chore(runtime):SP-4382 bump runtime container to v1.52.1

[agustingroh]

Summary by CodeRabbit

• Chores
  • Extended version updated to 1.7.1
  • Code scanner runtime container upgraded to the latest compatible version for improved stability, security, and performance

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR upgrades the scanoss-py dependency from v1.46.0 to v1.52.1 and bumps the extension version to 1.7.1. Version metadata in package manifests and task definitions are incremented, the runtime container image reference is updated in code and configuration, and documentation and changelog entries are added to reflect the upgrade.

Changes

Extension Version and Dependency Upgrade

Layer / File(s)	Summary
Version Metadata Updates codescantask/package.json, vss-extension.json, vss-extension-dev.json, codescantask/task.json	Package version bumped to 1.7.1; extension manifest versions updated to 1.7.1 and 1.8.0 (dev); task patch version incremented to 1.
Runtime Container Configuration codescantask/app.input.ts, codescantask/task.json	RUNTIME_CONTAINER constant and task input default updated from ghcr.io/scanoss/scanoss-py:v1.46.0 to ghcr.io/scanoss/scanoss-py:v1.52.1.
Documentation and Changelog Updates codescantask/services/scan.service.ts, OVERVIEW.md, CHANGELOG.md	JSDoc comment for Options.runtimeContainer updated; OVERVIEW.md action input table reflects new default image; CHANGELOG.md entry created for v1.7.1 release with upgrade note and version link references added.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• scanoss/ado-code-scan#55: Updates the same runtime container default across task and app configuration files.
• scanoss/ado-code-scan#54: Modifies the same configuration entries and documentation for RUNTIME_CONTAINER and runtimeContainer defaults.

Suggested labels

enhancement

Suggested reviewers

• eeisegn

Poem

🐰 Hops through dependencies, version by version,
From forty-six to fifty-two, a scanner's ascension,
Manifests aligned, docs gleam bright,
One-point-seven-one shines forth in the night! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping the runtime container to v1.52.1, which is the primary modification across all files in this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/SP-4382-bump-runtime-to-v1.52.1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@codescantask/app.input.ts`:
- Line 40: RUNTIME_CONTAINER is set to a mutable tag which allows image drift;
replace the tag value ("ghcr.io/scanoss/scanoss-py:v1.52.1") with the immutable
digest form ("ghcr.io/scanoss/scanoss-py@sha256:<resolved_digest>") in
codescantask/app.input.ts (RUNTIME_CONTAINER), and make the identical digest
substitution for every other occurrence (task.json, scan.service.ts, and any
docs) so all defaults reference the same sha256 digest string for reproducible,
pinned runtime images.

In `@vss-extension-dev.json`:
- Line 5: The DEV manifest's "version" field currently reads "1.8.0" and must be
changed to match the release artifacts' "1.7.1"; update the "version" value in
vss-extension-dev.json (the "version" property) from 1.8.0 to 1.7.1 so the
manifest aligns with the rest of this release cycle and avoids packaging/publish
traceability issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 53ea8409-778a-49c3-aa7d-f57ea1bfbc45

📥 Commits

Reviewing files that changed from the base of the PR and between 059e918 and 7542d10.

⛔ Files ignored due to path filters (1)

• codescantask/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• CHANGELOG.md
• OVERVIEW.md
• codescantask/app.input.ts
• codescantask/package.json
• codescantask/services/scan.service.ts
• codescantask/task.json
• vss-extension-dev.json
• vss-extension.json