Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build-public incorrectly deletes nested components #151

Closed
mmarseu opened this issue Apr 9, 2024 · 0 comments · Fixed by #200
Closed

build-public incorrectly deletes nested components #151

mmarseu opened this issue Apr 9, 2024 · 0 comments · Fixed by #200
Assignees
@CBeck-96
Labels
bug Something isn't working documentation Improvements or additions to documentation
Milestone
1.0.0

Comments

@mmarseu
Copy link
Collaborator

mmarseu commented Apr 9, 2024

The build-public command is meant to delete components marked as internal. It isn't documented what it does with non-internal components nested inside those internal components.

The tool should probably either:

  1. Delete nested components and remove them from the dependency tree the same way as internal components.
    This is likely the more logical choice, as users might expect components bundled inside internal components to also disappear from the SBOM.
  2. Leave nested components in the SBOM and move them up to the parent scope.

Instead, here is what actually happens:

  • Delete any component marked as internal, including nested components.
  • Remove dependencies on the internal component.
  • Do not remove dependencies on the nested components, leaving dependencies to components behind, which aren't part of the SBOM anymore.

We should choose one of the options above, implement it and make it explicit in the documentation.
@mmarseu mmarseu added bug Something isn't working documentation Improvements or additions to documentation labels Apr 9, 2024
@mmarseu mmarseu changed the title _build-public_ incorrectly deletes nested components build-public incorrectly deletes nested components Apr 9, 2024
@mmarseu mmarseu changed the title build-public incorrectly deletes nested components "build-public" incorrectly deletes nested components Apr 9, 2024
@mmarseu mmarseu changed the title "build-public" incorrectly deletes nested components build-public incorrectly deletes nested components Apr 11, 2024
mmarseu added a commit that referenced this issue Apr 11, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
3a84c7e 
Test now fails due to #151 and #154.
@mmarseu mmarseu mentioned this issue Apr 11, 2024
Draft
5 tasks
mmarseu added a commit that referenced this issue May 23, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
f47e3b6 
Test now fails due to #151 and #154.
mmarseu added a commit that referenced this issue May 28, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
397bd6c 
Test now fails due to #151 and #154.
@CBeck-96 CBeck-96 mentioned this issue Jun 10, 2024
Merged
mmarseu added a commit that referenced this issue Jun 20, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
c677b6b 
Test now fails due to #151 and #154.
mmarseu added a commit that referenced this issue Jul 2, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
47dcd44 
Test now fails due to #151 and #154.
mmarseu added a commit that referenced this issue Jul 2, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
09a222c 
Test now fails due to #151 and #154.
@italvi italvi added this to the 1.0.0 milestone Jul 3, 2024
mmarseu added a commit that referenced this issue Jul 4, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
f5718be 
Test now fails due to #151 and #154.
mmarseu added a commit that referenced this issue Jul 10, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
d934945 
Test now fails due to #151 and #154.
mmarseu added a commit that referenced this issue Jul 10, 2024
@mmarseu
tests: Fix exptected output of build-public integration test
b93e4cb 
Test now fails due to #151 and #154.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CBeck-96 CBeck-96

Labels
bug Something isn't working documentation Improvements or additions to documentation
Projects
None yet
Milestone
1.0.0
Development

Successfully merging a pull request may close this issue.

fix: delete nested components in build public command Festo-se/cyclonedx-editor-validator
3 participants
@mmarseu @italvi @CBeck-96