Our version of AutoMapper has been deprecated #1107
Description
Our version of AutoMapper is 5 years old and has been deprecated. We should move to a more current version. To do this, however, we need to change our code to use the new AutoMapper API. The ForAllPropertyMaps method is no longer supported, so we would need to refactor that code, which is just a well because the current code is not working as intended.
If you look at ConfigurationProfile.cs, you'll find that we create a map from the appropriate Args object to an InputConfiguration object, with a set of properties that we want to ignore. However, we also call ForAllPropertyMaps to add value converters based on types. The intent seems to be to convert all fields based on type but ignore certain properties based on their names. The actual effect is that all properties are converted and none of the properties are ignored.
A far better pattern, if feasible, would be to remove the concept of ForAllPropertyMaps and make each property map include just the fields that it cares about, maybe with some sort of error handling to cause superfluous fields to get ignored, possibly with a warning.
My test case was to add the ValidateSignature property to a config file for the generate action, which has code to ignore the ValidateSignature property. When the code gets into the code in SbomGenerationWorkflow.cs, the ValidateSignature property is set, when it should not be.