive
-          displayName: 'Install toolchain'
-        - bash: |
-            ./build.sh -v
-            mkdir -p lzsbuild/lib/Linux
-            mkdir -p lzsbuild/lib/win64
-            mkdir -p lzsbuild/lib/win32
-            find lzsbuild -name '*ZipSharpNative*'
-          displayName: 'Build native'
-        - task: DownloadBuildArtifacts@0
-          displayName: download artifacts
-          inputs:
-            artifactName: native
-            downloadPath: $(Build.ArtifactStagingDirectory)
-        - task: ExtractFiles@1
-          displayName: Extract 64 bit Linux native
-          inputs:
-            archiveFilePatterns: $(Build.ArtifactStagingDirectory)/native/libzip-linux-x64.7z
-            destinationFolder: lzsbuild/lib/Linux
-        - task: ExtractFiles@1
-          displayName: Extract 64 bit Windows native
-          inputs:
-            archiveFilePatterns: $(Build.ArtifactStagingDirectory)/native/libzip-windows-x64.7z
-            destinationFolder: lzsbuild/lib/win64
-        - task: ExtractFiles@1
-          displayName: Extract 64 bit ARM Windows native
-          inputs:
-            archiveFilePatterns: $(Build.ArtifactStagingDirectory)/native/libzip-windows-arm-x64.7z
-            destinationFolder: lzsbuild/lib/winarm64
-        - task: ExtractFiles@1
-          displayName: Extract 32 bit Windows native
-          inputs:
-            archiveFilePatterns: $(Build.ArtifactStagingDirectory)/native/libzip-windows-x86.7z
-            destinationFolder: lzsbuild/lib/win32
-        - bash: |
-            rm $(Build.ArtifactStagingDirectory)/native/libzip-linux-*.7z
-            rm $(Build.ArtifactStagingDirectory)/native/libzip-windows-*.7z
-          displayName: 'Find libzip'
-        - task: DotNetCoreCLI@2
-          displayName: 'Build solution libZipSharp.csproj'
-          inputs:
-            projects:  LibZipSharp/libZipSharp.csproj
-            configuration: Release
-            arguments: -v:diag -p:RunningOnCI=true
-        - task: DotNetCoreCLI@2
-          displayName: NuGet pack libZipSharp
-          inputs:
-            projects:  LibZipSharp/libZipSharp.csproj
-            configuration: Release
-            arguments: -t:Pack
-        - task: CopyFiles@2
-          displayName: Copy nupkg
-          inputs:
-            contents: 'LibZipSharp/*.nupkg'
-            flattenFolders: true
-            targetFolder: $(Build.ArtifactStagingDirectory)
-        - task: CopyFiles@2
-          displayName: Copy SignList
-          inputs:
-            contents: 'SignList.xml'
-            targetFolder: $(Build.ArtifactStagingDirectory)
-        - task: CopyFiles@2
-          displayName: Copy snupkg
-          inputs:
-            contents: 'LibZipSharp/*.snupkg'
-            flattenFolders: true
-            targetFolder: $(Build.ArtifactStagingDirectory)
-        - task: PublishBuildArtifacts@1
-          displayName: upload artifacts
-          inputs:
-            artifactName: 'nuget'
-            pathtoPublish: $(Build.ArtifactStagingDirectory)
-  - stage: Test
-    dependsOn: Build
-    variables:
-      DotNetCoreVersion: 3.1.201
-      DotNetVersion: 7.0.203
-    jobs:
-    - job: testlinux
-      displayName: 'Test Linux'
-      pool:
-        name: AzurePipelines-EO
-        demands:
-        - ImageOverride -equals AzurePipelinesUbuntu18.04compliant
-      steps:
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetCoreVersion)
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetVersion)
-        - task: DownloadBuildArtifacts@0
-          displayName: download artifacts
-          inputs:
-            artifactName: NuGet
-            downloadPath: $(Build.SourcesDirectory)
-        - task: DotNetCoreCLI@2
-          displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
-          inputs:
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
-        - task: DotNetCoreCLI@2
-          displayName: 'Run Unit tests for .net'
-          inputs:
-            command: test
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
-    - job: testmacos
-      displayName: 'Test MacOS'
-      pool:
-        vmImage: internal-macos-11
-      steps:
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetCoreVersion)
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetVersion)
-        - task: DownloadBuildArtifacts@0
-          displayName: download artifacts
-          inputs:
-            artifactName: NuGet
-            downloadPath: $(Build.SourcesDirectory)
-        - task: DotNetCoreCLI@2
-          displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
-          inputs:
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
-        - task: DotNetCoreCLI@2
-          displayName: 'Run Tests under .net'
-          inputs:
-            command: test
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
-    - job: testwindows
-      displayName: 'Test Windows'
-      pool:
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
+  parameters:
+    sdl:
+      sourceAnalysisPool:
         name: AzurePipelines-EO
-        demands:
-        - ImageOverride -equals AzurePipelinesWindows2022compliant
-      steps:
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetCoreVersion)
-        - template: yaml-templates/use-dot-net.yaml
-          parameters:
-            version: $(DotNetVersion)
-        - task: DownloadBuildArtifacts@0
-          displayName: download artifacts
-          inputs:
-            artifactName: NuGet
-            downloadPath: $(Build.SourcesDirectory)
-        - task: DotNetCoreCLI@2
-          displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
-          inputs:
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
-        - task: DotNetCoreCLI@2
-          displayName: 'Run Tests LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
-          inputs:
-            command: test
-            projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
-            configuration: Release
-            arguments: -p:ReferenceNuget=True -v:diag
+        image: AzurePipelinesWindows2022compliantGPT
+    stages:
+      - stage: Build
+        jobs:
+        - job: buildWindows
+          pool:
+            name: AzurePipelines-EO
+            image: AzurePipelinesWindows2022compliantGPT
+          variables:
+            Codeql.Enabled: true
+          templateContext:
+            outputs:
+            - output: pipelineArtifact
+              displayName: upload artifacts
+              artifactName: native - windows
+              targetPath: $(Build.ArtifactStagingDirectory)
+          steps:
+            - script: |
+                echo "Hello"
+                git submodule update --init --recursive
+              displayName: "Update Submodules"
+            - script: |
+                build_windows.bat
+              displayName: "Build"
+            - task: ArchiveFiles@2
+              inputs:
+                rootFolderOrFile: lzsbuild\lib\win32\RelWithDebInfo\
+                includeRootFolder: false
+                archiveType: 7z
+                replaceExistingArchive: true
+                archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x86.7z
+            - task: ArchiveFiles@2
+              inputs:
+                rootFolderOrFile: lzsbuild\lib\win64\RelWithDebInfo\
+                includeRootFolder: false
+                archiveType: 7z
+                replaceExistingArchive: true
+                archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-x64.7z
+            - task: ArchiveFiles@2
+              inputs:
+                rootFolderOrFile: lzsbuild\lib\winarm64\RelWithDebInfo\
+                includeRootFolder: false
+                archiveType: 7z
+                replaceExistingArchive: true
+                archiveFile: $(Build.ArtifactStagingDirectory)\libzip-windows-arm-x64.7z
+
+        - job: buildLinux
+          pool:
+            name: AzurePipelines-EO
+            image: AzurePipelinesUbuntu22.04compliantGPT
+            os: linux
+          templateContext:
+            outputs:
+            - output: pipelineArtifact
+              displayName: upload artifacts
+              artifactName: native - linux
+              targetPath: $(Build.ArtifactStagingDirectory)
+          steps:
+            - bash: |
+                sudo dpkg --add-architecture i386
+                sudo apt -y update
+                sudo apt -f -u install ninja-build -y
+                git submodule update --init --recursive
+              displayName: 'Install Tools'
+            - bash: |
+                ./build.sh -v
+              displayName: 'Build Linux x64'
+            - task: ArchiveFiles@2
+              inputs:
+                rootFolderOrFile: lzsbuild/lib/Linux/
+                includeRootFolder: false
+                archiveType: 7z
+                replaceExistingArchive: true
+                archiveFile: $(Build.ArtifactStagingDirectory)/libzip-linux-x64.7z
 
-  - stage: Publish
-    dependsOn: Test
-    condition: eq(variables['System.TeamProject'], 'devdiv') # only sign the packages when running on Windows, and using the private server which has the certificates
-    jobs:
-    - template: sign-artifacts/jobs/v2.yml@internal-templates
-      parameters:
-        signListPath: 'SignList.xml'
-        condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')
+        - job: buildMacOS
+          dependsOn:
+            - buildlinux
+            - buildWindows
+          pool:
+            name: Azure Pipelines
+            vmImage: macOS-12
+            os: macOS
+          templateContext:
+            outputs:
+            - output: pipelineArtifact
+              displayName: upload artifacts
+              artifactName: nuget
+              targetPath: $(Build.ArtifactStagingDirectory)
+          steps:
+            - bash: |
+                brew install ninja
+                git submodule update --init --recursive
+              displayName: 'Install toolchain'
+            - bash: |
+                ./build.sh -v
+                mkdir -p lzsbuild/lib/Linux
+                mkdir -p lzsbuild/lib/win64
+                mkdir -p lzsbuild/lib/win32
+                find lzsbuild -name '*ZipSharpNative*'
+              displayName: 'Build native'
+            - task: DownloadPipelineArtifact@2
+              displayName: download windows artifacts
+              inputs:
+                artifactName: native - windows
+                downloadPath: $(Build.ArtifactStagingDirectory)
+            - task: DownloadPipelineArtifact@2
+              displayName: download linux artifacts
+              inputs:
+                artifactName: native - linux
+                downloadPath: $(Build.ArtifactStagingDirectory)
+            - task: ExtractFiles@1
+              displayName: Extract 64 bit Linux native
+              inputs:
+                archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-linux-x64.7z
+                destinationFolder: lzsbuild/lib/Linux
+            - task: ExtractFiles@1
+              displayName: Extract 64 bit Windows native
+              inputs:
+                archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-x64.7z
+                destinationFolder: lzsbuild/lib/win64
+            - task: ExtractFiles@1
+              displayName: Extract 64 bit ARM Windows native
+              inputs:
+                archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-arm-x64.7z
+                destinationFolder: lzsbuild/lib/winarm64
+            - task: ExtractFiles@1
+              displayName: Extract 32 bit Windows native
+              inputs:
+                archiveFilePatterns: $(Build.ArtifactStagingDirectory)/libzip-windows-x86.7z
+                destinationFolder: lzsbuild/lib/win32
+            - bash: |
+                rm $(Build.ArtifactStagingDirectory)/libzip-linux-*.7z
+                rm $(Build.ArtifactStagingDirectory)/libzip-windows-*.7z
+              displayName: 'Find libzip'
+            - task: DotNetCoreCLI@2
+              displayName: 'Build solution libZipSharp.csproj'
+              inputs:
+                projects:  LibZipSharp/libZipSharp.csproj
+                configuration: Release
+                arguments: -v:diag -p:RunningOnCI=true
+            - task: DotNetCoreCLI@2
+              displayName: NuGet pack libZipSharp
+              inputs:
+                projects:  LibZipSharp/libZipSharp.csproj
+                configuration: Release
+                arguments: -t:Pack
+            - task: CopyFiles@2
+              displayName: Copy nupkg
+              inputs:
+                contents: 'LibZipSharp/*.nupkg'
+                flattenFolders: true
+                targetFolder: $(Build.ArtifactStagingDirectory)
+            - task: CopyFiles@2
+              displayName: Copy SignList
+              inputs:
+                contents: 'SignList.xml'
+                targetFolder: $(Build.ArtifactStagingDirectory)
+            - task: CopyFiles@2
+              displayName: Copy snupkg
+              inputs:
+                contents: 'LibZipSharp/*.snupkg'
+                flattenFolders: true
+                targetFolder: $(Build.ArtifactStagingDirectory)
 
-  - stage: Localization
-    dependsOn: []
-    condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    jobs:
-    - job: OneLocBuild
-      displayName: OneLocBuild
-      pool: VSEngSS-MicroBuild2022-1ES
-      timeoutInMinutes: 30
-      variables:
-      - group: Xamarin-Secrets
-      workspace:
-        clean: all
-      steps:
-      - checkout: self
-        clean: true
+      - stage: Test
+        dependsOn: Build
+        variables:
+          DotNetCoreVersion: 3.1.201
+          DotNetVersion: 7.0.203
+        jobs:
+        - job: testlinux
+          displayName: 'Test Linux'
+          pool:
+            name: AzurePipelines-EO
+            image: AzurePipelinesUbuntu22.04compliantGPT
+            os: linux
+          steps:
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetCoreVersion)
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetVersion)
+            - task: DownloadPipelineArtifact@2
+              displayName: download artifacts
+              inputs:
+                artifactName: nuget
+                downloadPath: $(Build.SourcesDirectory)
+            - task: DotNetCoreCLI@2
+              displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
+              inputs:
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+            - task: DotNetCoreCLI@2
+              displayName: 'Run Unit tests for .net'
+              inputs:
+                command: test
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+
+        - job: testmacos
+          displayName: 'Test MacOS'
+          pool:
+            name: Azure Pipelines
+            vmImage: macOS-12
+            os: macOS
+          steps:
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetCoreVersion)
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetVersion)
+            - task: DownloadPipelineArtifact@2
+              displayName: download artifacts
+              inputs:
+                artifactName: nuget
+                downloadPath: $(Build.SourcesDirectory)
+            - task: DotNetCoreCLI@2
+              displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
+              inputs:
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+            - task: DotNetCoreCLI@2
+              displayName: 'Run Tests under .net'
+              inputs:
+                command: test
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+
+        - job: testwindows
+          displayName: 'Test Windows'
+          pool:
+            name: AzurePipelines-EO
+            image: AzurePipelinesWindows2022compliantGPT
+          steps:
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetCoreVersion)
+            - template: yaml-templates/use-dot-net.yaml
+              parameters:
+                version: $(DotNetVersion)
+            - task: DownloadPipelineArtifact@2
+              displayName: download artifacts
+              inputs:
+                artifactName: nuget
+                downloadPath: $(Build.SourcesDirectory)
+            - task: DotNetCoreCLI@2
+              displayName: 'Build solution LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
+              inputs:
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+            - task: DotNetCoreCLI@2
+              displayName: 'Run Tests LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj'
+              inputs:
+                command: test
+                projects:  LibZipSharp.UnitTest/LibZipSharp.UnitTest.csproj
+                configuration: Release
+                arguments: -p:ReferenceNuget=True -v:diag
+
+      - stage: Publish
+        dependsOn: Test
+        condition: eq(variables['System.TeamProject'], 'devdiv') # only sign the packages when running on Windows, and using the private server which has the certificates
+        jobs:
+        - template: sign-artifacts/jobs/v2.yml@internal-templates
+          parameters:
+            signListPath: 'SignList.xml'
+            condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')
 
-      - task: OneLocBuild@2
-        displayName: OneLocBuild
-        env:
-          SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-        inputs:
-          locProj: Localize/LocProject.json
-          outDir: $(Build.StagingDirectory)
-          packageSourceAuth: patAuth
-          patVariable: $(OneLocBuild--PAT)
-          isCreatePrSelected: true
-          repoType: gitHub
-          gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)
-          prSourceBranchPrefix: locpr
-          isShouldReusePrSelected: true
-          isAutoCompletePrSelected: false
-          isUseLfLineEndingsSelected: true
+      - stage: Localization
+        dependsOn: []
+        condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], '${{ parameters.OneLocSourceBranch }}'))
+        jobs:
+        - job: OneLocBuild
+          displayName: OneLocBuild
+          pool: VSEngSS-MicroBuild2022-1ES
+          timeoutInMinutes: 30
+          variables:
+          - group: Xamarin-Secrets
+          workspace:
+            clean: all
+          templateContext:
+            outputs:
+            - output: pipelineArtifact
+              displayName: Publish Localization Files
+              condition: succeededOrFailed()
+              targetPath: $(Build.StagingDirectory)/loc
+              artifactName: Loc
+          steps:
+          - checkout: self
+            clean: true
 
-      - task: PublishBuildArtifacts@1
-        displayName: Publish Localization Files
-        inputs:
-          PathtoPublish: $(Build.StagingDirectory)/loc
-          ArtifactName: Loc
-        condition: succeededOrFailed()
+          - task: OneLocBuild@2
+            displayName: OneLocBuild
+            env:
+              SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            inputs:
+              locProj: Localize/LocProject.json
+              outDir: $(Build.StagingDirectory)
+              packageSourceAuth: patAuth
+              patVariable: $(OneLocBuild--PAT)
+              isCreatePrSelected: true
+              repoType: gitHub
+              gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)
+              prSourceBranchPrefix: locpr
+              isShouldReusePrSelected: true
+              isAutoCompletePrSelected: false
+              isUseLfLineEndingsSelected: true

From ef91123c0ff357a3abe54b9c2a7f470a58acb759 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Mon, 12 Feb 2024 15:43:43 -0800
Subject: [PATCH 02/26] Use self template reference

---
 azure-pipelines.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e760bd67..648cdc75 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -209,10 +209,10 @@ extends:
             image: AzurePipelinesUbuntu22.04compliantGPT
             os: linux
           steps:
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetCoreVersion)
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetVersion)
             - task: DownloadPipelineArtifact@2
@@ -241,10 +241,10 @@ extends:
             vmImage: macOS-12
             os: macOS
           steps:
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetCoreVersion)
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetVersion)
             - task: DownloadPipelineArtifact@2
@@ -272,10 +272,10 @@ extends:
             name: AzurePipelines-EO
             image: AzurePipelinesWindows2022compliantGPT
           steps:
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetCoreVersion)
-            - template: yaml-templates/use-dot-net.yaml
+            - template: yaml-templates/use-dot-net.yaml@self
               parameters:
                 version: $(DotNetVersion)
             - task: DownloadPipelineArtifact@2

From f6194562348c88705f6b5e1b5eab269ccdc150b5 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 13 Feb 2024 11:27:13 -0800
Subject: [PATCH 03/26] Test 1es-sign-artifacts yaml branch

---
 azure-pipelines.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 648cdc75..30854791 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -10,7 +10,7 @@ resources:
       type: github
       name: xamarin/yaml-templates
       endpoint: xamarin
-      ref: refs/heads/main
+      ref: refs/heads/dev/pjc/1es-sign-artifacts
     - repository: 1esPipelines
       type: git
       name: 1ESPipelineTemplates/1ESPipelineTemplates
@@ -303,6 +303,8 @@ extends:
         jobs:
         - template: sign-artifacts/jobs/v2.yml@internal-templates
           parameters:
+            usePipelineArtifactTasks: true
+            use1ESArtifactTasks: true
             signListPath: 'SignList.xml'
             condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')
 

From 89d23cb03bc1a950b8fef957ce77aae16fda9fe8 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 13 Feb 2024 12:08:52 -0800
Subject: [PATCH 04/26] Set compiler/linker flags

---
 CMakeLists.txt    | 1 -
 build_windows.bat | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f1d5c5db..d75d7b35 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -576,7 +576,6 @@ else()
     target_link_options(
       ${PROJECT_NAME}
       PRIVATE
-      /PROFILE
       /wholearchive:$<TARGET_FILE:zip>
       )
   endif()
diff --git a/build_windows.bat b/build_windows.bat
index 412e6ff0..13bddc93 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -18,6 +18,7 @@ set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 
 set CONFIG=RelWithDebInfo
 set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
+set CXXFLAGS="/Qspectre /sdl"
 
 echo Common cmake params: %COMMON_CMAKE_PARAMS%
 echo 32-bit dependencies artifacts dir: %ARTIFACTS_DIR_ROOT_32%
@@ -130,6 +131,7 @@ mkdir "%LIB_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
 	-B "%LIB_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
+	-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT" ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^

From 5d7db830c39ac75d690cde210c7ba3610cd200b1 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 13 Feb 2024 12:36:27 -0800
Subject: [PATCH 05/26] Test removal of xz submodule

---
 .gitmodules | 7 -------
 external/xz | 1 -
 2 files changed, 8 deletions(-)
 delete mode 160000 external/xz

diff --git a/.gitmodules b/.gitmodules
index 1730679f..f2937195 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -12,11 +12,6 @@
 	path = external/bzip2
 	url = https://sourceware.org/git/bzip2.git
 	branch = master
-[submodule "external/xz"]
-	path = external/xz
-	url = https://git.tukaani.org/xz.git
-	branch = master
-
 [submodule "zlib"]
 	path = external/zlib
 	url = https://github.com/madler/zlib.git
@@ -24,5 +19,3 @@
 [submodule "external/zstd"]
 	path = external/zstd
 	url = https://github.com/facebook/zstd.git
-[submodule "https://git.tukaani.org/xz.git"]
-	url = external/xz
diff --git a/external/xz b/external/xz
deleted file mode 160000
index 18b845e6..00000000
--- a/external/xz
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 18b845e69752c975dfeda418ec00eda22605c2ee

From 0d079f0220124811d25902d926e9943e5e9f106a Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 13 Feb 2024 14:52:26 -0800
Subject: [PATCH 06/26] Update flags

---
 build_windows.bat | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/build_windows.bat b/build_windows.bat
index 13bddc93..d1e628e5 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -17,8 +17,8 @@ set ARTIFACTS_DIR_ROOT_32=%ARTIFACTS_DIR_ROOT%\win32
 set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 
 set CONFIG=RelWithDebInfo
-set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
-set CXXFLAGS="/Qspectre /sdl"
+set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022" -DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
+set CXXFLAGS="/Qspectre /sdl /guard:cf"
 
 echo Common cmake params: %COMMON_CMAKE_PARAMS%
 echo 32-bit dependencies artifacts dir: %ARTIFACTS_DIR_ROOT_32%
@@ -131,7 +131,6 @@ mkdir "%LIB_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
 	-B "%LIB_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
-	-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT" ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^

From 6078e4b6d505d082f6ecbdc5ed43d1ff574cbc26 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 13 Feb 2024 15:34:48 -0800
Subject: [PATCH 07/26] Update flags

---
 build_windows.bat | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/build_windows.bat b/build_windows.bat
index d1e628e5..e1c674a2 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -17,7 +17,10 @@ set ARTIFACTS_DIR_ROOT_32=%ARTIFACTS_DIR_ROOT%\win32
 set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 
 set CONFIG=RelWithDebInfo
-set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022" -DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
+set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
+
+set LINKER_PARAMS="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
+set LINKER_PARAMS_ARM64="/PROFILE /DYNAMICBASE /guard:cf"
 set CXXFLAGS="/Qspectre /sdl /guard:cf"
 
 echo Common cmake params: %COMMON_CMAKE_PARAMS%
@@ -49,6 +52,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_64%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A x64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -67,6 +71,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_ARM64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_ARM64%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS_ARM64%" ^
 	-A arm64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -85,6 +90,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A Win32 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -104,6 +110,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_64%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A x64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -119,6 +126,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_ARM64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_ARM64%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS_ARM64%" ^
 	-A arm64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -134,6 +142,7 @@ cmake %COMMON_CMAKE_PARAMS% ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^
+	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A Win32 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%

From 24ab13f2affcf6cf48a2e6a7cc0803a7b2a430c9 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 12:05:49 -0800
Subject: [PATCH 08/26] Test template pivot

---
 azure-pipelines.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 30854791..da17caec 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -26,7 +26,10 @@ variables:
     value: true
 
 extends:
-  template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
+  ${{ if eq(variables['Build.Reason'], 'Manual') }}:
+    template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
+  ${{ else }}:
+    template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
   parameters:
     sdl:
       sourceAnalysisPool:

From e6131069b6bb4d65518836c3e4b7866c2a7f79ba Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:13:14 -0800
Subject: [PATCH 09/26] Add scan suppressions

---
 .gdn/.gdnsettings |  7 +++++++
 .gdn/.gdnsuppress | 28 ++++++++++++++++++++++++++++
 .gdn/.gitignore   | 11 +++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 .gdn/.gdnsettings
 create mode 100644 .gdn/.gdnsuppress
 create mode 100644 .gdn/.gitignore

diff --git a/.gdn/.gdnsettings b/.gdn/.gdnsettings
new file mode 100644
index 00000000..44fcd8e4
--- /dev/null
+++ b/.gdn/.gdnsettings
@@ -0,0 +1,7 @@
+{
+  "files": { },
+  "folders": { },
+  "overwriteLogs": true,
+  "telemetryFlushTimeout": 10,
+  "variables": { }
+}
\ No newline at end of file
diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
new file mode 100644
index 00000000..acc99a21
--- /dev/null
+++ b/.gdn/.gdnsuppress
@@ -0,0 +1,28 @@
+{
+  "hydrated": false,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "suppressionSets": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-02-13 23:43:02Z",
+      "lastUpdatedDate": "2024-02-13 23:43:02Z"
+    }
+  },
+  "results": {
+    "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e": {
+      "signature": "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e",
+      "alternativeSignatures": [
+        "f7e9384d5be4600dadfdbeceff23d1468f682e9d6998ce6d54f9379bbe1e535a"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external vcpkg .ps1 file.",
+      "createdDate": "2024-02-13 23:43:02Z"
+    }
+  }
+}
\ No newline at end of file
diff --git a/.gdn/.gitignore b/.gdn/.gitignore
new file mode 100644
index 00000000..decb1055
--- /dev/null
+++ b/.gdn/.gitignore
@@ -0,0 +1,11 @@
+## Ignore Guardian internal files
+.r/
+rc/
+rs/
+i/
+p/
+c/
+o/
+
+## Ignore Guardian Local settings
+LocalSettings.gdn.json
\ No newline at end of file

From 29a2e069c918cc4b2ffdad022a6822da68952b92 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:16:32 -0800
Subject: [PATCH 10/26] Use main templates branch

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index da17caec..cedc4af9 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -10,7 +10,7 @@ resources:
       type: github
       name: xamarin/yaml-templates
       endpoint: xamarin
-      ref: refs/heads/dev/pjc/1es-sign-artifacts
+      ref: refs/heads/main
     - repository: 1esPipelines
       type: git
       name: 1ESPipelineTemplates/1ESPipelineTemplates
@@ -307,7 +307,7 @@ extends:
         - template: sign-artifacts/jobs/v2.yml@internal-templates
           parameters:
             usePipelineArtifactTasks: true
-            use1ESArtifactTasks: true
+            use1ESTemplate: true
             signListPath: 'SignList.xml'
             condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')
 

From b830c8ab6d675527c8425c827e18b8e448cc2b43 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:27:17 -0800
Subject: [PATCH 11/26] Import more suppressions

---
 .gdn/.gdnsuppress | 396 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 396 insertions(+)

diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
index acc99a21..32581891 100644
--- a/.gdn/.gdnsuppress
+++ b/.gdn/.gdnsuppress
@@ -23,6 +23,402 @@
       ],
       "justification": "Reference to an external vcpkg .ps1 file.",
       "createdDate": "2024-02-13 23:43:02Z"
+    },
+    "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625": {
+      "signature": "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625",
+      "alternativeSignatures": [
+        "59a87f4e078c6ab72fe39adc6139c86d18cddbcd40221114c4a683666bcaadf4"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "5de03a75690304a14d72fbda42973d7eaf8d2fa3719b0ba9d923748eaf5f9c30": {
+      "signature": "5de03a75690304a14d72fbda42973d7eaf8d2fa3719b0ba9d923748eaf5f9c30",
+      "alternativeSignatures": [
+        "ce37089bcd078cf92143b539ff9e1613e0764c4ef33edd42f9061b2f9521f9e1"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "db23c01102a9a14bcccc30bf88ccfeee2ac83b2e609805ba92a56bea7dab221d": {
+      "signature": "db23c01102a9a14bcccc30bf88ccfeee2ac83b2e609805ba92a56bea7dab221d",
+      "alternativeSignatures": [
+        "abdcc158618eba3857576f08d4cdb83f5398b76c1cf56b1f3e02c32a37eb0a84"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "8da940fdab098cc33decf40e50364a917fa8de121823766d4cae004afdf22a3b": {
+      "signature": "8da940fdab098cc33decf40e50364a917fa8de121823766d4cae004afdf22a3b",
+      "alternativeSignatures": [
+        "7f7452f2cdf62ab9364dc7b5a73a2b6835638a3c610041594d669f9e2ce7a14e"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7": {
+      "signature": "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7",
+      "alternativeSignatures": [
+        "cf7a67d41e8f7415d089d7007de01417f73c41b842480682686b6b326042ef12"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "3e8dfae2195ff4be25bd3f9bee6d8ece4ca8968721939ae782bb6e457a4d380d": {
+      "signature": "3e8dfae2195ff4be25bd3f9bee6d8ece4ca8968721939ae782bb6e457a4d380d",
+      "alternativeSignatures": [
+        "e46a0369af1448c0687939055da27468e0acf34717487aaac58ead0d8269ec64"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "ec6168596417c7c80e639853d78bddbe9c52c925651ba205ee987b452def85e4": {
+      "signature": "ec6168596417c7c80e639853d78bddbe9c52c925651ba205ee987b452def85e4",
+      "alternativeSignatures": [
+        "343e78730252722241edfd687d643a5be92f66c94c0fe9c9247ee7eab88659a5"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "c8ba595436f022c75cb7893998c04b64bfefd966c556bf9400e52b338b7a43cb": {
+      "signature": "c8ba595436f022c75cb7893998c04b64bfefd966c556bf9400e52b338b7a43cb",
+      "alternativeSignatures": [
+        "17eaf5f69758d026b80bcb626982a29b26c78639db323185f33db8cccd84ae8b"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7": {
+      "signature": "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7",
+      "alternativeSignatures": [
+        "34132c90cef21d1559d791ca3374054b3498293e9af99ebaf0a97ebdf2117359"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "3c986c795cdc8d1a8bb7acbc24deda0379c05358076ad0e1a32f41df1b256bdd": {
+      "signature": "3c986c795cdc8d1a8bb7acbc24deda0379c05358076ad0e1a32f41df1b256bdd",
+      "alternativeSignatures": [
+        "b0e6adca846c6b74ccac6796037214de01c20ba2747cc9dff45496227824a875"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "011aca82cb8cfe1dbea4a8a6b80a25607d6dec9cdbac3597e523163912350420": {
+      "signature": "011aca82cb8cfe1dbea4a8a6b80a25607d6dec9cdbac3597e523163912350420",
+      "alternativeSignatures": [
+        "eef6518900464a839f05e7cc40d02cf8327e6b7759addbe887177390a51eddf3"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "46fda418b503d171bfb3682c7147b92baef31a79071436757d001bcb3ad4b54e": {
+      "signature": "46fda418b503d171bfb3682c7147b92baef31a79071436757d001bcb3ad4b54e",
+      "alternativeSignatures": [
+        "4727374690e2dd8bdc0343899bf51ea556438427a248cb068b2b8e7bbb62114d"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "12286527b005d88dd92adf2660ba351817fa98cb74e80f555c2c32c5d2adf738": {
+      "signature": "12286527b005d88dd92adf2660ba351817fa98cb74e80f555c2c32c5d2adf738",
+      "alternativeSignatures": [
+        "c3dec11b91174756f9d91e2ca3d5d5168b06696448bb296b9dcbb1faa52fbd55"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf": {
+      "signature": "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf",
+      "alternativeSignatures": [
+        "3b8cc35f6043d60895fc2b58aa0e340f26168e7276e77d32a2290ce8f52e87a7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "cc78cb9617ca7af85f4e3c4b66b69eceb2f29a4c288137d7605680fb7e53c2a3": {
+      "signature": "cc78cb9617ca7af85f4e3c4b66b69eceb2f29a4c288137d7605680fb7e53c2a3",
+      "alternativeSignatures": [
+        "fbd4e6e38b3845ffc0b9bdedac9c2ce0d50d084d03ad4d0742651812e6874ff5"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "6cdc0d3a20d2f088ecd23fc670de3a8f7bb5508c1b07a7cf1fff1ac99553730c": {
+      "signature": "6cdc0d3a20d2f088ecd23fc670de3a8f7bb5508c1b07a7cf1fff1ac99553730c",
+      "alternativeSignatures": [
+        "bb76fb1e8954e583891849c15b627113c7fb539971a5e5ca860b502f740e2a49"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "de33f70e911e390d996a4a308f9b4408f6a8214406728e3c445d248d82f8ff1a": {
+      "signature": "de33f70e911e390d996a4a308f9b4408f6a8214406728e3c445d248d82f8ff1a",
+      "alternativeSignatures": [
+        "7d1dff24ec0e9a88726beb96e07983aefa5b91ccbdbb5e4912f6a1dde34654c0"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9": {
+      "signature": "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9",
+      "alternativeSignatures": [
+        "c319ab28b12c0772a32e11a1b8adfbf5d31d940c26f65d547508fbbe067479c7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "1e06dca2e60e8622f7ab1b6d423829a45efd79275e2d04d3b7e59e90a33ab23f": {
+      "signature": "1e06dca2e60e8622f7ab1b6d423829a45efd79275e2d04d3b7e59e90a33ab23f",
+      "alternativeSignatures": [
+        "39c7a88b040cff3482c94e4fbeb6364916e57407b50dcaaa3caac5b5c82e2f54"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "fa9ab2615b17451b8be359729cbb2033d6b751055f1d5507d410a9970fa7b6b9": {
+      "signature": "fa9ab2615b17451b8be359729cbb2033d6b751055f1d5507d410a9970fa7b6b9",
+      "alternativeSignatures": [
+        "1bfcb8fc5f208a70423fe991a2164b47bae0b1c5a82fbff7be1f697af9a80d57"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "7829029d09896ea48155d39aeb7a276362ec333577a412b4361e3f8c732d77d9": {
+      "signature": "7829029d09896ea48155d39aeb7a276362ec333577a412b4361e3f8c732d77d9",
+      "alternativeSignatures": [
+        "350163c77a00a7bb7ed3832ece99c9b6998bf27dbe208e0dde6063114312ee13"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d": {
+      "signature": "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d",
+      "alternativeSignatures": [
+        "b6cd355613757ef82eba700719a1957211688374b0841271340c10a65ca913ba"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "bd38e663d8369975f5316d23deb644cc0cfa497eaaa67be0ff4481034449f5e1": {
+      "signature": "bd38e663d8369975f5316d23deb644cc0cfa497eaaa67be0ff4481034449f5e1",
+      "alternativeSignatures": [
+        "58d85902d6fb46a3b3e3134486a43278b8aae8d545b239f67d5e871814d367a2"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "7879c1c8cf92a1865ce7cecb206d8617f80f52515bd89cc2cebb2c6686464969": {
+      "signature": "7879c1c8cf92a1865ce7cecb206d8617f80f52515bd89cc2cebb2c6686464969",
+      "alternativeSignatures": [
+        "ed778799240957f92667a905346a8e9fb57dab582391d94652b12772c37ba475"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "00159b5fc8f7210ae119a64eb9b3d362eb27a4abc410a215e65a49e7570e3b40": {
+      "signature": "00159b5fc8f7210ae119a64eb9b3d362eb27a4abc410a215e65a49e7570e3b40",
+      "alternativeSignatures": [
+        "4b0e5cf7e1237b5597239632a5567fe76da6fe70caececa7a6024ea90a24bafd"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "df77635c5a3c4c2473f0ad93e579e4e4b24e0e4b17d3ed4f31640b1b91183ab2": {
+      "signature": "df77635c5a3c4c2473f0ad93e579e4e4b24e0e4b17d3ed4f31640b1b91183ab2",
+      "alternativeSignatures": [
+        "d01d7181bc09d681265646a3275310262609dbb4d070a86ebadf633b1f346c12"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337": {
+      "signature": "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337",
+      "alternativeSignatures": [
+        "4cc6ffe05f61e35bd7fa57a5a4b4f82d050e684f11e15ce6eade601aa86d2b11"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "1d051fae63e09ea932afddcc15ad701601e88febcff9f6f3bd3bb43b2b0013ad": {
+      "signature": "1d051fae63e09ea932afddcc15ad701601e88febcff9f6f3bd3bb43b2b0013ad",
+      "alternativeSignatures": [
+        "8f31d55c4c3ed10ad02c2e4d12464e3b94b77d86edc2935ace667abbd00b9131"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "ffa0c79114b0b79189a00bd57a00957a4aa63460964bc07f84f2b5363d5a58a6": {
+      "signature": "ffa0c79114b0b79189a00bd57a00957a4aa63460964bc07f84f2b5363d5a58a6",
+      "alternativeSignatures": [
+        "d914a6e06fa0050f1567d6ea23d8c5ac943106e09aa24c459a4c0d455f515eea"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256": {
+      "signature": "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256",
+      "alternativeSignatures": [
+        "13987557036db098921cee21a62d8dc557c4e4136a10220442388eb2f9f18607"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "1170328835cbf3ad28b03a4fdfc2cd7a928249fe0a50e7759031d311963413d4": {
+      "signature": "1170328835cbf3ad28b03a4fdfc2cd7a928249fe0a50e7759031d311963413d4",
+      "alternativeSignatures": [
+        "82875a950fea566c9730aa3296478ef9abad3f1231bd80959986a77f29c1acac"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "271feb22f700d2e09dd4b801f3c29d30f34893be4424d38e35de609d09d87c68": {
+      "signature": "271feb22f700d2e09dd4b801f3c29d30f34893be4424d38e35de609d09d87c68",
+      "alternativeSignatures": [
+        "61d3030143cf31b8485595afe07a84bf62f0c44601cd7621fe565f51c3348654"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9": {
+      "signature": "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9",
+      "alternativeSignatures": [
+        "d2dc95e0c5edbdb8ddf1de2e9585c7d55cc1a529edc5c3319da8ed818dc72abf"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "8b44c0c90346ba907ed150c7a506edacfc80128518e0a6d9f9c8b620512370e9": {
+      "signature": "8b44c0c90346ba907ed150c7a506edacfc80128518e0a6d9f9c8b620512370e9",
+      "alternativeSignatures": [
+        "ec7f34139c5004a583358345a8f5d7eaa061efc656e7b8e76c8bed9d38fd23c0"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "c87bc9f7b945ff1cb266377ae78d0bc261460afa6fb94a20573b5b13d5475b83": {
+      "signature": "c87bc9f7b945ff1cb266377ae78d0bc261460afa6fb94a20573b5b13d5475b83",
+      "alternativeSignatures": [
+        "c7b51f6d8f8170de4c1e7e1128b855ec4979ec9a9910db04453a163ce2984544"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
+    },
+    "39fbd14600da0545bcb702c3f754c904b5ccf5ed55062fcc526f2e61391496c5": {
+      "signature": "39fbd14600da0545bcb702c3f754c904b5ccf5ed55062fcc526f2e61391496c5",
+      "alternativeSignatures": [
+        "1db2e9df279406e82a30a1f302b5b063f6e77bfda5b329f3f397ae6767cf9c7d"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
+      "createdDate": "2024-02-14 20:40:55Z"
     }
   }
 }
\ No newline at end of file

From f73315578ee3d7752facac79b00fd70280b7a830 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:49:05 -0800
Subject: [PATCH 12/26] Bump to xz 5.4.6

---
 .gitmodules | 3 +++
 external/xz | 1 +
 2 files changed, 4 insertions(+)
 create mode 160000 external/xz

diff --git a/.gitmodules b/.gitmodules
index f2937195..111242e6 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -12,6 +12,9 @@
 	path = external/bzip2
 	url = https://sourceware.org/git/bzip2.git
 	branch = master
+[submodule "external/xz"]
+	path = external/xz
+	url = https://git.tukaani.org/xz.git
 [submodule "zlib"]
 	path = external/zlib
 	url = https://github.com/madler/zlib.git
diff --git a/external/xz b/external/xz
new file mode 160000
index 00000000..6e8732c5
--- /dev/null
+++ b/external/xz
@@ -0,0 +1 @@
+Subproject commit 6e8732c5a317a349986a4078718f1d95b67072c5

From b6561219d779bfc90ba2f082e2a26d67393b4b34 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:55:55 -0800
Subject: [PATCH 13/26] Update .gdn

---
 .gdn/.gdnsettings | 2 +-
 .gdn/.gdnsuppress | 2 +-
 .gdn/.gitignore   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gdn/.gdnsettings b/.gdn/.gdnsettings
index 44fcd8e4..9ebd4133 100644
--- a/.gdn/.gdnsettings
+++ b/.gdn/.gdnsettings
@@ -4,4 +4,4 @@
   "overwriteLogs": true,
   "telemetryFlushTimeout": 10,
   "variables": { }
-}
\ No newline at end of file
+}
diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
index 32581891..3fe2bce2 100644
--- a/.gdn/.gdnsuppress
+++ b/.gdn/.gdnsuppress
@@ -421,4 +421,4 @@
       "createdDate": "2024-02-14 20:40:55Z"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/.gdn/.gitignore b/.gdn/.gitignore
index decb1055..de1a20ab 100644
--- a/.gdn/.gitignore
+++ b/.gdn/.gitignore
@@ -8,4 +8,4 @@ c/
 o/
 
 ## Ignore Guardian Local settings
-LocalSettings.gdn.json
\ No newline at end of file
+LocalSettings.gdn.json

From f827a17790f33da93a77fe1e65d07e787e664286 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 13:58:37 -0800
Subject: [PATCH 14/26] Use github.com/tukaani-project/xz

---
 .gitmodules | 2 +-
 external/xz | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index 111242e6..916d5ebd 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -14,7 +14,7 @@
 	branch = master
 [submodule "external/xz"]
 	path = external/xz
-	url = https://git.tukaani.org/xz.git
+	url = https://github.com/tukaani-project/xz
 [submodule "zlib"]
 	path = external/zlib
 	url = https://github.com/madler/zlib.git
diff --git a/external/xz b/external/xz
index 6e8732c5..18b845e6 160000
--- a/external/xz
+++ b/external/xz
@@ -1 +1 @@
-Subproject commit 6e8732c5a317a349986a4078718f1d95b67072c5
+Subproject commit 18b845e69752c975dfeda418ec00eda22605c2ee

From 7b81d9f1ac7d9773451b7b7ba150acd8cd4b1201 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 14:08:24 -0800
Subject: [PATCH 15/26] Update suppressions path

---
 azure-pipelines.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index cedc4af9..4c6147fe 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -26,12 +26,16 @@ variables:
     value: true
 
 extends:
-  ${{ if eq(variables['Build.Reason'], 'Manual') }}:
-    template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
-  ${{ else }}:
+  ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
     template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
+  ${{ else }}:
+    template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
   parameters:
     sdl:
+      ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
+        enableAllTools: false
+      suppression:
+        suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
       sourceAnalysisPool:
         name: AzurePipelines-EO
         image: AzurePipelinesWindows2022compliantGPT

From 50fd865f87aedf6090f673039e8ae87a48b7d12d Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 16:55:24 -0800
Subject: [PATCH 16/26] Update conditions and cl/link flags

---
 azure-pipelines.yml | 30 ++++++++++++++++++------------
 build_windows.bat   | 28 +++++++++++++++++++---------
 2 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 4c6147fe..5fef4443 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -17,25 +17,31 @@ resources:
       ref: refs/tags/release
 
 parameters:
-  - name: OneLocSourceBranch
-    default: refs/heads/main
+- name: OneLocSourceBranch
+  default: refs/heads/main
+- name: Skip1ESComplianceTasks
+  default: false
+- name: SignArtifacts
+  default: false
 
 variables:
-  - group: Xamarin-Secrets
-  - name: DisablePipelineConfigDetector
-    value: true
+- group: Xamarin-Secrets
+- name: DisablePipelineConfigDetector
+  value: true
 
 extends:
-  ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
+  ${{ if or(eq(variables['Build.Reason'], 'PullRequest'), eq('${{ parameters.Skip1ESComplianceTasks }}', 'true')) }}:
     template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
   ${{ else }}:
     template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
   parameters:
     sdl:
-      ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
+      ${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}:
         enableAllTools: false
-      suppression:
-        suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
+      codeql:
+        runSourceLanguagesInSourceAnalysis: true
+      #suppression:
+        #suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
       sourceAnalysisPool:
         name: AzurePipelines-EO
         image: AzurePipelinesWindows2022compliantGPT
@@ -305,15 +311,15 @@ extends:
                 arguments: -p:ReferenceNuget=True -v:diag
 
       - stage: Publish
-        dependsOn: Test
-        condition: eq(variables['System.TeamProject'], 'devdiv') # only sign the packages when running on Windows, and using the private server which has the certificates
+        dependsOn: Build
+        condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(variables['System.TeamProject'], 'devdiv')) # only sign the packages when running on Windows, and using the private server which has the certificates
         jobs:
         - template: sign-artifacts/jobs/v2.yml@internal-templates
           parameters:
             usePipelineArtifactTasks: true
             use1ESTemplate: true
             signListPath: 'SignList.xml'
-            condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')
+            condition: or(startsWith(variables['Build.SourceBranch'], 'refs/tags/'), eq('${{ parameters.SignArtifacts }}', 'true'))
 
       - stage: Localization
         dependsOn: []
diff --git a/build_windows.bat b/build_windows.bat
index e1c674a2..f6ca7728 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -19,9 +19,10 @@ set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 set CONFIG=RelWithDebInfo
 set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
 
-set LINKER_PARAMS="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
-set LINKER_PARAMS_ARM64="/PROFILE /DYNAMICBASE /guard:cf"
-set CXXFLAGS="/Qspectre /sdl /guard:cf"
+set CPARAMS=-DCMAKE_C_FLAGS_INIT="/Qspectre /sdl /guard:cf"
+set CXXPARAMS=-DCMAKE_CXX_FLAGS_INIT="/W3"
+set LINKER_PARAMS=-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
+set LINKER_PARAMS_ARM64=-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /guard:cf"
 
 echo Common cmake params: %COMMON_CMAKE_PARAMS%
 echo 32-bit dependencies artifacts dir: %ARTIFACTS_DIR_ROOT_32%
@@ -47,12 +48,13 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_64%" ^
 	-DVCPKG_TARGET_TRIPLET=x64-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_64%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A x64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -66,12 +68,13 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit arm deps
 mkdir "%DEPS_BUILD_DIR_ROOT_ARM64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%LINKER_PARAMS_ARM64% ^
 	-B "%DEPS_BUILD_DIR_ROOT_ARM64%" ^
 	-DVCPKG_TARGET_TRIPLET=arm-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_ARM64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_ARM64%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS_ARM64%" ^
 	-A arm64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -85,12 +88,13 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 32-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A Win32 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -105,12 +109,14 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit library
 mkdir "%LIB_BUILD_DIR_ROOT_64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%LIB_BUILD_DIR_ROOT_64%" ^
 	-DVCPKG_TARGET_TRIPLET=x64-windows-static ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_64%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A x64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -121,12 +127,14 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit arm library
 mkdir "%LIB_BUILD_DIR_ROOT_ARM64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS_ARM64% ^
 	-B "%LIB_BUILD_DIR_ROOT_ARM64%" ^
 	-DVCPKG_TARGET_TRIPLET=arm-windows-static ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_ARM64%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_ARM64%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS_ARM64%" ^
 	-A arm64 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%
@@ -137,12 +145,14 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 32-bit library
 mkdir "%LIB_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%LIB_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
 	-DBUILD_LIBZIP=ON ^
 	"-DARTIFACTS_ROOT_DIR=%ARTIFACTS_DIR_ROOT_32%" ^
 	"-DCMAKE_INSTALL_PREFIX=%ARTIFACTS_DIR_ROOT_32%" ^
-	"-DCMAKE_EXE_LINKER_FLAGS_INIT=%LINKER_PARAMS%" ^
 	-A Win32 .
 
 if %errorlevel% neq 0 exit /b %errorlevel%

From e4ff0654367538afc2fbd062ad9bc308f4a5fcbd Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 17:13:31 -0800
Subject: [PATCH 17/26] Update cl/link flags

---
 azure-pipelines.yml | 4 ++--
 build_windows.bat   | 6 ------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 5fef4443..87b48885 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -40,8 +40,8 @@ extends:
         enableAllTools: false
       codeql:
         runSourceLanguagesInSourceAnalysis: true
-      #suppression:
-        #suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
+      suppression:
+        suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
       sourceAnalysisPool:
         name: AzurePipelines-EO
         image: AzurePipelinesWindows2022compliantGPT
diff --git a/build_windows.bat b/build_windows.bat
index f6ca7728..52652815 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -48,8 +48,6 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_64%"
 cmake %COMMON_CMAKE_PARAMS% ^
-	%CPARAMS% ^
-	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_64%" ^
 	-DVCPKG_TARGET_TRIPLET=x64-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
@@ -68,8 +66,6 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit arm deps
 mkdir "%DEPS_BUILD_DIR_ROOT_ARM64%"
 cmake %COMMON_CMAKE_PARAMS% ^
-	%CPARAMS% ^
-	%LINKER_PARAMS_ARM64% ^
 	-B "%DEPS_BUILD_DIR_ROOT_ARM64%" ^
 	-DVCPKG_TARGET_TRIPLET=arm-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
@@ -88,8 +84,6 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 32-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
-	%CPARAMS% ^
-	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^

From aea380b893ef2453db2140c19a329c31ce27ee0d Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 14 Feb 2024 18:40:24 -0800
Subject: [PATCH 18/26] Update flags

---
 azure-pipelines.yml |  2 +-
 build_windows.bat   | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 87b48885..52537566 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -41,7 +41,7 @@ extends:
       codeql:
         runSourceLanguagesInSourceAnalysis: true
       suppression:
-        suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress
+        suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
       sourceAnalysisPool:
         name: AzurePipelines-EO
         image: AzurePipelinesWindows2022compliantGPT
diff --git a/build_windows.bat b/build_windows.bat
index 52652815..615edbd6 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -19,7 +19,8 @@ set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 set CONFIG=RelWithDebInfo
 set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
 
-set CPARAMS=-DCMAKE_C_FLAGS_INIT="/Qspectre /sdl /guard:cf"
+set CPARAMS_DEPS=-DCMAKE_C_FLAGS_INIT="/Qspectre /guard:cf"
+set CPARAMS=-DCMAKE_C_FLAGS_INIT="/Qspectre /guard:cf /sdl"
 set CXXPARAMS=-DCMAKE_CXX_FLAGS_INIT="/W3"
 set LINKER_PARAMS=-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"
 set LINKER_PARAMS_ARM64=-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /guard:cf"
@@ -48,6 +49,9 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS_DEPS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_64%" ^
 	-DVCPKG_TARGET_TRIPLET=x64-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
@@ -66,6 +70,9 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 64-bit arm deps
 mkdir "%DEPS_BUILD_DIR_ROOT_ARM64%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS_DEPS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS_ARM64% ^
 	-B "%DEPS_BUILD_DIR_ROOT_ARM64%" ^
 	-DVCPKG_TARGET_TRIPLET=arm-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^
@@ -84,6 +91,9 @@ if %errorlevel% neq 0 exit /b %errorlevel%
 REM 32-bit deps
 mkdir "%DEPS_BUILD_DIR_ROOT_32%"
 cmake %COMMON_CMAKE_PARAMS% ^
+	%CPARAMS_DEPS% ^
+	%CXXPARAMS% ^
+	%LINKER_PARAMS% ^
 	-B "%DEPS_BUILD_DIR_ROOT_32%" ^
 	-DVCPKG_TARGET_TRIPLET=x86-windows-static ^
 	-DBUILD_DEPENDENCIES=ON ^

From f24596ce5dca341ede904f9905890427796d48e0 Mon Sep 17 00:00:00 2001
From: Marek Habersack <grendel@twistedcode.net>
Date: Thu, 15 Feb 2024 19:11:32 +0100
Subject: [PATCH 19/26] Try a different way to pass args to submodules

---
 CMakeLists.txt | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d75d7b35..f3169b7f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -228,7 +228,20 @@ if(UNIX)
     LINKER:-z,relro
     LINKER:-z,noexecstack
     LINKER:--no-undefined
-    )
+  )
+else()
+  set(COMMON_COMPILE_OPTIONS
+    /Qspectre
+    /guard:cf
+    /sdl
+  )
+
+  set(LINKER_OPTIONS
+    LINKER:/PROFILE
+    LINKER:/DYNAMICBASE
+    LINKER:/CETCOMPAT
+    LINKER:/guard:cf
+  )
 endif()
 
 if(APPLE AND BUILD_LIBZIP)

From 8bae15fb57471bfd34733e8f0d61728af65626ed Mon Sep 17 00:00:00 2001
From: Marek Habersack <grendel@twistedcode.net>
Date: Thu, 15 Feb 2024 20:21:24 +0100
Subject: [PATCH 20/26] Disable a warning we can't do much about

---
 CMakeLists.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f3169b7f..c38d1ba8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -234,6 +234,7 @@ else()
     /Qspectre
     /guard:cf
     /sdl
+    /wd4996
   )
 
   set(LINKER_OPTIONS

From 20311047ceab922ad18f69b24be149c50d047437 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Thu, 15 Feb 2024 11:56:38 -0800
Subject: [PATCH 21/26] Update gdnsuppress:

---
 .gdn/.gdnsuppress | 406 ++--------------------------------------------
 1 file changed, 16 insertions(+), 390 deletions(-)

diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
index 3fe2bce2..b4dd19a6 100644
--- a/.gdn/.gdnsuppress
+++ b/.gdn/.gdnsuppress
@@ -9,416 +9,42 @@
     "default": {
       "name": "default",
       "createdDate": "2024-02-13 23:43:02Z",
-      "lastUpdatedDate": "2024-02-13 23:43:02Z"
+      "lastUpdatedDate": "2024-02-15 19:39:18Z"
     }
   },
   "results": {
-    "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e": {
-      "signature": "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e",
+    "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af": {
+      "signature": "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af",
       "alternativeSignatures": [
-        "f7e9384d5be4600dadfdbeceff23d1468f682e9d6998ce6d54f9379bbe1e535a"
+        "ff4304de20e5d510170ae65c7fe48212f33fcfa5c0a3d8a45eee175c04101153"
       ],
       "memberOf": [
         "default"
       ],
-      "justification": "Reference to an external vcpkg .ps1 file.",
-      "createdDate": "2024-02-13 23:43:02Z"
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
     },
-    "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625": {
-      "signature": "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625",
+    "47d725f1446c35b0410c9774133d814fd3200f89bc0857bd81df4ac73ffcb90e": {
+      "signature": "47d725f1446c35b0410c9774133d814fd3200f89bc0857bd81df4ac73ffcb90e",
       "alternativeSignatures": [
-        "59a87f4e078c6ab72fe39adc6139c86d18cddbcd40221114c4a683666bcaadf4"
+        "4394b51c48c696764500c59f00680af353a9a744a82906347a413359f9cfd452"
       ],
       "memberOf": [
         "default"
       ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
     },
-    "5de03a75690304a14d72fbda42973d7eaf8d2fa3719b0ba9d923748eaf5f9c30": {
-      "signature": "5de03a75690304a14d72fbda42973d7eaf8d2fa3719b0ba9d923748eaf5f9c30",
+    "5f3b04604481e5a1f6a33d01a244db1fc6b2fd02b3b078cf7dfe6cc04e076276": {
+      "signature": "5f3b04604481e5a1f6a33d01a244db1fc6b2fd02b3b078cf7dfe6cc04e076276",
       "alternativeSignatures": [
-        "ce37089bcd078cf92143b539ff9e1613e0764c4ef33edd42f9061b2f9521f9e1"
+        "ba25311c4c43e2873bee240e8c4c68682272eb5bc58c97339791be287e8c96a2"
       ],
       "memberOf": [
         "default"
       ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "db23c01102a9a14bcccc30bf88ccfeee2ac83b2e609805ba92a56bea7dab221d": {
-      "signature": "db23c01102a9a14bcccc30bf88ccfeee2ac83b2e609805ba92a56bea7dab221d",
-      "alternativeSignatures": [
-        "abdcc158618eba3857576f08d4cdb83f5398b76c1cf56b1f3e02c32a37eb0a84"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "8da940fdab098cc33decf40e50364a917fa8de121823766d4cae004afdf22a3b": {
-      "signature": "8da940fdab098cc33decf40e50364a917fa8de121823766d4cae004afdf22a3b",
-      "alternativeSignatures": [
-        "7f7452f2cdf62ab9364dc7b5a73a2b6835638a3c610041594d669f9e2ce7a14e"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7": {
-      "signature": "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7",
-      "alternativeSignatures": [
-        "cf7a67d41e8f7415d089d7007de01417f73c41b842480682686b6b326042ef12"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "3e8dfae2195ff4be25bd3f9bee6d8ece4ca8968721939ae782bb6e457a4d380d": {
-      "signature": "3e8dfae2195ff4be25bd3f9bee6d8ece4ca8968721939ae782bb6e457a4d380d",
-      "alternativeSignatures": [
-        "e46a0369af1448c0687939055da27468e0acf34717487aaac58ead0d8269ec64"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "ec6168596417c7c80e639853d78bddbe9c52c925651ba205ee987b452def85e4": {
-      "signature": "ec6168596417c7c80e639853d78bddbe9c52c925651ba205ee987b452def85e4",
-      "alternativeSignatures": [
-        "343e78730252722241edfd687d643a5be92f66c94c0fe9c9247ee7eab88659a5"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "c8ba595436f022c75cb7893998c04b64bfefd966c556bf9400e52b338b7a43cb": {
-      "signature": "c8ba595436f022c75cb7893998c04b64bfefd966c556bf9400e52b338b7a43cb",
-      "alternativeSignatures": [
-        "17eaf5f69758d026b80bcb626982a29b26c78639db323185f33db8cccd84ae8b"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7": {
-      "signature": "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7",
-      "alternativeSignatures": [
-        "34132c90cef21d1559d791ca3374054b3498293e9af99ebaf0a97ebdf2117359"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "3c986c795cdc8d1a8bb7acbc24deda0379c05358076ad0e1a32f41df1b256bdd": {
-      "signature": "3c986c795cdc8d1a8bb7acbc24deda0379c05358076ad0e1a32f41df1b256bdd",
-      "alternativeSignatures": [
-        "b0e6adca846c6b74ccac6796037214de01c20ba2747cc9dff45496227824a875"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "011aca82cb8cfe1dbea4a8a6b80a25607d6dec9cdbac3597e523163912350420": {
-      "signature": "011aca82cb8cfe1dbea4a8a6b80a25607d6dec9cdbac3597e523163912350420",
-      "alternativeSignatures": [
-        "eef6518900464a839f05e7cc40d02cf8327e6b7759addbe887177390a51eddf3"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "46fda418b503d171bfb3682c7147b92baef31a79071436757d001bcb3ad4b54e": {
-      "signature": "46fda418b503d171bfb3682c7147b92baef31a79071436757d001bcb3ad4b54e",
-      "alternativeSignatures": [
-        "4727374690e2dd8bdc0343899bf51ea556438427a248cb068b2b8e7bbb62114d"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "12286527b005d88dd92adf2660ba351817fa98cb74e80f555c2c32c5d2adf738": {
-      "signature": "12286527b005d88dd92adf2660ba351817fa98cb74e80f555c2c32c5d2adf738",
-      "alternativeSignatures": [
-        "c3dec11b91174756f9d91e2ca3d5d5168b06696448bb296b9dcbb1faa52fbd55"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf": {
-      "signature": "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf",
-      "alternativeSignatures": [
-        "3b8cc35f6043d60895fc2b58aa0e340f26168e7276e77d32a2290ce8f52e87a7"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "cc78cb9617ca7af85f4e3c4b66b69eceb2f29a4c288137d7605680fb7e53c2a3": {
-      "signature": "cc78cb9617ca7af85f4e3c4b66b69eceb2f29a4c288137d7605680fb7e53c2a3",
-      "alternativeSignatures": [
-        "fbd4e6e38b3845ffc0b9bdedac9c2ce0d50d084d03ad4d0742651812e6874ff5"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "6cdc0d3a20d2f088ecd23fc670de3a8f7bb5508c1b07a7cf1fff1ac99553730c": {
-      "signature": "6cdc0d3a20d2f088ecd23fc670de3a8f7bb5508c1b07a7cf1fff1ac99553730c",
-      "alternativeSignatures": [
-        "bb76fb1e8954e583891849c15b627113c7fb539971a5e5ca860b502f740e2a49"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "de33f70e911e390d996a4a308f9b4408f6a8214406728e3c445d248d82f8ff1a": {
-      "signature": "de33f70e911e390d996a4a308f9b4408f6a8214406728e3c445d248d82f8ff1a",
-      "alternativeSignatures": [
-        "7d1dff24ec0e9a88726beb96e07983aefa5b91ccbdbb5e4912f6a1dde34654c0"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9": {
-      "signature": "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9",
-      "alternativeSignatures": [
-        "c319ab28b12c0772a32e11a1b8adfbf5d31d940c26f65d547508fbbe067479c7"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "1e06dca2e60e8622f7ab1b6d423829a45efd79275e2d04d3b7e59e90a33ab23f": {
-      "signature": "1e06dca2e60e8622f7ab1b6d423829a45efd79275e2d04d3b7e59e90a33ab23f",
-      "alternativeSignatures": [
-        "39c7a88b040cff3482c94e4fbeb6364916e57407b50dcaaa3caac5b5c82e2f54"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "fa9ab2615b17451b8be359729cbb2033d6b751055f1d5507d410a9970fa7b6b9": {
-      "signature": "fa9ab2615b17451b8be359729cbb2033d6b751055f1d5507d410a9970fa7b6b9",
-      "alternativeSignatures": [
-        "1bfcb8fc5f208a70423fe991a2164b47bae0b1c5a82fbff7be1f697af9a80d57"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "7829029d09896ea48155d39aeb7a276362ec333577a412b4361e3f8c732d77d9": {
-      "signature": "7829029d09896ea48155d39aeb7a276362ec333577a412b4361e3f8c732d77d9",
-      "alternativeSignatures": [
-        "350163c77a00a7bb7ed3832ece99c9b6998bf27dbe208e0dde6063114312ee13"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d": {
-      "signature": "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d",
-      "alternativeSignatures": [
-        "b6cd355613757ef82eba700719a1957211688374b0841271340c10a65ca913ba"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "bd38e663d8369975f5316d23deb644cc0cfa497eaaa67be0ff4481034449f5e1": {
-      "signature": "bd38e663d8369975f5316d23deb644cc0cfa497eaaa67be0ff4481034449f5e1",
-      "alternativeSignatures": [
-        "58d85902d6fb46a3b3e3134486a43278b8aae8d545b239f67d5e871814d367a2"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "7879c1c8cf92a1865ce7cecb206d8617f80f52515bd89cc2cebb2c6686464969": {
-      "signature": "7879c1c8cf92a1865ce7cecb206d8617f80f52515bd89cc2cebb2c6686464969",
-      "alternativeSignatures": [
-        "ed778799240957f92667a905346a8e9fb57dab582391d94652b12772c37ba475"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "00159b5fc8f7210ae119a64eb9b3d362eb27a4abc410a215e65a49e7570e3b40": {
-      "signature": "00159b5fc8f7210ae119a64eb9b3d362eb27a4abc410a215e65a49e7570e3b40",
-      "alternativeSignatures": [
-        "4b0e5cf7e1237b5597239632a5567fe76da6fe70caececa7a6024ea90a24bafd"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "df77635c5a3c4c2473f0ad93e579e4e4b24e0e4b17d3ed4f31640b1b91183ab2": {
-      "signature": "df77635c5a3c4c2473f0ad93e579e4e4b24e0e4b17d3ed4f31640b1b91183ab2",
-      "alternativeSignatures": [
-        "d01d7181bc09d681265646a3275310262609dbb4d070a86ebadf633b1f346c12"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337": {
-      "signature": "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337",
-      "alternativeSignatures": [
-        "4cc6ffe05f61e35bd7fa57a5a4b4f82d050e684f11e15ce6eade601aa86d2b11"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "1d051fae63e09ea932afddcc15ad701601e88febcff9f6f3bd3bb43b2b0013ad": {
-      "signature": "1d051fae63e09ea932afddcc15ad701601e88febcff9f6f3bd3bb43b2b0013ad",
-      "alternativeSignatures": [
-        "8f31d55c4c3ed10ad02c2e4d12464e3b94b77d86edc2935ace667abbd00b9131"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "ffa0c79114b0b79189a00bd57a00957a4aa63460964bc07f84f2b5363d5a58a6": {
-      "signature": "ffa0c79114b0b79189a00bd57a00957a4aa63460964bc07f84f2b5363d5a58a6",
-      "alternativeSignatures": [
-        "d914a6e06fa0050f1567d6ea23d8c5ac943106e09aa24c459a4c0d455f515eea"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'example.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256": {
-      "signature": "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256",
-      "alternativeSignatures": [
-        "13987557036db098921cee21a62d8dc557c4e4136a10220442388eb2f9f18607"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "1170328835cbf3ad28b03a4fdfc2cd7a928249fe0a50e7759031d311963413d4": {
-      "signature": "1170328835cbf3ad28b03a4fdfc2cd7a928249fe0a50e7759031d311963413d4",
-      "alternativeSignatures": [
-        "82875a950fea566c9730aa3296478ef9abad3f1231bd80959986a77f29c1acac"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "271feb22f700d2e09dd4b801f3c29d30f34893be4424d38e35de609d09d87c68": {
-      "signature": "271feb22f700d2e09dd4b801f3c29d30f34893be4424d38e35de609d09d87c68",
-      "alternativeSignatures": [
-        "61d3030143cf31b8485595afe07a84bf62f0c44601cd7621fe565f51c3348654"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'minigzip.exe'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9": {
-      "signature": "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9",
-      "alternativeSignatures": [
-        "d2dc95e0c5edbdb8ddf1de2e9585c7d55cc1a529edc5c3319da8ed818dc72abf"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "8b44c0c90346ba907ed150c7a506edacfc80128518e0a6d9f9c8b620512370e9": {
-      "signature": "8b44c0c90346ba907ed150c7a506edacfc80128518e0a6d9f9c8b620512370e9",
-      "alternativeSignatures": [
-        "ec7f34139c5004a583358345a8f5d7eaa061efc656e7b8e76c8bed9d38fd23c0"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "c87bc9f7b945ff1cb266377ae78d0bc261460afa6fb94a20573b5b13d5475b83": {
-      "signature": "c87bc9f7b945ff1cb266377ae78d0bc261460afa6fb94a20573b5b13d5475b83",
-      "alternativeSignatures": [
-        "c7b51f6d8f8170de4c1e7e1128b855ec4979ec9a9910db04453a163ce2984544"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
-    },
-    "39fbd14600da0545bcb702c3f754c904b5ccf5ed55062fcc526f2e61391496c5": {
-      "signature": "39fbd14600da0545bcb702c3f754c904b5ccf5ed55062fcc526f2e61391496c5",
-      "alternativeSignatures": [
-        "1db2e9df279406e82a30a1f302b5b063f6e77bfda5b329f3f397ae6767cf9c7d"
-      ],
-      "memberOf": [
-        "default"
-      ],
-      "justification": "Reference to an external lzsbuild/deps file 'zlib.dll'.",
-      "createdDate": "2024-02-14 20:40:55Z"
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
     }
   }
 }

From 6ed902f1c754b955915dd9b2f18ab7ee29be825c Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Thu, 15 Feb 2024 12:53:49 -0800
Subject: [PATCH 22/26] Update build_windows, gdnsuppress

---
 .gdn/.gdnsuppress | 101 +++++++++++++++++++++++++++++++++++++++++++++-
 build_windows.bat |   2 +-
 2 files changed, 101 insertions(+), 2 deletions(-)

diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
index b4dd19a6..7847d5e8 100644
--- a/.gdn/.gdnsuppress
+++ b/.gdn/.gdnsuppress
@@ -9,7 +9,7 @@
     "default": {
       "name": "default",
       "createdDate": "2024-02-13 23:43:02Z",
-      "lastUpdatedDate": "2024-02-15 19:39:18Z"
+      "lastUpdatedDate": "2024-02-15 20:19:17Z"
     }
   },
   "results": {
@@ -45,6 +45,105 @@
       ],
       "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
       "createdDate": "2024-02-15 19:39:18Z"
+    },
+    "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625": {
+      "signature": "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625",
+      "alternativeSignatures": [
+        "59a87f4e078c6ab72fe39adc6139c86d18cddbcd40221114c4a683666bcaadf4"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7": {
+      "signature": "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7",
+      "alternativeSignatures": [
+        "cf7a67d41e8f7415d089d7007de01417f73c41b842480682686b6b326042ef12"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7": {
+      "signature": "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7",
+      "alternativeSignatures": [
+        "34132c90cef21d1559d791ca3374054b3498293e9af99ebaf0a97ebdf2117359"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf": {
+      "signature": "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf",
+      "alternativeSignatures": [
+        "3b8cc35f6043d60895fc2b58aa0e340f26168e7276e77d32a2290ce8f52e87a7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9": {
+      "signature": "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9",
+      "alternativeSignatures": [
+        "c319ab28b12c0772a32e11a1b8adfbf5d31d940c26f65d547508fbbe067479c7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d": {
+      "signature": "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d",
+      "alternativeSignatures": [
+        "b6cd355613757ef82eba700719a1957211688374b0841271340c10a65ca913ba"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337": {
+      "signature": "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337",
+      "alternativeSignatures": [
+        "4cc6ffe05f61e35bd7fa57a5a4b4f82d050e684f11e15ce6eade601aa86d2b11"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256": {
+      "signature": "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256",
+      "alternativeSignatures": [
+        "13987557036db098921cee21a62d8dc557c4e4136a10220442388eb2f9f18607"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9": {
+      "signature": "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9",
+      "alternativeSignatures": [
+        "d2dc95e0c5edbdb8ddf1de2e9585c7d55cc1a529edc5c3319da8ed818dc72abf"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
     }
   }
 }
diff --git a/build_windows.bat b/build_windows.bat
index 615edbd6..d289c74d 100644
--- a/build_windows.bat
+++ b/build_windows.bat
@@ -19,7 +19,7 @@ set ARTIFACTS_DIR_ROOT_ARM64=%ARTIFACTS_DIR_ROOT%\winarm64
 set CONFIG=RelWithDebInfo
 set COMMON_CMAKE_PARAMS=-DCMAKE_BUILD_TYPE=%CONFIG% -G "Visual Studio 17 2022"
 
-set CPARAMS_DEPS=-DCMAKE_C_FLAGS_INIT="/Qspectre /guard:cf"
+set CPARAMS_DEPS=-DCMAKE_C_FLAGS_INIT="/Qspectre /guard:cf /sdl /wd4996"
 set CPARAMS=-DCMAKE_C_FLAGS_INIT="/Qspectre /guard:cf /sdl"
 set CXXPARAMS=-DCMAKE_CXX_FLAGS_INIT="/W3"
 set LINKER_PARAMS=-DCMAKE_EXE_LINKER_FLAGS_INIT="/PROFILE /DYNAMICBASE /CETCOMPAT /guard:cf"

From e7bfb1b0f865ff5bd5c24585556beba928ebb172 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Thu, 15 Feb 2024 13:43:53 -0800
Subject: [PATCH 23/26] Update gdnsuppress

---
 .gdn/.gdnsuppress | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.gdn/.gdnsuppress b/.gdn/.gdnsuppress
index 7847d5e8..db137921 100644
--- a/.gdn/.gdnsuppress
+++ b/.gdn/.gdnsuppress
@@ -13,6 +13,17 @@
     }
   },
   "results": {
+    "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e": {
+      "signature": "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e",
+      "alternativeSignatures": [
+        "f7e9384d5be4600dadfdbeceff23d1468f682e9d6998ce6d54f9379bbe1e535a"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external vcpkg .ps1 file.",
+      "createdDate": "2024-02-13 23:43:02Z"
+    },
     "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af": {
       "signature": "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af",
       "alternativeSignatures": [

From 85db0338ceed656f874f714c0e48894337e9bfd5 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 20 Feb 2024 14:42:44 -0800
Subject: [PATCH 24/26] Update build images

---
 azure-pipelines.yml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 52537566..9912e8de 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -28,6 +28,10 @@ variables:
 - group: Xamarin-Secrets
 - name: DisablePipelineConfigDetector
   value: true
+- name: WindowsPoolImage1ESPT
+  value: 1ESPT-Windows2022
+- name: LinuxPoolImage1ESPT
+  value: 1ESPT-Ubuntu22.04
 
 extends:
   ${{ if or(eq(variables['Build.Reason'], 'PullRequest'), eq('${{ parameters.Skip1ESComplianceTasks }}', 'true')) }}:
@@ -44,14 +48,16 @@ extends:
         suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
       sourceAnalysisPool:
         name: AzurePipelines-EO
-        image: AzurePipelinesWindows2022compliantGPT
+        image: $(WindowsPoolImage1ESPT)
+        os: windows
     stages:
       - stage: Build
         jobs:
         - job: buildWindows
           pool:
             name: AzurePipelines-EO
-            image: AzurePipelinesWindows2022compliantGPT
+            image: $(WindowsPoolImage1ESPT)
+            os: windows
           variables:
             Codeql.Enabled: true
           templateContext:
@@ -93,7 +99,7 @@ extends:
         - job: buildLinux
           pool:
             name: AzurePipelines-EO
-            image: AzurePipelinesUbuntu22.04compliantGPT
+            image: $(LinuxPoolImage1ESPT)
             os: linux
           templateContext:
             outputs:
@@ -219,7 +225,7 @@ extends:
           displayName: 'Test Linux'
           pool:
             name: AzurePipelines-EO
-            image: AzurePipelinesUbuntu22.04compliantGPT
+            image: $(LinuxPoolImage1ESPT)
             os: linux
           steps:
             - template: yaml-templates/use-dot-net.yaml@self
@@ -283,7 +289,8 @@ extends:
           displayName: 'Test Windows'
           pool:
             name: AzurePipelines-EO
-            image: AzurePipelinesWindows2022compliantGPT
+            image: $(WindowsPoolImage1ESPT)
+            os: windows
           steps:
             - template: yaml-templates/use-dot-net.yaml@self
               parameters:
@@ -312,14 +319,13 @@ extends:
 
       - stage: Publish
         dependsOn: Build
-        condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(variables['System.TeamProject'], 'devdiv')) # only sign the packages when running on Windows, and using the private server which has the certificates
+        condition: and(eq(dependencies.Build.result, 'Succeeded'), eq(variables['System.TeamProject'], 'devdiv'), or(startsWith(variables['Build.SourceBranch'], 'refs/tags/'), eq('${{ parameters.SignArtifacts }}', 'true'))) # only sign the packages when running on Windows, and using the private server which has the certificates
         jobs:
         - template: sign-artifacts/jobs/v2.yml@internal-templates
           parameters:
             usePipelineArtifactTasks: true
             use1ESTemplate: true
             signListPath: 'SignList.xml'
-            condition: or(startsWith(variables['Build.SourceBranch'], 'refs/tags/'), eq('${{ parameters.SignArtifacts }}', 'true'))
 
       - stage: Localization
         dependsOn: []

From c2de2255ec8baebb5f9afb1be8c69231a1ef5026 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 20 Feb 2024 15:17:27 -0800
Subject: [PATCH 25/26] Install latest 7.0 sdk for test lanes

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 9912e8de..3d01c149 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -219,7 +219,7 @@ extends:
         dependsOn: Build
         variables:
           DotNetCoreVersion: 3.1.201
-          DotNetVersion: 7.0.203
+          DotNetVersion: 7.0.x
         jobs:
         - job: testlinux
           displayName: 'Test Linux'

From c060f0b4162554f21e9d0939ab3351fc5dfca654 Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Tue, 20 Feb 2024 16:31:21 -0800
Subject: [PATCH 26/26] Use latest 7.0 sdk

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3d01c149..fdeaba37 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -219,7 +219,7 @@ extends:
         dependsOn: Build
         variables:
           DotNetCoreVersion: 3.1.201
-          DotNetVersion: 7.0.x
+          DotNetVersion: 7.0.406
         jobs:
         - job: testlinux
           displayName: 'Test Linux'