Skip to content

fix: adding require-dev to rootRequires in parseComposerJson #2064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 16, 2025
Merged

fix: adding require-dev to rootRequires in parseComposerJson #2064

merged 3 commits into from
Jul 16, 2025

Conversation

lirshindalman
Copy link
Contributor

Description
This MR updates the PHP parser logic in parseComposerJson to ensure that require-dev dependencies are also added to the rootRequires list. This aligns the behavior with the handling of require dependencies, enabling a more complete and accurate representation of the project's dependency tree in the SBOM.

Motivation
Previously, only require dependencies were being tracked in rootRequires, causing require-dev packages to be excluded from root-level analysis. This change ensures that development dependencies are also included, which is useful for auditing, security scanning, and development context.

Notes
The change is minimal and does not impact dependency resolution.

Only affects PHP projects using composer.json.

@lirshindalman lirshindalman requested a review from prabhu as a code owner July 16, 2025 08:24
@lirshindalman lirshindalman force-pushed the php_add_require_dev_to_rootRequires branch from eed3cef to 2d6c6a2 Compare July 16, 2025 09:04
prabhu
prabhu approved these changes Jul 16, 2025
View reviewed changes
Copy link
Collaborator

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@prabhu
Copy link
Collaborator

prabhu commented Jul 16, 2025

could you kindly run pnpm run lint && pnpm run gen-types

@lirshindalman
Copy link
Contributor Author

@prabhu Thanks for the quick response!

agging require-dev to rootRequires in parseComposerJson
f3e5234 
Signed-off-by: lshindelman <lshindelman@paloaltonetworks.com>
@lirshindalman lirshindalman force-pushed the php_add_require_dev_to_rootRequires branch from 46a9432 to eda95fb Compare July 16, 2025 10:35
prabhu
prabhu reviewed Jul 16, 2025
View reviewed changes
lshindelman added 2 commits July 16, 2025 14:11
add test for parseComposerJson
c21c6ee 
Signed-off-by: lshindelman <lshindelman@paloaltonetworks.com>
add test for parseComposerJson
886c77e 
Signed-off-by: lshindelman <lshindelman@paloaltonetworks.com>
@lirshindalman lirshindalman force-pushed the php_add_require_dev_to_rootRequires branch from eda95fb to 886c77e Compare July 16, 2025 11:12
@prabhu prabhu merged commit 8c2f6d2 into CycloneDX:master Jul 16, 2025
80 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
lang:php
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lirshindalman @prabhu