-
-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for 1.4 to cyclonedx-bom #575
Add support for 1.4 to cyclonedx-bom #575
Conversation
Signed-off-by: tokcum <tobias.mucke@gmail.com> Signed-off-by: justahero <sebastian.ziebell@ferrous-systems.com>
…ng From, interim fix in specs.v1_3.component marked as todo Signed-off-by: tokcum <tobias.mucke@gmail.com>
…, component.version is Option in 1.4 Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
DCO is missing, could you add that? |
b8f933e
to
0fb0467
Compare
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
* add `CONTRIBUTING` document Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
0fb0467
to
5abba3b
Compare
This uses the [fluent-uri](https://github.com/yescallop/fluent-uri-rs) crate to add support for relative URIs. Signed-off-by: tokcum <tobias.mucke@gmail.com> Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com> fixup! add: support for relative URIs
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: tokcum <tobias.mucke@gmail.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
This adds `BomError` variant to error types `JsonWriteError` & `XmlWriteError` instead of calling `.expect`. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
This removes the `todo` & adds the validation of the Bom's `vulnerabilities`. Please note this needs review as I'm uncertain if that is how the validation workflow looks like. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
* remove `todo`, check conversion is `Ok` Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Some URLs given in the test examples were invalid, e.g. using an unescaped char sequence `\u0026` which were replaced with the correct char `&` in the query. Other `url` entries had text following the URL. Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Signed-off-by: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
5abba3b
to
7b8880a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, merging. Thanks!
Could this be released already? |
We're looking to add 1.5 support before the end of the year and ship it as a single breaking change, rather than make two breaking changes in quick succession. |
Ok, that's fair. Thanks for the update. |
@Shnatsel at this point, it's probably worthwhile to cut a new release, since 1.5 seems to be taking a little more time. What do you think? |
Yes, we will cut a new release sometime next week. |
This PR is based on #399. @tokcum, first of all thanks for your contribution & also your patience. @lfrancke asked me to help bring your PR over the finish line. In this PR I also integrated the feedback given by @Shnatsel in #399. I hope that is in your interest.
In this PR I changed a few things slightly, but otherwise tried to keep the commit history as consistent as possible. The following things have been updated or addressed.
main
to resolve merge conflicts. I advise to review these changes, when in doubt I checked againstmain
.todos
to the best of my understanding based on feedback by @ShnatselBomError
to error typesJsonWriteError
&XmlWriteError
in order to remove.expect
calls in serialization\u0026
)There were a few TODOs left that might be good candidates to be addressed on their own
cyclonedx-bom::models::Component
changed itsversion
field to beOption<NormalizedString>
, see this commentcyclonedx-bom::models::VulnerabilityRating impl
had the commenttodo: how to decide what to validate, check this
Please feel free to review & give feedback. I'm certain I got a few things wrong or might have missed something important.