Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade cyclonedx-core-java to 9.x.x #444

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

upgrade cyclonedx-core-java to 9.x.x #444

wants to merge 5 commits into from

Conversation

skhokhlov
Copy link
Contributor

No description provided.

@skhokhlov
upgrade cyclonedx-core-java to 9.0.2
89d8a65 
Signed-off-by: skhokhlov <me@skhlv.nyc>
@skhokhlov
Copy link
Contributor Author

Well, from my understanding, the tests are failing because of a bug in cyclonedx-java-core.

CycloneDX: Validating BOM
Unknown keyword meta:enum - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword or if it should generate annotations AnnotationKeyword
Unknown keyword deprecated - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword or if it should generate annotations AnnotationKeyword

https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/resources/bom-1.6.schema.json#L611

That project doesn't have any tests for schema validation

@skhokhlov
Copy link
Contributor Author

Related issue CycloneDX/cyclonedx-core-java#409

@skhokhlov skhokhlov mentioned this pull request Jun 6, 2024
Closed
@skhokhlov
bump cyclonedx-core-java to 9.0.3
90acc65 
Signed-off-by: skhokhlov <me@skhlv.nyc>
@skhokhlov skhokhlov mentioned this pull request Jun 25, 2024
Closed
@skhokhlov
set null license choice instead of empty one
b3eeade 
Signed-off-by: skhokhlov <me@skhlv.nyc>
@skhokhlov
bump cyclonedx-core-java to 9.0.4
b7a5114 
Signed-off-by: skhokhlov <me@skhlv.nyc>
@skhokhlov skhokhlov changed the title upgrade cyclonedx-core-java to 9.0.2 upgrade cyclonedx-core-java to 9.x.x Jun 28, 2024
jkowalleck
jkowalleck approved these changes Jul 2, 2024
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

adding support for CDX 1.6 ✔️
does not change any default values, or does it? if it did, this would be a breaking change ...

@jkowalleck
Copy link
Member

@glefloch could you review this PR and maybe merge/release it?

@skhokhlov
Copy link
Contributor Author

does not change any default values, or does it? if it did, this would be a breaking change ...

just default schema version, will be 1.6

@VinodAnandan
Copy link

VinodAnandan commented Jul 2, 2024
edited by jkowalleck
Loading

@skhokhlov can we keep 1.5 as default, maybe we can change the default version in the 1.9.x 2.x release?

@skhokhlov
Copy link
Contributor Author

@skhokhlov can we keep 1.5 as default, maybe we can change the default version in the 1.9.x 2.x release?

Any reason for this? Previously default schema version was update with minor release 1.8.0

@jkowalleck
Copy link
Member

jkowalleck commented Jul 4, 2024
edited
Loading

@skhokhlov can we keep 1.5 as default, maybe we can change the default version in the 1.9.x 2.x release?

Any reason for this? Previously default schema version was update with minor release 1.8.0

Previous changes were non-ideal. They introduced breaking changes when users did not expect them.
We want to enable users to use CycloneDX 1.6, but don't want to force existing inexperienced users to it.
The idea is: By not changing the default, we would enable existing users to upgrade easily, without breaking any processes.

PS: i am fully with you when it comes to updating the readme (here and here, etc) in a way that users are pointed to use 1.6 - but the default should sill be unchanged fo now.

@skhokhlov
use version 1.5 of schema by default
37834a6 
Signed-off-by: skhokhlov <me@skhlv.nyc>
@skhokhlov
Copy link
Contributor Author

pushed the change with 1.5 by default

@skhokhlov
Copy link
Contributor Author

Any change to make it merged? 🙃

@jkowalleck jkowalleck mentioned this pull request Jul 9, 2024
Open
@jkowalleck jkowalleck requested a review from a team July 19, 2024 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck approved these changes

@glefloch glefloch Awaiting requested review from glefloch

@stevespringett stevespringett Awaiting requested review from stevespringett

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@skhokhlov @jkowalleck @VinodAnandan