Add support for 1.4 to cyclonedx-bom #575
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: tokcum <tobias.mucke@gmail.com> Signed-off-by: justahero <sebastian.ziebell@ferrous-systems.com>
…ng From, interim fix in specs.v1_3.component marked as todo Signed-off-by: tokcum <tobias.mucke@gmail.com>
…, component.version is Option in 1.4 Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
|
DCO is missing, could you add that? |
justahero
force-pushed
the
sebastian/feat/v1_4_squash
branch
from
b8f933e
to
0fb0467
Compare
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
* add `CONTRIBUTING` document Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
justahero
force-pushed
the
sebastian/feat/v1_4_squash
branch
from
0fb0467
to
5abba3b
Compare
This uses the [fluent-uri](https://github.com/yescallop/fluent-uri-rs) crate to add support for relative URIs. Signed-off-by: tokcum <tobias.mucke@gmail.com> Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com> fixup! add: support for relative URIs
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
This adds `BomError` variant to error types `JsonWriteError` & `XmlWriteError` instead of calling `.expect`. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
This removes the `todo` & adds the validation of the Bom's `vulnerabilities`. Please note this needs review as I'm uncertain if that is how the validation workflow looks like. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
* remove `todo`, check conversion is `Ok` Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Some URLs given in the test examples were invalid, e.g. using an unescaped char sequence `\u0026` which were replaced with the correct char `&` in the query. Other `url` entries had text following the URL. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
justahero
force-pushed
the
sebastian/feat/v1_4_squash
branch
from
5abba3b
to
7b8880a
Compare
Shnatsel
approved these changes
Dec 5, 2023
|
Could this be released already? |
|
We're looking to add 1.5 support before the end of the year and ship it as a single breaking change, rather than make two breaking changes in quick succession. |
|
Ok, that's fair. Thanks for the update. |
@Shnatsel at this point, it's probably worthwhile to cut a new release, since 1.5 seems to be taking a little more time. What do you think? |
|
Yes, we will cut a new release sometime next week. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is based on #399. @tokcum, first of all thanks for your contribution & also your patience. @lfrancke asked me to help bring your PR over the finish line. In this PR I also integrated the feedback given by @Shnatsel in #399. I hope that is in your interest.
In this PR I changed a few things slightly, but otherwise tried to keep the commit history as consistent as possible. The following things have been updated or addressed.
mainto resolve merge conflicts. I advise to review these changes, when in doubt I checked againstmain.todosto the best of my understanding based on feedback by @ShnatselBomErrorto error typesJsonWriteError&XmlWriteErrorin order to remove.expectcalls in serialization\u0026)There were a few TODOs left that might be good candidates to be addressed on their own
cyclonedx-bom::models::Componentchanged itsversionfield to beOption<NormalizedString>, see this commentcyclonedx-bom::models::VulnerabilityRating implhad the commenttodo: how to decide what to validate, check thisPlease feel free to review & give feedback. I'm certain I got a few things wrong or might have missed something important.