@cyclonedx/cyclonedx-library 1.0.2 → 1.2.0

package/dist.node/spec.js

@@ -28,7 +28,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _Spec_version, _Spec_formats, _Spec_componentTypes, _Spec_hashAlgorithms, _Spec_hashValuePattern, _Spec_externalReferenceTypes, _Spec_supportsDependencyGraph, _Spec_supportsToolReferences;
+var _Spec_version, _Spec_formats, _Spec_componentTypes, _Spec_hashAlgorithms, _Spec_hashValuePattern, _Spec_externalReferenceTypes, _Spec_supportsDependencyGraph, _Spec_supportsToolReferences, _Spec_requiresComponentVersion;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SpecVersionDict = exports.Spec1dot4 = exports.Spec1dot3 = exports.Spec1dot2 = exports.UnsupportedFormatError = exports.Format = exports.Version = void 0;
 const enums_1 = require("./enums");
@@ -49,7 +49,7 @@ class UnsupportedFormatError extends Error {
 }
 exports.UnsupportedFormatError = UnsupportedFormatError;
 class Spec {
-    constructor(version, formats, componentTypes, hashAlgorithms, hashValuePattern, externalReferenceTypes, supportsDependencyGraph, supportsToolReferences) {
+    constructor(version, formats, componentTypes, hashAlgorithms, hashValuePattern, externalReferenceTypes, supportsDependencyGraph, supportsToolReferences, requiresComponentVersion) {
         _Spec_version.set(this, void 0);
         _Spec_formats.set(this, void 0);
         _Spec_componentTypes.set(this, void 0);
@@ -58,6 +58,7 @@ class Spec {
         _Spec_externalReferenceTypes.set(this, void 0);
         _Spec_supportsDependencyGraph.set(this, void 0);
         _Spec_supportsToolReferences.set(this, void 0);
+        _Spec_requiresComponentVersion.set(this, void 0);
         __classPrivateFieldSet(this, _Spec_version, version, "f");
         __classPrivateFieldSet(this, _Spec_formats, new Set(formats), "f");
         __classPrivateFieldSet(this, _Spec_componentTypes, new Set(componentTypes), "f");
@@ -66,6 +67,7 @@ class Spec {
         __classPrivateFieldSet(this, _Spec_externalReferenceTypes, new Set(externalReferenceTypes), "f");
         __classPrivateFieldSet(this, _Spec_supportsDependencyGraph, supportsDependencyGraph, "f");
         __classPrivateFieldSet(this, _Spec_supportsToolReferences, supportsToolReferences, "f");
+        __classPrivateFieldSet(this, _Spec_requiresComponentVersion, requiresComponentVersion, "f");
     }
     get version() {
         return __classPrivateFieldGet(this, _Spec_version, "f");
@@ -92,8 +94,11 @@ class Spec {
     get supportsToolReferences() {
         return __classPrivateFieldGet(this, _Spec_supportsToolReferences, "f");
     }
+    get requiresComponentVersion() {
+        return __classPrivateFieldGet(this, _Spec_requiresComponentVersion, "f");
+    }
 }
-_Spec_version = new WeakMap(), _Spec_formats = new WeakMap(), _Spec_componentTypes = new WeakMap(), _Spec_hashAlgorithms = new WeakMap(), _Spec_hashValuePattern = new WeakMap(), _Spec_externalReferenceTypes = new WeakMap(), _Spec_supportsDependencyGraph = new WeakMap(), _Spec_supportsToolReferences = new WeakMap();
+_Spec_version = new WeakMap(), _Spec_formats = new WeakMap(), _Spec_componentTypes = new WeakMap(), _Spec_hashAlgorithms = new WeakMap(), _Spec_hashValuePattern = new WeakMap(), _Spec_externalReferenceTypes = new WeakMap(), _Spec_supportsDependencyGraph = new WeakMap(), _Spec_supportsToolReferences = new WeakMap(), _Spec_requiresComponentVersion = new WeakMap();
 exports.Spec1dot2 = Object.freeze(new Spec(Version.v1dot2, [
     Format.XML,
     Format.JSON
@@ -135,7 +140,7 @@ exports.Spec1dot2 = Object.freeze(new Spec(Version.v1dot2, [
     enums_1.ExternalReferenceType.BuildMeta,
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.Other
-], true, false));
+], true, false, true));
 exports.Spec1dot3 = Object.freeze(new Spec(Version.v1dot3, [
     Format.XML,
     Format.JSON
@@ -177,7 +182,7 @@ exports.Spec1dot3 = Object.freeze(new Spec(Version.v1dot3, [
     enums_1.ExternalReferenceType.BuildMeta,
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.Other
-], true, false));
+], true, false, true));
 exports.Spec1dot4 = Object.freeze(new Spec(Version.v1dot4, [
     Format.XML,
     Format.JSON
@@ -220,7 +225,7 @@ exports.Spec1dot4 = Object.freeze(new Spec(Version.v1dot4, [
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.ReleaseNotes,
     enums_1.ExternalReferenceType.Other
-], true, true));
+], true, true, false));
 exports.SpecVersionDict = Object.freeze(Object.fromEntries([
     [Version.v1dot2, exports.Spec1dot2],
     [Version.v1dot3, exports.Spec1dot3],

package/dist.node/spec.js.map

@@ -1 +1 @@
-{"version":3,"file":"spec.js","sourceRoot":"","sources":["../src/spec.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;EAiBE;;;;;;;;;;;;;;;AAEF,mCAA6E;AAG7E,IAAY,OAMX;AAND,WAAY,OAAO;IACjB,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;AAChB,CAAC,EANW,OAAO,GAAP,eAAO,KAAP,eAAO,QAMlB;AAED,IAAY,MAGX;AAHD,WAAY,MAAM;IAChB,qBAAW,CAAA;IACX,uBAAa,CAAA;AACf,CAAC,EAHW,MAAM,GAAN,cAAM,KAAN,cAAM,QAGjB;AAED,MAAa,sBAAuB,SAAQ,KAAK;CAChD;AADD,wDACC;AAwBD,MAAM,IAAI;IAUR,YACE,OAAgB,EAChB,OAAyB,EACzB,cAAuC,EACvC,cAAuC,EACvC,gBAAwB,EACxB,sBAAuD,EACvD,uBAAgC,EAChC,sBAA+B;QAjBjC,gCAA0B;QAC1B,gCAAsC;QACtC,uCAAoD;QACpD,uCAAoD;QACpD,yCAAkC;QAClC,+CAAoE;QACpE,gDAA0C;QAC1C,+CAAyC;QAYvC,uBAAA,IAAI,iBAAY,OAAO,MAAA,CAAA;QACvB,uBAAA,IAAI,iBAAY,IAAI,GAAG,CAAC,OAAO,CAAC,MAAA,CAAA;QAChC,uBAAA,IAAI,wBAAmB,IAAI,GAAG,CAAC,cAAc,CAAC,MAAA,CAAA;QAC9C,uBAAA,IAAI,wBAAmB,IAAI,GAAG,CAAC,cAAc,CAAC,MAAA,CAAA;QAC9C,uBAAA,IAAI,0BAAqB,gBAAgB,MAAA,CAAA;QACzC,uBAAA,IAAI,gCAA2B,IAAI,GAAG,CAAC,sBAAsB,CAAC,MAAA,CAAA;QAC9D,uBAAA,IAAI,iCAA4B,uBAAuB,MAAA,CAAA;QACvD,uBAAA,IAAI,gCAA2B,sBAAsB,MAAA,CAAA;IACvD,CAAC;IAED,IAAI,OAAO;QACT,OAAO,uBAAA,IAAI,qBAAS,CAAA;IACtB,CAAC;IAED,cAAc,CAAE,CAAe;QAC7B,OAAO,uBAAA,IAAI,qBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC7B,CAAC;IAED,qBAAqB,CAAE,EAAuB;QAC5C,OAAO,uBAAA,IAAI,4BAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACrC,CAAC;IAED,qBAAqB,CAAE,EAAuB;QAC5C,OAAO,uBAAA,IAAI,4BAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACrC,CAAC;IAED,iBAAiB,CAAE,EAAqB;QACtC,OAAO,OAAO,EAAE,KAAK,QAAQ;YAC3B,uBAAA,IAAI,8BAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACnC,CAAC;IAED,6BAA6B,CAAE,GAAgC;QAC7D,OAAO,uBAAA,IAAI,oCAAwB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,IAAI,uBAAuB;QACzB,OAAO,uBAAA,IAAI,qCAAyB,CAAA;IACtC,CAAC;IAED,IAAI,sBAAsB;QACxB,OAAO,uBAAA,IAAI,oCAAwB,CAAA;IACrC,CAAC;CACF;;AAGY,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,KAAK,CACN,CAAC,CAAA;AAGW,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,KAAK,CACN,CAAC,CAAA;AAGW,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,IAAI,CACL,CAAC,CAAA;AAEW,QAAA,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;IAC9D,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;IAC3B,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;IAC3B,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;CAC5B,CAA8C,CAAC,CAAA"}
+{"version":3,"file":"spec.js","sourceRoot":"","sources":["../src/spec.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;EAiBE;;;;;;;;;;;;;;;AAEF,mCAA6E;AAG7E,IAAY,OAMX;AAND,WAAY,OAAO;IACjB,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;IACd,yBAAc,CAAA;AAChB,CAAC,EANW,OAAO,GAAP,eAAO,KAAP,eAAO,QAMlB;AAED,IAAY,MAGX;AAHD,WAAY,MAAM;IAChB,qBAAW,CAAA;IACX,uBAAa,CAAA;AACf,CAAC,EAHW,MAAM,GAAN,cAAM,KAAN,cAAM,QAGjB;AAED,MAAa,sBAAuB,SAAQ,KAAK;CAChD;AADD,wDACC;AA0BD,MAAM,IAAI;IAWR,YACE,OAAgB,EAChB,OAAyB,EACzB,cAAuC,EACvC,cAAuC,EACvC,gBAAwB,EACxB,sBAAuD,EACvD,uBAAgC,EAChC,sBAA+B,EAC/B,wBAAiC;QAnBnC,gCAA0B;QAC1B,gCAAsC;QACtC,uCAAoD;QACpD,uCAAoD;QACpD,yCAAkC;QAClC,+CAAoE;QACpE,gDAA0C;QAC1C,+CAAyC;QACzC,iDAA2C;QAazC,uBAAA,IAAI,iBAAY,OAAO,MAAA,CAAA;QACvB,uBAAA,IAAI,iBAAY,IAAI,GAAG,CAAC,OAAO,CAAC,MAAA,CAAA;QAChC,uBAAA,IAAI,wBAAmB,IAAI,GAAG,CAAC,cAAc,CAAC,MAAA,CAAA;QAC9C,uBAAA,IAAI,wBAAmB,IAAI,GAAG,CAAC,cAAc,CAAC,MAAA,CAAA;QAC9C,uBAAA,IAAI,0BAAqB,gBAAgB,MAAA,CAAA;QACzC,uBAAA,IAAI,gCAA2B,IAAI,GAAG,CAAC,sBAAsB,CAAC,MAAA,CAAA;QAC9D,uBAAA,IAAI,iCAA4B,uBAAuB,MAAA,CAAA;QACvD,uBAAA,IAAI,gCAA2B,sBAAsB,MAAA,CAAA;QACrD,uBAAA,IAAI,kCAA6B,wBAAwB,MAAA,CAAA;IAC3D,CAAC;IAED,IAAI,OAAO;QACT,OAAO,uBAAA,IAAI,qBAAS,CAAA;IACtB,CAAC;IAED,cAAc,CAAE,CAAe;QAC7B,OAAO,uBAAA,IAAI,qBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC7B,CAAC;IAED,qBAAqB,CAAE,EAAuB;QAC5C,OAAO,uBAAA,IAAI,4BAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACrC,CAAC;IAED,qBAAqB,CAAE,EAAuB;QAC5C,OAAO,uBAAA,IAAI,4BAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACrC,CAAC;IAED,iBAAiB,CAAE,EAAqB;QACtC,OAAO,OAAO,EAAE,KAAK,QAAQ;YAC3B,uBAAA,IAAI,8BAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACnC,CAAC;IAED,6BAA6B,CAAE,GAAgC;QAC7D,OAAO,uBAAA,IAAI,oCAAwB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,IAAI,uBAAuB;QACzB,OAAO,uBAAA,IAAI,qCAAyB,CAAA;IACtC,CAAC;IAED,IAAI,sBAAsB;QACxB,OAAO,uBAAA,IAAI,oCAAwB,CAAA;IACrC,CAAC;IAED,IAAI,wBAAwB;QAC1B,OAAO,uBAAA,IAAI,sCAA0B,CAAA;IACvC,CAAC;CACF;;AAGY,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,KAAK,EACL,IAAI,CACL,CAAC,CAAA;AAGW,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,KAAK,EACL,IAAI,CACL,CAAC,CAAA;AAGW,QAAA,SAAS,GAAuB,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,CACjE,OAAO,CAAC,MAAM,EACd;IACE,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,IAAI;CACZ,EACD;IACE,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,OAAO;IACrB,qBAAa,CAAC,SAAS;IACvB,qBAAa,CAAC,eAAe;IAC7B,qBAAa,CAAC,MAAM;IACpB,qBAAa,CAAC,QAAQ;IACtB,qBAAa,CAAC,IAAI;CACnB,EACD;IACE,qBAAa,CAAC,GAAG;IACjB,qBAAa,CAAC,OAAO,CAAC;IACtB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,SAAS,CAAC;IACxB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,UAAU,CAAC;IACzB,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,aAAa,CAAC;IAC5B,qBAAa,CAAC,MAAM;CACrB,EACD,sGAAsG,EACtG;IACE,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,UAAU;IAChC,6BAAqB,CAAC,GAAG;IACzB,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,MAAM;IAC5B,6BAAqB,CAAC,IAAI;IAC1B,6BAAqB,CAAC,aAAa;IACnC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,OAAO;IAC7B,6BAAqB,CAAC,SAAS;IAC/B,6BAAqB,CAAC,WAAW;IACjC,6BAAqB,CAAC,YAAY;IAClC,6BAAqB,CAAC,KAAK;CAC5B,EACD,IAAI,EACJ,IAAI,EACJ,KAAK,CACN,CAAC,CAAA;AAEW,QAAA,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;IAC9D,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;IAC3B,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;IAC3B,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAS,CAAC;CAC5B,CAA8C,CAAC,CAAA"}

package/dist.node/types/cpe.js

@@ -19,7 +19,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCPE = void 0;
-const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/;
+const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/;
 function isCPE(value) {
     return typeof value === 'string' &&
         cpePattern.test(value);

package/dist.node/types/cpe.js.map

@@ -1 +1 @@
-{"version":3,"file":"cpe.js","sourceRoot":"","sources":["../../src/types/cpe.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;EAiBE;;;AAUF,MAAM,UAAU,GAAG,gXAAgX,CAAA;AAEnY,SAAgB,KAAK,CAAE,KAAU;IAC/B,OAAO,OAAO,KAAK,KAAK,QAAQ;QAC1B,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAHD,sBAGC"}
+{"version":3,"file":"cpe.js","sourceRoot":"","sources":["../../src/types/cpe.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;EAiBE;;;AAUF,MAAM,UAAU,GAAG,kVAAkV,CAAA;AAErW,SAAgB,KAAK,CAAE,KAAU;IAC/B,OAAO,OAAO,KAAK,KAAK,QAAQ;QAC1B,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAHD,sBAGC"}

package/dist.web/lib.dev.js

@@ -473,15 +473,27 @@ class PackageUrlFactory {
         _PackageUrlFactory_type.set(this, void 0);
         __classPrivateFieldSet(this, _PackageUrlFactory_type, type, "f");
     }
-    makeFromComponent(component) {
+    get type() {
+        return __classPrivateFieldGet(this, _PackageUrlFactory_type, "f");
+    }
+    makeFromComponent(component, sort = false) {
         const qualifiers = {};
         let subpath;
-        for (const e of component.externalReferences) {
-            if (e.type === enums_1.ExternalReferenceType.VCS) {
-                [qualifiers.vcs_url, subpath] = e.url.toString().split('#', 2);
-                break;
+        const extRefs = component.externalReferences;
+        for (const extRef of (sort ? extRefs.sorted() : extRefs)) {
+            switch (extRef.type) {
+                case enums_1.ExternalReferenceType.VCS:
+                    [qualifiers.vcs_url, subpath] = extRef.url.toString().split('#', 2);
+                    break;
+                case enums_1.ExternalReferenceType.Distribution:
+                    qualifiers.download_url = extRef.url.toString();
+                    break;
             }
         }
+        const hashes = component.hashes;
+        if (hashes.size > 0) {
+            qualifiers.checksum = Array.from(sort ? hashes.sorted() : hashes, ([hashAlgo, hashCont]) => `${hashAlgo.toLowerCase()}:${hashCont.toLowerCase()}`).join(',');
+        }
         try {
             return new packageurl_js_1.PackageURL(__classPrivateFieldGet(this, _PackageUrlFactory_type, "f"), component.group, component.name, component.version, qualifiers, subpath);
         }
@@ -566,6 +578,38 @@ class SortableSet extends Set {
 exports.SortableSet = SortableSet;
 
 
+/***/ }),
+
+/***/ "./src/helpers/tree.ts":
+/*!*****************************!*\
+  !*** ./src/helpers/tree.ts ***!
+  \*****************************/
+/***/ ((__unused_webpack_module, exports) => {
+
+
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.treeIterator = void 0;
+exports.treeIterator = Symbol('iterator of a tree/nesting-like structure');
+
+
 /***/ }),
 
 /***/ "./src/index.web.ts":
@@ -835,6 +879,7 @@ const hash_1 = __webpack_require__(/*! ./hash */ "./src/models/hash.ts");
 const externalReference_1 = __webpack_require__(/*! ./externalReference */ "./src/models/externalReference.ts");
 const license_1 = __webpack_require__(/*! ./license */ "./src/models/license.ts");
 const sortableSet_1 = __webpack_require__(/*! ../helpers/sortableSet */ "./src/helpers/sortableSet.ts");
+const tree_1 = __webpack_require__(/*! ../helpers/tree */ "./src/helpers/tree.ts");
 class Component {
     constructor(type, name, op = {}) {
         _Component_bomRef.set(this, void 0);
@@ -856,6 +901,7 @@ class Component {
         this.version = op.version;
         this.description = op.description;
         this.dependencies = op.dependencies ?? new bomRef_1.BomRefRepository();
+        this.components = op.components ?? new ComponentRepository();
         this.cpe = op.cpe;
     }
     get bomRef() {
@@ -889,6 +935,12 @@ class Component {
 exports.Component = Component;
 _Component_bomRef = new WeakMap(), _Component_cpe = new WeakMap();
 class ComponentRepository extends sortableSet_1.SortableSet {
+    *[tree_1.treeIterator]() {
+        for (const component of this) {
+            yield component;
+            yield* component.components[tree_1.treeIterator]();
+        }
+    }
 }
 exports.ComponentRepository = ComponentRepository;
 
@@ -1531,6 +1583,9 @@ class BomRefDiscriminator {
         __classPrivateFieldSet(this, _BomRefDiscriminator_originalValues, new Map(Array.from(bomRefs).map(ref => [ref, ref.value])), "f");
         __classPrivateFieldSet(this, _BomRefDiscriminator_prefix, prefix, "f");
     }
+    get prefix() {
+        return __classPrivateFieldGet(this, _BomRefDiscriminator_prefix, "f");
+    }
     [(_BomRefDiscriminator_originalValues = new WeakMap(), _BomRefDiscriminator_prefix = new WeakMap(), _BomRefDiscriminator_instances = new WeakSet(), Symbol.iterator)]() {
         return __classPrivateFieldGet(this, _BomRefDiscriminator_originalValues, "f").keys();
     }
@@ -1791,6 +1846,7 @@ const notUndefined_1 = __webpack_require__(/*! ../../helpers/notUndefined */ "./
 const Models = __importStar(__webpack_require__(/*! ../../models */ "./src/models/index.ts"));
 const spec_1 = __webpack_require__(/*! ../../spec */ "./src/spec.ts");
 const types_1 = __webpack_require__(/*! ./types */ "./src/serialize/json/types.ts");
+const tree_1 = __webpack_require__(/*! ../../helpers/tree */ "./src/helpers/tree.ts");
 class Factory {
     constructor(spec) {
         _Factory_spec.set(this, void 0);
@@ -1847,6 +1903,9 @@ class Base {
     constructor(factory) {
         this._factory = factory;
     }
+    get factory() {
+        return this._factory;
+    }
 }
 class BomNormalizer extends Base {
     normalize(data, options) {
@@ -1964,12 +2023,16 @@ class OrganizationalEntityNormalizer extends Base {
 exports.OrganizationalEntityNormalizer = OrganizationalEntityNormalizer;
 class ComponentNormalizer extends Base {
     normalize(data, options) {
-        return this._factory.spec.supportsComponentType(data.type)
+        const spec = this._factory.spec;
+        const version = data.version ?? '';
+        return spec.supportsComponentType(data.type)
             ? {
                 type: data.type,
                 name: data.name,
                 group: data.group || undefined,
-                version: data.version || '',
+                version: version.length > 0 || spec.requiresComponentVersion
+                    ? version
+                    : undefined,
                 'bom-ref': data.bomRef.value || undefined,
                 supplier: data.supplier === undefined
                     ? undefined
@@ -1992,6 +2055,9 @@ class ComponentNormalizer extends Base {
                     : this._factory.makeForSWID().normalize(data.swid, options),
                 externalReferences: data.externalReferences.size > 0
                     ? this._factory.makeForExternalReference().normalizeRepository(data.externalReferences, options)
+                    : undefined,
+                components: data.components.size > 0
+                    ? this.normalizeRepository(data.components, options)
                     : undefined
             }
             : undefined;
@@ -2107,9 +2173,12 @@ class DependencyGraphNormalizer extends Base {
         const allRefs = new Map();
         if (data.metadata.component !== undefined) {
             allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies);
+            for (const component of data.metadata.component.components[tree_1.treeIterator]()) {
+                allRefs.set(component.bomRef, component.dependencies);
+            }
         }
-        for (const c of data.components) {
-            allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies));
+        for (const component of data.components[tree_1.treeIterator]()) {
+            allRefs.set(component.bomRef, component.dependencies);
         }
         const normalized = [];
         for (const [ref, deps] of allRefs) {
@@ -2243,6 +2312,9 @@ class JsonSerializer extends baseSerializer_1.BaseSerializer {
         _JsonSerializer_normalizerFactory.set(this, void 0);
         __classPrivateFieldSet(this, _JsonSerializer_normalizerFactory, normalizerFactory, "f");
     }
+    get normalizerFactory() {
+        return __classPrivateFieldGet(this, _JsonSerializer_normalizerFactory, "f");
+    }
     _normalize(bom, options = {}) {
         return __classPrivateFieldGet(this, _JsonSerializer_normalizerFactory, "f").makeForBom()
             .normalize(bom, options);
@@ -2409,6 +2481,7 @@ const notUndefined_1 = __webpack_require__(/*! ../../helpers/notUndefined */ "./
 const Models = __importStar(__webpack_require__(/*! ../../models */ "./src/models/index.ts"));
 const spec_1 = __webpack_require__(/*! ../../spec */ "./src/spec.ts");
 const types_1 = __webpack_require__(/*! ./types */ "./src/serialize/xml/types.ts");
+const tree_1 = __webpack_require__(/*! ../../helpers/tree */ "./src/helpers/tree.ts");
 class Factory {
     constructor(spec) {
         _Factory_spec.set(this, void 0);
@@ -2465,6 +2538,9 @@ class Base {
     constructor(factory) {
         this._factory = factory;
     }
+    get factory() {
+        return this._factory;
+    }
 }
 class BomNormalizer extends Base {
     normalize(data, options) {
@@ -2633,12 +2709,16 @@ class OrganizationalEntityNormalizer extends Base {
 exports.OrganizationalEntityNormalizer = OrganizationalEntityNormalizer;
 class ComponentNormalizer extends Base {
     normalize(data, options, elementName) {
-        if (!this._factory.spec.supportsComponentType(data.type)) {
+        const spec = this._factory.spec;
+        if (!spec.supportsComponentType(data.type)) {
             return undefined;
         }
         const supplier = data.supplier === undefined
             ? undefined
             : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options, 'supplier');
+        const version = (spec.requiresComponentVersion
+            ? makeTextElement
+            : makeOptionalTextElement)(data.version ?? '', 'version');
         const hashes = data.hashes.size > 0
             ? {
                 type: 'element',
@@ -2664,6 +2744,13 @@ class ComponentNormalizer extends Base {
                     .normalizeRepository(data.externalReferences, options, 'reference')
             }
             : undefined;
+        const components = data.components.size > 0
+            ? {
+                type: 'element',
+                name: 'components',
+                children: this.normalizeRepository(data.components, options, 'component')
+            }
+            : undefined;
         return {
             type: 'element',
             name: elementName,
@@ -2677,7 +2764,7 @@ class ComponentNormalizer extends Base {
                 makeOptionalTextElement(data.publisher, 'publisher'),
                 makeOptionalTextElement(data.group, 'group'),
                 makeTextElement(data.name, 'name'),
-                makeTextElement(data.version ?? '', 'version'),
+                version,
                 makeOptionalTextElement(data.description, 'description'),
                 makeOptionalTextElement(data.scope, 'scope'),
                 hashes,
@@ -2686,7 +2773,8 @@ class ComponentNormalizer extends Base {
                 makeOptionalTextElement(data.cpe, 'cpe'),
                 makeOptionalTextElement(data.purl, 'purl'),
                 swid,
-                extRefs
+                extRefs,
+                components
             ].filter(notUndefined_1.isNotUndefined)
         };
     }
@@ -2829,9 +2917,12 @@ class DependencyGraphNormalizer extends Base {
         const allRefs = new Map();
         if (data.metadata.component !== undefined) {
             allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies);
+            for (const component of data.metadata.component.components[tree_1.treeIterator]()) {
+                allRefs.set(component.bomRef, component.dependencies);
+            }
         }
-        for (const c of data.components) {
-            allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies));
+        for (const component of data.components[tree_1.treeIterator]()) {
+            allRefs.set(component.bomRef, component.dependencies);
         }
         const normalized = [];
         for (const [ref, deps] of allRefs) {
@@ -2986,6 +3077,9 @@ class XmlBaseSerializer extends baseSerializer_1.BaseSerializer {
         _XmlBaseSerializer_normalizerFactory.set(this, void 0);
         __classPrivateFieldSet(this, _XmlBaseSerializer_normalizerFactory, normalizerFactory, "f");
     }
+    get normalizerFactory() {
+        return __classPrivateFieldGet(this, _XmlBaseSerializer_normalizerFactory, "f");
+    }
     _normalize(bom, options = {}) {
         return __classPrivateFieldGet(this, _XmlBaseSerializer_normalizerFactory, "f").makeForBom()
             .normalize(bom, options);
@@ -3165,7 +3259,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _Spec_version, _Spec_formats, _Spec_componentTypes, _Spec_hashAlgorithms, _Spec_hashValuePattern, _Spec_externalReferenceTypes, _Spec_supportsDependencyGraph, _Spec_supportsToolReferences;
+var _Spec_version, _Spec_formats, _Spec_componentTypes, _Spec_hashAlgorithms, _Spec_hashValuePattern, _Spec_externalReferenceTypes, _Spec_supportsDependencyGraph, _Spec_supportsToolReferences, _Spec_requiresComponentVersion;
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.SpecVersionDict = exports.Spec1dot4 = exports.Spec1dot3 = exports.Spec1dot2 = exports.UnsupportedFormatError = exports.Format = exports.Version = void 0;
 const enums_1 = __webpack_require__(/*! ./enums */ "./src/enums/index.ts");
@@ -3186,7 +3280,7 @@ class UnsupportedFormatError extends Error {
 }
 exports.UnsupportedFormatError = UnsupportedFormatError;
 class Spec {
-    constructor(version, formats, componentTypes, hashAlgorithms, hashValuePattern, externalReferenceTypes, supportsDependencyGraph, supportsToolReferences) {
+    constructor(version, formats, componentTypes, hashAlgorithms, hashValuePattern, externalReferenceTypes, supportsDependencyGraph, supportsToolReferences, requiresComponentVersion) {
         _Spec_version.set(this, void 0);
         _Spec_formats.set(this, void 0);
         _Spec_componentTypes.set(this, void 0);
@@ -3195,6 +3289,7 @@ class Spec {
         _Spec_externalReferenceTypes.set(this, void 0);
         _Spec_supportsDependencyGraph.set(this, void 0);
         _Spec_supportsToolReferences.set(this, void 0);
+        _Spec_requiresComponentVersion.set(this, void 0);
         __classPrivateFieldSet(this, _Spec_version, version, "f");
         __classPrivateFieldSet(this, _Spec_formats, new Set(formats), "f");
         __classPrivateFieldSet(this, _Spec_componentTypes, new Set(componentTypes), "f");
@@ -3203,6 +3298,7 @@ class Spec {
         __classPrivateFieldSet(this, _Spec_externalReferenceTypes, new Set(externalReferenceTypes), "f");
         __classPrivateFieldSet(this, _Spec_supportsDependencyGraph, supportsDependencyGraph, "f");
         __classPrivateFieldSet(this, _Spec_supportsToolReferences, supportsToolReferences, "f");
+        __classPrivateFieldSet(this, _Spec_requiresComponentVersion, requiresComponentVersion, "f");
     }
     get version() {
         return __classPrivateFieldGet(this, _Spec_version, "f");
@@ -3229,8 +3325,11 @@ class Spec {
     get supportsToolReferences() {
         return __classPrivateFieldGet(this, _Spec_supportsToolReferences, "f");
     }
+    get requiresComponentVersion() {
+        return __classPrivateFieldGet(this, _Spec_requiresComponentVersion, "f");
+    }
 }
-_Spec_version = new WeakMap(), _Spec_formats = new WeakMap(), _Spec_componentTypes = new WeakMap(), _Spec_hashAlgorithms = new WeakMap(), _Spec_hashValuePattern = new WeakMap(), _Spec_externalReferenceTypes = new WeakMap(), _Spec_supportsDependencyGraph = new WeakMap(), _Spec_supportsToolReferences = new WeakMap();
+_Spec_version = new WeakMap(), _Spec_formats = new WeakMap(), _Spec_componentTypes = new WeakMap(), _Spec_hashAlgorithms = new WeakMap(), _Spec_hashValuePattern = new WeakMap(), _Spec_externalReferenceTypes = new WeakMap(), _Spec_supportsDependencyGraph = new WeakMap(), _Spec_supportsToolReferences = new WeakMap(), _Spec_requiresComponentVersion = new WeakMap();
 exports.Spec1dot2 = Object.freeze(new Spec(Version.v1dot2, [
     Format.XML,
     Format.JSON
@@ -3272,7 +3371,7 @@ exports.Spec1dot2 = Object.freeze(new Spec(Version.v1dot2, [
     enums_1.ExternalReferenceType.BuildMeta,
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.Other
-], true, false));
+], true, false, true));
 exports.Spec1dot3 = Object.freeze(new Spec(Version.v1dot3, [
     Format.XML,
     Format.JSON
@@ -3314,7 +3413,7 @@ exports.Spec1dot3 = Object.freeze(new Spec(Version.v1dot3, [
     enums_1.ExternalReferenceType.BuildMeta,
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.Other
-], true, false));
+], true, false, true));
 exports.Spec1dot4 = Object.freeze(new Spec(Version.v1dot4, [
     Format.XML,
     Format.JSON
@@ -3357,7 +3456,7 @@ exports.Spec1dot4 = Object.freeze(new Spec(Version.v1dot4, [
     enums_1.ExternalReferenceType.BuildSystem,
     enums_1.ExternalReferenceType.ReleaseNotes,
     enums_1.ExternalReferenceType.Other
-], true, true));
+], true, true, false));
 exports.SpecVersionDict = Object.freeze(Object.fromEntries([
     [Version.v1dot2, exports.Spec1dot2],
     [Version.v1dot3, exports.Spec1dot3],
@@ -3394,7 +3493,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.isCPE = void 0;
-const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/;
+const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/;
 function isCPE(value) {
     return typeof value === 'string' &&
         cpePattern.test(value);