proto upgrade #1902
Merged
proto upgrade #1902
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prabhu
commented
Jun 19, 2025
| .fromJsonString(stringifyIfNeeded(bomJson), { | ||
| toBinary( | ||
| bomSchema, | ||
| fromJsonString(bomSchema, stringifyIfNeeded(bomJson), { |
There was a problem hiding this comment.
I am not particularly proud of this snippet, but things do not always directly translate between jsonschema and protobuf correctly. On occasions, there could be bugs in the spec.
prabhu
commented
Jun 19, 2025
| @@ -110,7 +110,8 @@ | |||
| }, | |||
| "optionalDependencies": { | |||
| "@appthreat/atom": "2.2.5", | |||
| "@appthreat/cdx-proto": "1.0.1", | |||
| "@appthreat/cdx-proto": "1.1.0", | |||
There was a problem hiding this comment.
Maybe we should create a mono-repo structure and move this library to within cdxgen?
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
d0ae201 to
0fc4d3f
Compare
prabhu
commented
Jun 19, 2025
| @@ -58,7 +58,7 @@ | |||
| "cdx-verify": "bin/verify.js" | |||
| }, | |||
| "scripts": { | |||
| "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js --inject-globals false lib/managers/docker.test.js lib/helpers/utils.test.js lib/helpers/display.test.js lib/stages/postgen/postgen.test.js lib/evinser/swiftsem.test.js lib/server/server.test.js", | |||
| "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js --inject-globals false lib/managers/docker.test.js lib/helpers/protobom.test.js lib/helpers/utils.test.js lib/helpers/display.test.js lib/stages/postgen/postgen.test.js lib/evinser/swiftsem.test.js lib/server/server.test.js", | |||
There was a problem hiding this comment.
I have a feeling the protobom.test.js may not work in all os and node combinations. let's find out what works and what doesn't.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upgraded protobuf dependencies and made proto-related cli arguments public, so people can start using. Attached zip includes the cdxgen BOM is json and .proto format. 410 KB vs 107 KB.
bom.zip
Might need some effort to make things compatible with protobuf libraries in other languages, but its time to try this.