@cyclonedx/cdxgen 10.10.2 → 10.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/cli/index.js +16 -20
  2. package/lib/helpers/utils.js +3 -3
  3. package/package.json +2 -2
  4. package/types/lib/cli/index.d.ts.map +1 -1
package/lib/cli/index.js CHANGED
@@ -1470,7 +1470,7 @@ export async function createJavaBom(path, options) {
1470
1470
  );
1471
1471
  } else {
1472
1472
  console.log(
1473
- "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the unofficial JDK11-based image `ghcr.io/appthreat/cdxgen-java:v10`.",
1473
+ "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.",
1474
1474
  );
1475
1475
  }
1476
1476
  console.log(
@@ -5088,7 +5088,7 @@ export async function createCsharpBom(path, options) {
5088
5088
  "This project requires a specific version of dotnet sdk to be installed. The cdxgen container image bundles dotnet SDK 8.0, which might be incompatible.",
5089
5089
  );
5090
5090
  console.log(
5091
- "Try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet6:v10` or `ghcr.io/appthreat/cdxgen-dotnet7:v10` container images.",
5091
+ "Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v10` container images.",
5092
5092
  );
5093
5093
  } else {
5094
5094
  console.error(
@@ -5099,7 +5099,7 @@ export async function createCsharpBom(path, options) {
5099
5099
  );
5100
5100
  if (process.env?.CDXGEN_IN_CONTAINER !== "true") {
5101
5101
  console.log(
5102
- "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet6:v10` container image, which bundles nuget (mono) and a range of dotnet SDKs.",
5102
+ "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` container image, which bundles nuget (mono) and a range of dotnet SDKs.",
5103
5103
  );
5104
5104
  }
5105
5105
  }
@@ -5189,7 +5189,7 @@ export async function createCsharpBom(path, options) {
5189
5189
  "3. If the project uses the legacy .Net Framework 4.6/4.7/4.8, it might require execution on Windows.",
5190
5190
  );
5191
5191
  console.log(
5192
- "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.",
5192
+ "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.",
5193
5193
  );
5194
5194
  options.failOnError && process.exit(1);
5195
5195
  }
@@ -5473,19 +5473,20 @@ export function trimComponents(components) {
5473
5473
  } else {
5474
5474
  const existingComponent = keyCache[key];
5475
5475
  // We need to retain any properties that differ
5476
- const compProps = existingComponent.properties || [];
5477
- const compPropsMap = {};
5478
- for (const aprop of compProps) {
5479
- compPropsMap[aprop.name] = aprop.value;
5480
- }
5481
5476
  if (comp.properties) {
5482
- for (const newprop of comp.properties) {
5483
- if (
5484
- !compPropsMap[newprop.name] ||
5485
- (newprop.value && compPropsMap[newprop.name] !== newprop.value)
5486
- ) {
5487
- compProps.push(newprop);
5477
+ if (existingComponent.properties) {
5478
+ for (const newprop of comp.properties) {
5479
+ if (
5480
+ !existingComponent.properties.find(
5481
+ (prop) =>
5482
+ prop.name === newprop.name && prop.value === newprop.value,
5483
+ )
5484
+ ) {
5485
+ existingComponent.properties.push(newprop);
5486
+ }
5488
5487
  }
5488
+ } else {
5489
+ existingComponent.properties = comp.properties;
5489
5490
  }
5490
5491
  }
5491
5492
  // If the component is required in any of the child projects, then make it required
@@ -5494,11 +5495,6 @@ export function trimComponents(components) {
5494
5495
  comp?.scope === "required"
5495
5496
  ) {
5496
5497
  existingComponent.scope = "required";
5497
- keyCache[key] = existingComponent;
5498
- }
5499
- if (compProps.length) {
5500
- existingComponent.properties = compProps;
5501
- keyCache[key] = existingComponent;
5502
5498
  }
5503
5499
  }
5504
5500
  }
package/lib/helpers/utils.js CHANGED
@@ -2694,7 +2694,7 @@ export async function parseGradleDep(
2694
2694
  last_bomref = last_project_bomref;
2695
2695
  stack = [first_bomref];
2696
2696
  }
2697
- if (rline.includes(" - ")) {
2697
+ if (rline.includes(" - ") && !rline.startsWith("Project ':")) {
2698
2698
  profileName = rline.split(" - ")[0];
2699
2699
  if (profileName.toLowerCase().includes("test")) {
2700
2700
  scope = "optional";
@@ -3059,7 +3059,7 @@ export function executeParallelGradleProperties(dir, allProjectsStr) {
3059
3059
  "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7.\n cdxgen container image bundles Java 23 with gradle 8 which might be incompatible.",
3060
3060
  );
3061
3061
  console.log(
3062
- "2. Try running cdxgen with the unofficial JDK11-based image `ghcr.io/appthreat/cdxgen-java:v10`.",
3062
+ "2. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.",
3063
3063
  );
3064
3064
  if (result.stderr?.includes("not get unknown property")) {
3065
3065
  console.log(
@@ -10859,7 +10859,7 @@ export function getPipFrozenTree(
10859
10859
  "1. Try invoking cdxgen with a specific python version type. Example: `-t python36` or `-t python39`",
10860
10860
  );
10861
10861
  console.log(
10862
- "2. Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-python39:v10` or `ghcr.io/appthreat/cdxgen-python311:v10` container images, which bundles a range of build tools and development libraries.",
10862
+ "2. Alternatively, try using the custom container images `ghcr.io/cyclonedx/cdxgen-python39:v10` or `ghcr.io/cyclonedx/cdxgen-python311:v10`, which bundles a range of build tools and development libraries.",
10863
10863
  );
10864
10864
  } else if (
10865
10865
  process.env?.PIP_INSTALL_ARGS?.includes("--python-version")
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cyclonedx/cdxgen",
3
- "version": "10.10.2",
3
+ "version": "10.10.3",
4
4
  "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
5
5
  "homepage": "http://github.com/cyclonedx/cdxgen",
6
6
  "author": "Prabhu Subramanian <prabhu@appthreat.com>",
@@ -114,7 +114,7 @@
114
114
  "types/"
115
115
  ],
116
116
  "devDependencies": {
117
- "@biomejs/biome": "1.9.2",
117
+ "@biomejs/biome": "1.9.3",
118
118
  "jest": "^29.7.0",
119
119
  "typescript": "^5.6.2"
120
120
  },
package/types/lib/cli/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA0wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA04BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;;;;;;GAUG;AACH,+DAyEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA6YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,oEAkDC;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAmclB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAiUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAsOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA0wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA04BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;;;;;;GAUG;AACH,+DAyEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA6YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,oEAkDC;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAuCC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAmclB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAiUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAsOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"}