From bf96f33527731fba17887d7ba674aa79b8de0fb0 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 11 Jun 2024 12:34:54 +0600 Subject: [PATCH 1/4] chore(deps): bump `github.com/CycloneDX/cyclonedx-go` to `v0.9.0` --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e041336347b5..e89d26e96169 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 github.com/BurntSushi/toml v1.4.0 - github.com/CycloneDX/cyclonedx-go v0.8.0 + github.com/CycloneDX/cyclonedx-go v0.9.0 github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible github.com/Masterminds/sprig/v3 v3.2.3 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index 5c4cc4d02054..134e1d777079 100644 --- a/go.sum +++ b/go.sum @@ -653,8 +653,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= -github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= +github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8= +github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ= From 82d0fd1d2dfac1315d9b2ea54bfe48aae4e40407 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 11 Jun 2024 12:40:35 +0600 Subject: [PATCH 2/4] test(unit): use 1.6 version --- pkg/sbom/cyclonedx/marshal_test.go | 42 +++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index d86cbfd1a218..d1fc8a455a2a 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -254,10 +254,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000014", Version: 1, Metadata: &cdx.Metadata{ @@ -909,10 +909,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000007", Version: 1, Metadata: &cdx.Metadata{ @@ -1293,10 +1293,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000007", Version: 1, Metadata: &cdx.Metadata{ @@ -1518,10 +1518,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { BOM: testSBOM, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000002", Version: 1, Metadata: &cdx.Metadata{ @@ -1770,10 +1770,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", Version: 1, Metadata: &cdx.Metadata{ @@ -1956,10 +1956,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000003", Version: 1, Metadata: &cdx.Metadata{ @@ -2044,10 +2044,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { Results: types.Results{}, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000002", Version: 1, Metadata: &cdx.Metadata{ From b39783b5ebf6f9219adc8063ee227ab9f50f994a Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 11 Jun 2024 12:40:59 +0600 Subject: [PATCH 3/4] test(integration): use 1.6 version --- integration/testdata/conda-cyclonedx.json.golden | 4 ++-- integration/testdata/conda-environment-cyclonedx.json.golden | 4 ++-- .../testdata/fluentd-multiple-lockfiles.cdx.json.golden | 4 ++-- integration/testdata/pom-cyclonedx.json.golden | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index 9640112cce12..7f3a352fcce7 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", "version": 1, "metadata": { diff --git a/integration/testdata/conda-environment-cyclonedx.json.golden b/integration/testdata/conda-environment-cyclonedx.json.golden index e927b7594bfb..7062e1e1a356 100644 --- a/integration/testdata/conda-environment-cyclonedx.json.golden +++ b/integration/testdata/conda-environment-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", "version": 1, "metadata": { diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden index 934bda200639..cc442e7d881d 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000163", "version": 1, "metadata": { diff --git a/integration/testdata/pom-cyclonedx.json.golden b/integration/testdata/pom-cyclonedx.json.golden index 0baa2382d58c..42650c62b54e 100644 --- a/integration/testdata/pom-cyclonedx.json.golden +++ b/integration/testdata/pom-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000005", "version": 1, "metadata": { From 62148648a7680727838400713e7f7b4adfc6d789 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 11 Jun 2024 12:50:00 +0600 Subject: [PATCH 4/4] test(cyclonedx): use 1.6 version for unmarshal_test.go --- pkg/sbom/cyclonedx/testdata/happy/bom.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sbom/cyclonedx/testdata/happy/bom.json b/pkg/sbom/cyclonedx/testdata/happy/bom.json index a7a1a474b8bd..e2d68e96b38b 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": {