npm - @cyclonedx/cdxgen - Versions diffs - 8.4.12 → 8.4.13 - Mend

@cyclonedx/cdxgen 8.4.12 → 8.4.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -1057,7 +1057,7 @@ const createJavaBom = async (path, options) => {
               "Resolve the above maven error. This could be due to the following:\n"
             );
             console.log(
-              "1. Java version requirement: cdxgen container image bundles Java 17 with gradle 8 which might be incompatible."
+              "1. Java version requirement: cdxgen container image bundles Java 17 with maven 3.8 which might be incompatible."
             );
             console.log(
               "2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable."
@@ -1580,6 +1580,7 @@ const createJavaBom = async (path, options) => {
           sbtVersion != null &&
           semver.gte(sbtVersion, "1.3.4") &&
           semver.lte(sbtVersion, "1.4.0");
+        const useSlashSyntax = semver.gte(sbtVersion, "1.5.0");
         const isDependencyTreeBuiltIn =
           sbtVersion != null && semver.gte(sbtVersion, "1.4.0");
         let tempDir = fs.mkdtempSync(pathLib.join(os.tmpdir(), "cdxsbt-"));
@@ -1619,7 +1620,11 @@ const createJavaBom = async (path, options) => {
             ];
           } else {
             // write to the existing plugins file
-            sbtArgs = [`"dependencyList::toFile ${dlFile} --force"`];
+            if (useSlashSyntax) {
+              sbtArgs = [`"dependencyList / toFile ${dlFile} --force"`];
+            } else {
+              sbtArgs = [`"dependencyList::toFile ${dlFile} --force"`];
+            }
             pluginFile = utils.addPlugin(basePath, sbtPluginDefinition);
           }
           // Note that the command has to be invoked with `shell: true` to properly execut sbt
@@ -1641,17 +1646,12 @@ const createJavaBom = async (path, options) => {
               "3. Consider creating a lockfile using sbt-dependency-lock plugin. See https://github.com/stringbean/sbt-dependency-lock"
             );
             options.failOnError && process.exit(1);
-          } else if (DEBUG_MODE) {
-            console.log(result.stdout);
           }
           if (!standalonePluginFile) {
             utils.cleanupPlugin(basePath, pluginFile);
           }
           if (fs.existsSync(dlFile)) {
             const cmdOutput = fs.readFileSync(dlFile, { encoding: "utf-8" });
-            if (DEBUG_MODE) {
-              console.log(cmdOutput);
-            }
             const dlist = utils.parseKVDep(cmdOutput);
             if (dlist && dlist.length) {
               pkgList = pkgList.concat(dlist);
@@ -4569,7 +4569,7 @@ exports.createBom = createBom;
  * @param bomContents BOM Xml
  */
 exports.submitBom = async (args, bomContents) => {
-  let serverUrl = args.serverUrl + "/api/v1/bom";
+  let serverUrl = args.serverUrl.replace(/\/$/, "") + "/api/v1/bom";
   let encodedBomContents = Buffer.from(bomContents).toString("base64");
   if (encodedBomContents.startsWith("77u/")) {
     encodedBomContents = encodedBomContents.substring(4);
@@ -4605,12 +4605,12 @@ exports.submitBom = async (args, bomContents) => {
       responseType: "json"
     }).json();
   } catch (error) {
-    if (error.response.statusCode === 401) {
+    if (error.response && error.response.statusCode === 401) {
       // Unauthorized
       console.log(
         "Received Unauthorized error. Check the API key used is valid and has necessary permissions to create projects and upload bom."
       );
-    } else if (error.response.statusCode === 405) {
+    } else if (error.response && error.response.statusCode === 405) {
       // Method not allowed errors
       try {
         return await got(serverUrl, {
@@ -4629,7 +4629,9 @@ exports.submitBom = async (args, bomContents) => {
           responseType: "json"
         }).json();
       } catch (error) {
-        console.log("Unable to submit the SBoM to the Dependency-Track server");
+        console.log(
+          "Unable to submit the SBoM to the Dependency-Track server using POST method"
+        );
         console.log(error);
       }
     } else {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.4.12",
+  "version": "8.4.13",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/utils.js CHANGED Viewed

@@ -1103,7 +1103,7 @@ const parseMavenTree = function (rawOutput) {
   let last_purl = "";
   let stack = [];
   tmpA.forEach((l) => {
-    if (!includeMavenTestScope && l.endsWith(":test")) {
+    if (!includeMavenTestScope && l.trim().endsWith(":test")) {
       return;
     }
     let level = 0;
@@ -1654,7 +1654,7 @@ const getMvnMetadata = async function (pkgList) {
   if (!pkgList || !pkgList.length) {
     return pkgList;
   }
-  if (DEBUG_MODE) {
+  if (DEBUG_MODE && fetchLicenses) {
     console.log(`About to query maven for ${pkgList.length} packages`);
   }
   for (const p of pkgList) {

package/utils.test.js CHANGED Viewed

@@ -1652,6 +1652,10 @@ test("parse scala sbt list", async () => {
     fs.readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(57);
+  deps = utils.parseKVDep(
+    fs.readFileSync("./test/data/atom-sbt-list.txt", { encoding: "utf-8" })
+  );
+  expect(deps.length).toEqual(117);
 });
 test("parse scala sbt lock", async () => {