Replace @cyclonedx/cyclonedx-library's internal types with cyclonedx …

…specification types (#6155) * moved dependency resolution to appropriate package.json file Signed-off-by: Amndeep Singh Mann <[email protected]> * added resolution for @types/lru-cache to not try to install lru-cache@11 which is causing breakages for us at the moment due to minimum supported node versions Signed-off-by: Amndeep Singh Mann <[email protected]> * only the frontend package.json needs to know about vue Signed-off-by: Amndeep Singh Mann <[email protected]> * re-ordered scripts Signed-off-by: Amndeep Singh Mann <[email protected]> * manually delete libxmljs2 which is an optional dependency for @cyclonedx/cyclonedx-library. this optional dependency adds architecture specific binaries to the node_modules, which we do not want since they get packaged with hdf-converters. hdf-converters is used in the saf cli where we are trying to make noarch rpm binaries. Signed-off-by: Amndeep Singh Mann <[email protected]> * combination between applying the packagejson changes, generic updates, and correcting resolution urls to use the npm and not the yarn registry Signed-off-by: Amndeep Singh Mann <[email protected]> * while it works and builds properly when doing a local and a docker build, it fails when trying to do a netlify build so at this point I'm throwing my hands up. there doesn't seem to be a way to resolve that problem other than editing the yarnlock file along with deleting the dependency which has no straight forward way of happening aside from doing some terminal magic which I've been super reluctant to do. consequently we're just going to have architecture specific binaries in the saf cli rpm binary. Signed-off-by: Amndeep Singh Mann <[email protected]> * Removed cyclonedx library dependency entirely and replaced internal types/classes usage with types built off of the specification Signed-off-by: Amndeep Singh Mann <[email protected]> * linter Signed-off-by: Amndeep Singh Mann <[email protected]> --------- Signed-off-by: Amndeep Singh Mann <[email protected]>
mitre · Sep 11, 2024 · 5aba9a1 · 5aba9a1
1 parent aa2b481
commit 5aba9a1
Show file tree

Hide file tree

Showing 10 changed files with 9,289 additions and 535 deletions.
diff --git a/apps/frontend/package.json b/apps/frontend/package.json
@@ -127,6 +127,11 @@
     "ts-jest": "^29.1.0",
     "vue-jest": "^3.0.7"
   },
+  "resolutions": {
+    "adm-zip": "0.5.12",
+    "@types/lru-cache/lru-cache@*": "^10.3.0",
+    "prismjs": "1.29.0"
+  },
   "engines": {
     "node": "^18.19.0"
   },

diff --git a/libs/hdf-converters/package.json b/libs/hdf-converters/package.json
@@ -11,22 +11,21 @@
     "main": "lib/index.js"
   },
   "scripts": {
-    "prepack": "yarn build && node prepack.js",
-    "postpack": "run-script-os",
-    "postpack:darwin:linux": "mv package.json.orig package.json",
-    "postpack:win32": "move package.json.orig package.json",
     "build": "run-script-os",
     "build:darwin:linux": "../../node_modules/.bin/tsc -p ./tsconfig.build.json && cp -R ./data ./lib",
     "build:win32": "../../node_modules/.bin/tsc -p ./tsconfig.build.json && xcopy data lib",
     "lint": "eslint \"**/*.ts\" --fix",
     "lint:ci": "eslint \"**/*.ts\" --max-warnings 0",
+    "prepack": "yarn build && node prepack.js",
+    "postpack": "run-script-os",
+    "postpack:darwin:linux": "mv package.json.orig package.json",
+    "postpack:win32": "move package.json.orig package.json",
     "test": "jest",
     "csv2json": "tsx data/converters/csv2json.ts",
     "xml2json": "tsx data/converters/xml2json.ts"
   },
   "dependencies": {
     "@aws-sdk/client-config-service": "^3.95.0",
-    "@cyclonedx/cyclonedx-library": "^6.11.0",
     "@e965/xlsx": "^0.20.0",
     "@mdi/js": "^7.0.96",
     "@microsoft/microsoft-graph-types": "^2.40.0",
@@ -75,6 +74,13 @@
     "typedoc": "^0.26.2"
   },
   "jest": {
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts",
+      "d.ts",
+      "node"
+    ],
     "moduleNameMapper": {
       "axios": "axios/dist/node/axios.cjs"
     },

diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json
diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json
diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json
@@ -1,9 +1,9 @@
 {
   "platform": {
     "name": "Heimdall Tools",
-    "release": "2.10.14"
+    "release": "2.10.15"
   },
-  "version": "2.10.14",
+  "version": "2.10.15",
   "statistics": {},
   "profiles": [
     {
@@ -90,13 +90,13 @@
             {
               "status": "failed",
               "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar is vulnerable",
-              "message": "-Component Summary-\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar",
+              "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar",
               "start_time": ""
             }
           ]
         }
       ],
-      "sha256": "6e7fa4296080be8402cc3a052be4ef033a98f9520959b3ec5dce5c906651160f"
+      "sha256": "11edd9546478812825f507e52fd640da19bd27f7370f43bfb90b455dbbe03fed"
     }
   ],
   "passthrough": {

diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json
@@ -1,9 +1,9 @@
 {
   "platform": {
     "name": "Heimdall Tools",
-    "release": "2.10.14"
+    "release": "2.10.15"
   },
-  "version": "2.10.14",
+  "version": "2.10.15",
   "statistics": {},
   "profiles": [
     {
@@ -90,13 +90,13 @@
             {
               "status": "failed",
               "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar is vulnerable",
-              "message": "-Component Summary-\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar",
+              "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar",
               "start_time": ""
             }
           ]
         }
       ],
-      "sha256": "6e7fa4296080be8402cc3a052be4ef033a98f9520959b3ec5dce5c906651160f"
+      "sha256": "11edd9546478812825f507e52fd640da19bd27f7370f43bfb90b455dbbe03fed"
     }
   ],
   "passthrough": {