From 12a03b588c9e8a440020eb799c45431dd6ea7caf Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Thu, 20 Oct 2022 12:15:33 -0400 Subject: [PATCH] Update Syft to v0.59.0 (#371) --- .github/release-drafter.yml | 2 +- dist/attachReleaseAssets/index.js | 2 +- dist/downloadSyft/index.js | 2 +- dist/runSyftAction/index.js | 2 +- src/SyftVersion.ts | 2 +- .../__snapshots__/formatExports.test.ts.snap | 357 ++++++++++++------ tests/integration/formatExports.test.ts | 13 +- 7 files changed, 258 insertions(+), 122 deletions(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index a0ce7839..d39914ec 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -7,7 +7,7 @@ categories: - title: "🐛 Bug Fixes" labels: [fix, bugfix, bug] -change-template: "- $TITLE (#$NUMBER) [$AUTHOR](https://github.com/$AUTHOR)" +change-template: "- $TITLE (#$NUMBER) [[$AUTHOR](https://github.com/$AUTHOR)]" version-resolver: major: diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js index 932b999a..206f92e2 100644 --- a/dist/attachReleaseAssets/index.js +++ b/dist/attachReleaseAssets/index.js @@ -23363,7 +23363,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.58.0"; +exports.VERSION = "v0.59.0"; /***/ }), diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js index 3c8db95c..93ec8b0b 100644 --- a/dist/downloadSyft/index.js +++ b/dist/downloadSyft/index.js @@ -23363,7 +23363,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.58.0"; +exports.VERSION = "v0.59.0"; /***/ }), diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js index 6bd7b57f..84893e66 100644 --- a/dist/runSyftAction/index.js +++ b/dist/runSyftAction/index.js @@ -23363,7 +23363,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.58.0"; +exports.VERSION = "v0.59.0"; /***/ }), diff --git a/src/SyftVersion.ts b/src/SyftVersion.ts index aae0283a..663a0fcb 100644 --- a/src/SyftVersion.ts +++ b/src/SyftVersion.ts @@ -1 +1 @@ -export const VERSION = "v0.58.0"; +export const VERSION = "v0.59.0"; diff --git a/tests/integration/__snapshots__/formatExports.test.ts.snap b/tests/integration/__snapshots__/formatExports.test.ts.snap index f26df9aa..34257cf8 100644 --- a/tests/integration/__snapshots__/formatExports.test.ts.snap +++ b/tests/integration/__snapshots__/formatExports.test.ts.snap @@ -4,10 +4,10 @@ exports[`CycloneDX JSON alpine 1`] = ` "{ "bomFormat": "CycloneDX", "specVersion": "1.4", - , + "version": 1, "metadata": { - , + "tools": [ { "vendor": "anchore", @@ -16,7 +16,7 @@ exports[`CycloneDX JSON alpine 1`] = ` } ], "component": { - , + "type": "container", "name": "localhost:5000/match-coverage/alpine:latest", @@ -24,11 +24,11 @@ exports[`CycloneDX JSON alpine 1`] = ` }, "components": [ { - , + "type": "library", "publisher": "A. Wilcox \\u003cawilfox@adelielinux.org\\u003e", "name": "libvncserver", - , + "description": "Library to make writing a vnc server easy", "licenses": [ { @@ -95,7 +95,7 @@ exports[`CycloneDX JSON alpine 1`] = ` { "type": "operating-system", "name": "alpine", - , + "description": "Alpine Linux v3.12", "swid": { "tagId": "alpine", @@ -136,10 +136,10 @@ exports[`CycloneDX JSON debian 1`] = ` "{ "bomFormat": "CycloneDX", "specVersion": "1.4", - , + "version": 1, "metadata": { - , + "tools": [ { "vendor": "anchore", @@ -148,7 +148,7 @@ exports[`CycloneDX JSON debian 1`] = ` } ], "component": { - , + "type": "container", "name": "localhost:5000/match-coverage/debian:latest", @@ -156,11 +156,11 @@ exports[`CycloneDX JSON debian 1`] = ` }, "components": [ { - , + "type": "library", "author": "Georg Brandl \\u003cgeorg@python.org\\u003e", "name": "Pygments", - , + "cpe": "cpe:2.3:a:python-Pygments:python-Pygments:2.6.1:*:*:*:*:*:*:*", "purl": "pkg:pypi/Pygments@2.6.1", "properties": [ @@ -267,11 +267,11 @@ exports[`CycloneDX JSON debian 1`] = ` ] }, { - , + "type": "library", "publisher": "APT Development Team \\u003cdeity@lists.debian.org\\u003e", "name": "apt", - , + "cpe": "cpe:2.3:a:apt:apt:1.8.2:*:*:*:*:*:*:*", "purl": "pkg:deb/debian/apt@1.8.2?arch=amd64\\u0026upstream=apt-dev\\u0026distro=debian-8", "properties": [ @@ -306,11 +306,11 @@ exports[`CycloneDX JSON debian 1`] = ` ] }, { - , + "type": "library", "author": "André Arko,Samuel Giddins,Colby Swandale,Hiroshi Shibata,David Rodríguez,Grey Baker,Stephanie Morillo,Chris Morris,James Wen,Tim Moore,André Medeiros,Jessica Lynn Suttles,Terence Lee,Carl Lerche,Yehuda Katz", "name": "bundler", - , + "licenses": [ { "license": { @@ -466,11 +466,11 @@ exports[`CycloneDX JSON debian 1`] = ` ] }, { - , + "type": "library", "group": "org.anchore", "name": "example-java-app-maven", - , + "cpe": "cpe:2.3:a:example-java-app-maven:example-java-app-maven:0.1.0:*:*:*:*:*:*:*", "purl": "pkg:maven/org.anchore/example-java-app-maven@0.1.0", "externalReferences": [ @@ -585,11 +585,11 @@ exports[`CycloneDX JSON debian 1`] = ` ] }, { - , + "type": "library", "group": "joda-time", "name": "joda-time", - , + "cpe": "cpe:2.3:a:joda-time:joda-time:2.9.2:*:*:*:*:*:*:*", "purl": "pkg:maven/joda-time/joda-time@2.9.2", "properties": [ @@ -652,11 +652,11 @@ exports[`CycloneDX JSON debian 1`] = ` ] }, { - , + "type": "library", "author": "Isaac Z. Schlueter \\u003ci@izs.me\\u003e (http://blog.izs.me)", "name": "npm", - , + "licenses": [ { "license": { @@ -710,7 +710,7 @@ exports[`CycloneDX JSON debian 1`] = ` { "type": "operating-system", "name": "debian", - , + "description": "Debian GNU/Linux 8 (jessie)", "swid": { "tagId": "debian", @@ -756,10 +756,10 @@ exports[`CycloneDX JSON npm 1`] = ` "{ "bomFormat": "CycloneDX", "specVersion": "1.4", - , + "version": 1, "metadata": { - , + "tools": [ { "vendor": "anchore", @@ -768,17 +768,17 @@ exports[`CycloneDX JSON npm 1`] = ` } ], "component": { - , + "type": "file", "name": "tests/fixtures/npm-project" } }, "components": [ { - , + "type": "library", "name": "chownr", - , + "cpe": "cpe:2.3:a:chownr:chownr:2.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/chownr@2.0.0", "properties": [ @@ -805,10 +805,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "fs-minipass", - , + "cpe": "cpe:2.3:a:fs-minipass:fs-minipass:2.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/fs-minipass@2.1.0", "properties": [ @@ -859,10 +859,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "js-tokens", - , + "cpe": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/js-tokens@4.0.0", "properties": [ @@ -913,10 +913,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "loose-envify", - , + "cpe": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/loose-envify@1.4.0", "properties": [ @@ -967,10 +967,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "minipass", - , + "cpe": "cpe:2.3:a:minipass:minipass:3.1.3:*:*:*:*:*:*:*", "purl": "pkg:npm/minipass@3.1.3", "properties": [ @@ -997,10 +997,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "minizlib", - , + "cpe": "cpe:2.3:a:minizlib:minizlib:2.1.2:*:*:*:*:*:*:*", "purl": "pkg:npm/minizlib@2.1.2", "properties": [ @@ -1027,10 +1027,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "mkdirp", - , + "cpe": "cpe:2.3:a:mkdirp:mkdirp:1.0.4:*:*:*:*:*:*:*", "purl": "pkg:npm/mkdirp@1.0.4", "properties": [ @@ -1057,10 +1057,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "object-assign", - , + "cpe": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/object-assign@4.1.1", "properties": [ @@ -1111,10 +1111,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "prop-types", - , + "cpe": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*", "purl": "pkg:npm/prop-types@15.7.2", "properties": [ @@ -1165,10 +1165,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "react", - , + "cpe": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/react@16.14.0", "properties": [ @@ -1195,10 +1195,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "react-is", - , + "cpe": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*", "purl": "pkg:npm/react-is@16.13.1", "properties": [ @@ -1249,10 +1249,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "tar", - , + "cpe": "cpe:2.3:a:tar:tar:6.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/tar@6.1.0", "properties": [ @@ -1279,10 +1279,10 @@ exports[`CycloneDX JSON npm 1`] = ` ] }, { - , + "type": "library", "name": "yallist", - , + "cpe": "cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/yallist@4.0.0", "properties": [ @@ -1317,10 +1317,10 @@ exports[`CycloneDX JSON yarn 1`] = ` "{ "bomFormat": "CycloneDX", "specVersion": "1.4", - , + "version": 1, "metadata": { - , + "tools": [ { "vendor": "anchore", @@ -1329,17 +1329,17 @@ exports[`CycloneDX JSON yarn 1`] = ` } ], "component": { - , + "type": "file", "name": "tests/fixtures/yarn-project" } }, "components": [ { - , + "type": "library", "name": "js-tokens", - , + "cpe": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/js-tokens@4.0.0", "properties": [ @@ -1390,10 +1390,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "loose-envify", - , + "cpe": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/loose-envify@1.4.0", "properties": [ @@ -1444,10 +1444,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "object-assign", - , + "cpe": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/object-assign@4.1.1", "properties": [ @@ -1498,10 +1498,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "prop-types", - , + "cpe": "cpe:2.3:a:prop-types:prop-types:15.7.2:*:*:*:*:*:*:*", "purl": "pkg:npm/prop-types@15.7.2", "properties": [ @@ -1552,10 +1552,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "react", - , + "cpe": "cpe:2.3:a:react:react:16.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/react@16.14.0", "properties": [ @@ -1582,10 +1582,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "react-is", - , + "cpe": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*", "purl": "pkg:npm/react-is@16.13.1", "properties": [ @@ -1636,10 +1636,10 @@ exports[`CycloneDX JSON yarn 1`] = ` ] }, { - , + "type": "library", "name": "trim", - , + "cpe": "cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:*", "purl": "pkg:npm/trim@0.0.2", "properties": [ @@ -2353,11 +2353,11 @@ exports[`CycloneDX XML yarn 1`] = ` exports[`SPDX JSON alpine 1`] = ` "{ - , + "name": "localhost-5000/match-coverage/alpine-latest", "spdxVersion": "SPDX-2.2", "creationInfo": { - , + "creators": [ "Organization: Anchore, Inc", @@ -2365,10 +2365,10 @@ exports[`SPDX JSON alpine 1`] = ` }, "dataLicense": "CC0-1.0", - , + "packages": [ { - , + "name": "libvncserver", "licenseConcluded": "GPL-2.0-or-later", "description": "Library to make writing a vnc server easy", @@ -2391,6 +2391,13 @@ exports[`SPDX JSON alpine 1`] = ` "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", "versionInfo": "0.9.9" } + ], + "relationships": [ + { + + "relationshipType": "CONTAINS", + + } ] } " @@ -2398,11 +2405,11 @@ exports[`SPDX JSON alpine 1`] = ` exports[`SPDX JSON debian 1`] = ` "{ - , + "name": "localhost-5000/match-coverage/debian-latest", "spdxVersion": "SPDX-2.2", "creationInfo": { - , + "creators": [ "Organization: Anchore, Inc", @@ -2410,10 +2417,10 @@ exports[`SPDX JSON debian 1`] = ` }, "dataLicense": "CC0-1.0", - , + "packages": [ { - , + "name": "Pygments", "licenseConcluded": "NOASSERTION", "downloadLocation": "NOASSERTION", @@ -2521,7 +2528,7 @@ exports[`SPDX JSON debian 1`] = ` "versionInfo": "2.6.1" }, { - , + "name": "apt", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -2544,7 +2551,7 @@ exports[`SPDX JSON debian 1`] = ` "versionInfo": "1.8.2" }, { - , + "name": "bundler", "licenseConcluded": "MIT", "downloadLocation": "NOASSERTION", @@ -2708,7 +2715,7 @@ exports[`SPDX JSON debian 1`] = ` "versionInfo": "2.1.4" }, { - , + "name": "example-java-app-maven", "licenseConcluded": "NONE", "checksums": [ @@ -2811,7 +2818,7 @@ exports[`SPDX JSON debian 1`] = ` "versionInfo": "0.1.0" }, { - , + "name": "joda-time", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -2858,7 +2865,7 @@ exports[`SPDX JSON debian 1`] = ` "versionInfo": "2.9.2" }, { - , + "name": "npm", "licenseConcluded": "Artistic-2.0", "downloadLocation": "https://github.com/npm/cli", @@ -2886,6 +2893,38 @@ exports[`SPDX JSON debian 1`] = ` "sourceInfo": "acquired package info from installed node module manifest file: /javascript/pkg-json/package.json", "versionInfo": "6.14.6" } + ], + "relationships": [ + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + } ] } " @@ -2893,11 +2932,11 @@ exports[`SPDX JSON debian 1`] = ` exports[`SPDX JSON npm 1`] = ` "{ - , + "name": "tests/fixtures/npm-project", "spdxVersion": "SPDX-2.2", "creationInfo": { - , + "creators": [ "Organization: Anchore, Inc", @@ -2905,10 +2944,10 @@ exports[`SPDX JSON npm 1`] = ` }, "dataLicense": "CC0-1.0", - , + "packages": [ { - , + "name": "chownr", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -2935,7 +2974,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "2.0.0" }, { - , + "name": "fs-minipass", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -2992,7 +3031,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "2.1.0" }, { - , + "name": "js-tokens", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3049,7 +3088,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "4.0.0" }, { - , + "name": "loose-envify", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3106,7 +3145,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "1.4.0" }, { - , + "name": "minipass", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3133,7 +3172,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "3.1.3" }, { - , + "name": "minizlib", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3160,7 +3199,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "2.1.2" }, { - , + "name": "mkdirp", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3187,7 +3226,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "1.0.4" }, { - , + "name": "object-assign", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3244,7 +3283,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "4.1.1" }, { - , + "name": "prop-types", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3301,7 +3340,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "15.7.2" }, { - , + "name": "react", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3328,7 +3367,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "16.14.0" }, { - , + "name": "react-is", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3385,7 +3424,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "16.13.1" }, { - , + "name": "tar", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3412,7 +3451,7 @@ exports[`SPDX JSON npm 1`] = ` "versionInfo": "6.1.0" }, { - , + "name": "yallist", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3438,6 +3477,73 @@ exports[`SPDX JSON npm 1`] = ` "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", "versionInfo": "4.0.0" } + ], + "relationships": [ + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + } ] } " @@ -3445,11 +3551,11 @@ exports[`SPDX JSON npm 1`] = ` exports[`SPDX JSON yarn 1`] = ` "{ - , + "name": "tests/fixtures/yarn-project", "spdxVersion": "SPDX-2.2", "creationInfo": { - , + "creators": [ "Organization: Anchore, Inc", @@ -3457,10 +3563,10 @@ exports[`SPDX JSON yarn 1`] = ` }, "dataLicense": "CC0-1.0", - , + "packages": [ { - , + "name": "js-tokens", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3517,7 +3623,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "4.0.0" }, { - , + "name": "loose-envify", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3574,7 +3680,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "1.4.0" }, { - , + "name": "object-assign", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3631,7 +3737,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "4.1.1" }, { - , + "name": "prop-types", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3688,7 +3794,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "15.7.2" }, { - , + "name": "react", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3715,7 +3821,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "16.14.0" }, { - , + "name": "react-is", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3772,7 +3878,7 @@ exports[`SPDX JSON yarn 1`] = ` "versionInfo": "16.13.1" }, { - , + "name": "trim", "licenseConcluded": "NONE", "downloadLocation": "NOASSERTION", @@ -3798,6 +3904,43 @@ exports[`SPDX JSON yarn 1`] = ` "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", "versionInfo": "0.0.2" } + ], + "relationships": [ + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + }, + { + + "relationshipType": "CONTAINS", + + } ] } " diff --git a/tests/integration/formatExports.test.ts b/tests/integration/formatExports.test.ts index 8bec2f5f..d565066d 100644 --- a/tests/integration/formatExports.test.ts +++ b/tests/integration/formatExports.test.ts @@ -89,11 +89,8 @@ const testSource = async (source: string, format = "spdx"): Promise => { .replace(/DocumentNamespace[:][^\n]+/g, ""); case "spdx-json": return sbom - .replace(/"created": "[^"]+"/g, "") - .replace(/"SPDXID": "[^"]+"/g, "") - .replace(/"Tool:[^"]+"/g, "") - .replace(/"licenseListVersion": "[^"]+"/g, "") - .replace(/"documentNamespace": "[^"]+"/g, ""); + .replace(/"(created|SPDXID|licenseListVersion|documentNamespace|spdxElementId|relatedSpdxElement)": "[^"]+",?/g, "") + .replace(/"Tool:[^"]+"/g, ""); case "cyclonedx": case "cyclonedx-xml": return sbom @@ -104,11 +101,7 @@ const testSource = async (source: string, format = "spdx"): Promise => { .replace(/[^<]+<\/version>/g, ""); case "cyclonedx-json": return sbom - .replace(/"bom-ref": "[^"]+"/g, "") - .replace(/"serialNumber": "[^"]+"/g, "") - .replace(/"timestamp": "[^"]+"/g, "") - .replace(/"value": "[^"]+"/g, "") - .replace(/"version": "[^"]+"/g, ""); + .replace(/"(bom-ref|serialNumber|timestamp|value|version)": "[^"]+",?/g, ""); } return sbom;