-
-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix invalid format of generated bom by incomplete package.json files #68
Fix invalid format of generated bom by incomplete package.json files #68
Conversation
fcd152b
to
6d7a52f
Compare
tried to reproduce the example regarding in addition to your fix, @peschuster , could you provide an integration test so the behavior can be reproduced and fixed for good? |
This here is the package.json that breaks the output in my project (using babel/runtime 7.17.2): https://github.com/babel/babel/blob/main/packages/babel-runtime/helpers/esm/package.json It is a react project. I will try to create an integration test for it. |
5fb3e64
to
51e7176
Compare
…ency Signed-off-by: Peter Schuster <p.schuster@pilz.de>
…in sub directories of npm packages Signed-off-by: Peter Schuster <p.schuster@pilz.de>
51e7176
to
f614fbf
Compare
@jkowalleck A react example with webpack5 and babel-runtime is now part of the integrations test and the tests are green again (it took some time to find a way through all the pitfalls...) |
@@ -1481,3 +1481,658 @@ exports[`integration webpack5 with vue2 generated xml file: dist/.bom/bom.xml 1` | |||
</dependencies> | |||
</bom>" | |||
`; | |||
|
|||
exports[`integration webpack5 with react generated json file: dist/.bom/bom.json 1`] = ` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@peschuster did you review this data?
is it the way you expected it to be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I did and it looks correct to me.
Thank you for the fix. |
nevermind, will add it in release preparations |
Some packages (like e.g. babel/runtime) contain package.json files in sub directories that don't contain all necessary data for generating boms.
This PR introduces a solution to iterate through parent directories until a package.json with at least a name property is found and prevents incomplete dependency refs from being added to the bom to not generate output that does not comply to the cyclonedx specification.
This should also fix #31.