@cyclonedx/cdxgen 10.8.5 → 10.8.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.8.5",
+  "version": "10.8.6",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/server.js

@@ -94,7 +94,7 @@ const parseQueryString = (q, body, options = {}) => {
     }
   }
 
-  options.projectType = options.type.split(",");
+  options.projectType = options.type?.split(",");
   delete options.type;
 
   return options;

package/utils.js

@@ -464,7 +464,8 @@ export function isSpdxLicenseExpression(license) {
  * Convert the array of licenses to a CycloneDX 1.5 compliant license array.
  * This should return an array containing:
  * - one or more SPDX license if no expression is present
- * - the first license expression if at least one is present
+ * - the license of the expression if one expression is present
+ * - a unified conditional 'OR' license expression if more then one expression is present
  *
  * @param {Array} licenses Array of licenses
  * @returns {Array} CycloneDX 1.5 compliant license array
@@ -479,7 +480,14 @@ export function adjustLicenseInformation(licenses) {
   });
   if (expressions.length >= 1) {
     if (expressions.length > 1) {
-      console.warn("multiple license expressions found", expressions);
+      return [
+        {
+          expression: expressions
+            .map((e) => e.expression || "")
+            .filter(Boolean)
+            .join(" OR "),
+        },
+      ];
     }
     return [{ expression: expressions[0].expression }];
   }
@@ -2861,6 +2869,7 @@ export function executeGradleProperties(dir, rootPath, subProject) {
     cwd: dir,
     encoding: "utf-8",
     shell: isWin,
+    maxBuffer: 10 * 1024 * 1024,
   });
   if (result.status !== 0 || result.error) {
     if (result.stderr) {