From d3afc750a201ce9bac7def9563137c2b4fbb732b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnter=20Schafranek?= Date: Mon, 13 Oct 2025 16:30:53 +0200 Subject: [PATCH 01/12] feat: Dependency track tags reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Allow providing (multiple) tags for dependency track reporting Signed-off-by: Günter Schafranek --- README.md | 1 + bin/cdxgen.js | 3 +++ docs/CLI.md | 1 + docs/README.md | 2 ++ lib/cli/index.js | 8 ++++++++ lib/server/server.js | 1 + 6 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 0b5d3e34a0..2333711b15 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,7 @@ Options: --project-group Dependency track project group --project-name Dependency track project name. Default use the directory name --project-version Dependency track project version [string] [default: ""] + --project-tag Dependency track project tag. Multiple values allowed. [array] --project-id Dependency track project id. Either provide the id or the project name and version tog ether [string] --parent-project-id Dependency track parent project id [string] diff --git a/bin/cdxgen.js b/bin/cdxgen.js index e29d02d1f4..7f8ff4338f 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -136,6 +136,9 @@ const args = _yargs default: "", type: "string", }) + .option("project-tag", { + description: "Dependency track project tag. Multiple values allowed.", + }) .option("project-id", { description: "Dependency track project id. Either provide the id or the project name and version together", diff --git a/docs/CLI.md b/docs/CLI.md index 07d0c47a3e..47421e40ec 100644 --- a/docs/CLI.md +++ b/docs/CLI.md @@ -81,6 +81,7 @@ Options: --project-group Dependency track project group --project-name Dependency track project name. Default use the directory name --project-version Dependency track project version [string] [default: ""] + --project-tag Dependency track project tags. Multiple values allowed. [array] --project-id Dependency track project id. Either provide the id or the project name and version tog ether [string] --parent-project-id Dependency track parent project id [string] diff --git a/docs/README.md b/docs/README.md index 3632f08e18..1ad2a922ec 100644 --- a/docs/README.md +++ b/docs/README.md @@ -133,6 +133,8 @@ Invoke cdxgen with the below arguments to automatically submit the BOM to your o --project-name Dependency track project name. Default use the di rectory name --project-version Dependency track project version [default: ""] + --project-tag Dependency track project tag. Multiple values all + owed. [array] --project-id Dependency track project id. Either provide the i d or the project name and version together --parent-project-id Dependency track parent project id diff --git a/lib/cli/index.js b/lib/cli/index.js index f5502f18c1..d3492fdae4 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -8677,6 +8677,14 @@ export async function submitBom(args, bomContents) { ) { bomPayload.parentUUID = args.parentProjectId || args.parentUUID; } + if (typeof args.projectTag !== "undefined") { + // If args.projectTag is not an array, convert it to an array + // Attention, array items should be of form { name: "tagName " } + // see https://yoursky.blue/documentation/rest-api#tag/bom/operation/UploadBomBase64Encoded + bomPayload.projectTags = ( + Array.isArray(args.projectTag) ? args.projectTag : [args.projectTag] + ).map((tag) => ({ name: tag })); + } if (DEBUG_MODE) { console.log( "Submitting BOM to", diff --git a/lib/server/server.js b/lib/server/server.js index 0e54cf895d..a13f468cbf 100644 --- a/lib/server/server.js +++ b/lib/server/server.js @@ -34,6 +34,7 @@ const ALLOWED_PARAMS = [ "projectId", "projectName", "projectGroup", + "projectTag", "projectVersion", "parentUUID", "serverUrl", From 89c262769a2352e1316d951c5eab65622f9889ef Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 08:45:30 +0200 Subject: [PATCH 02/12] test(cli): Started implementing unit test for SBOM reporting params Signed-off-by: Guenter Schafranek --- lib/cli/index.poku.js | 58 ++++++++++++++++++++++++ package.json | 2 + pnpm-lock.yaml | 102 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 157 insertions(+), 5 deletions(-) create mode 100644 lib/cli/index.poku.js diff --git a/lib/cli/index.poku.js b/lib/cli/index.poku.js new file mode 100644 index 0000000000..c851e3df1a --- /dev/null +++ b/lib/cli/index.poku.js @@ -0,0 +1,58 @@ +import quibble from "quibble"; +import sinon from "sinon"; +import { assert, beforeEach, afterEach, describe, it } from "poku"; + +describe("CLI tests", () => { + let gotStub; + let submitBom; + + beforeEach(async () => { + // Create a sinon stub that mimics got() + const fakeGotResponse = { + json: sinon.stub().resolves({ success: true }), + }; + + gotStub = sinon.stub().returns(fakeGotResponse); + + // Attach extend to the function itself + gotStub.extend = sinon.stub().returns(gotStub); + + // Replace the real 'got' module with our stub + await quibble.esm("got", { + default: gotStub, + }); + + // Import the module under test AFTER quibble + ({ submitBom } = await import("./index.js")); + }); + + afterEach(() => { + quibble.reset(); // Restore real modules + }); + + it("should report the SBOM with given project tag", async () => { + const serverUrl = "https://api.example.com/upload"; + const projectId = "1111"; + const projectName = "test"; + const projectVersion = "1.0.0"; + const bomPayload = { bom: "test" }; + + await submitBom( + { serverUrl, projectId, projectName, projectVersion }, + bomPayload, + ); + + // Verify got was called exactly once + sinon.assert.calledOnce(gotStub); + + // Grab call arguments + const [calledUrl, options] = gotStub.firstCall.args; + + assert.equal(calledUrl, serverUrl); + assert.equal(options.method, "PUT"); + assert.equal(options.https.rejectUnauthorized, true); + assert.equal(options.headers["X-Api-Key"], "MY_API_KEY"); + assert.match(options.headers["user-agent"], /@CycloneDX\/cdxgen/); + assert.deepEqual(options.json, bomPayload); + }); +}); diff --git a/package.json b/package.json index 0f968582cd..937ae620d0 100644 --- a/package.json +++ b/package.json @@ -271,6 +271,8 @@ "devDependencies": { "@biomejs/biome": "2.2.5", "poku": "3.0.2", + "quibble": "^0.9.2", + "sinon": "^21.0.0", "typescript": "5.9.3" }, "optionalDependencies": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a668339c0f..c374983dd6 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -273,6 +273,12 @@ importers: poku: specifier: 3.0.2 version: 3.0.2 + quibble: + specifier: ^0.9.2 + version: 0.9.2 + sinon: + specifier: ^21.0.0 + version: 21.0.0 typescript: specifier: 5.9.3 version: 5.9.3 @@ -601,6 +607,15 @@ packages: resolution: {integrity: sha512-7F/yz2IphV39hiS2zB4QYVkivrptHHh0K8qJJd9HhuWSdvf8AN7NpebW3CcDZDBQsUPMoDKWsY2WWgW7bqOcfA==} engines: {node: '>=18'} + '@sinonjs/commons@3.0.1': + resolution: {integrity: sha512-K3mCHKQ9sVh8o1C9cxkwxaOmXoAMlDxC1mYyHrjqOWEcBjYr76t96zL2zlj5dUGZ3HSw240X1qgH3Mjf1yJWpQ==} + + '@sinonjs/fake-timers@13.0.5': + resolution: {integrity: sha512-36/hTbH2uaWuGVERyC6da9YwGWnzUZXuPro/F2LfsdOsLnCojz/iSH8MxUt/FD2S5XBSVPhmArFUXcpCQ2Hkiw==} + + '@sinonjs/samsam@8.0.3': + resolution: {integrity: sha512-hw6HbX+GyVZzmaYNh82Ecj1vdGZrqVIn/keDTg63IgAwiQPO+xCz99uG6Woqgb4tM0mUiFENKZ4cqd7IX94AXQ==} + '@szmarczak/http-timer@5.0.1': resolution: {integrity: sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw==} engines: {node: '>=14.16'} @@ -835,6 +850,10 @@ packages: detect-node@2.1.0: resolution: {integrity: sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==} + diff@7.0.0: + resolution: {integrity: sha512-PJWHUb1RFevKCwaFA9RlG5tCd+FO5iRh9A8HEtkmBH2Li03iJriB6m6JIN4rGz3K3JLawI7/veA1xzRKP6ISBw==} + engines: {node: '>=0.3.1'} + dom-serializer@2.0.0: resolution: {integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==} @@ -1078,6 +1097,10 @@ packages: resolution: {integrity: sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==} engines: {node: '>= 12'} + is-core-module@2.16.1: + resolution: {integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==} + engines: {node: '>= 0.4'} + is-fullwidth-code-point@3.0.0: resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} engines: {node: '>=8'} @@ -1349,6 +1372,9 @@ packages: resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} engines: {node: '>=8'} + path-parse@1.0.7: + resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==} + path-scurry@2.0.0: resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==} engines: {node: 20 || >=22} @@ -1409,6 +1435,10 @@ packages: resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==} engines: {node: '>=0.6'} + quibble@0.9.2: + resolution: {integrity: sha512-BrL7hrZcbyyt5ZDfePkGFDc3m82uUtxCPOnpRUrkOdtBnmV9ldQKxXORkKL8eIzToRNaCpIPyKyfdfq/tBlFAA==} + engines: {node: '>= 0.14.0'} + quick-lru@5.1.1: resolution: {integrity: sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==} engines: {node: '>=10'} @@ -1440,6 +1470,11 @@ packages: resolve-alpn@1.2.1: resolution: {integrity: sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==} + resolve@1.22.10: + resolution: {integrity: sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==} + engines: {node: '>= 0.4'} + hasBin: true + responselike@3.0.0: resolution: {integrity: sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg==} engines: {node: '>=14.16'} @@ -1550,6 +1585,9 @@ packages: simple-get@4.0.1: resolution: {integrity: sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==} + sinon@21.0.0: + resolution: {integrity: sha512-TOgRcwFPbfGtpqvZw+hyqJDvqfapr1qUlOizROIk4bBLjlsjlB00Pg6wMFXNtJRpu+eCZuVOaLatG7M8105kAw==} + slice-ansi@4.0.0: resolution: {integrity: sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==} engines: {node: '>=10'} @@ -1612,6 +1650,10 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} + supports-preserve-symlinks-flag@1.0.0: + resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==} + engines: {node: '>= 0.4'} + table@6.9.0: resolution: {integrity: sha512-9kY+CygyYM6j02t5YFHbNz2FN5QmYGv9zAjVp4lCDjlCw7amdckXlEt/bjMhUIfj4ThGRE4gCUH5+yGnNuPo5A==} engines: {node: '>=10.0.0'} @@ -1647,6 +1689,14 @@ packages: tunnel-agent@0.6.0: resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==} + type-detect@4.0.8: + resolution: {integrity: sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==} + engines: {node: '>=4'} + + type-detect@4.1.0: + resolution: {integrity: sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw==} + engines: {node: '>=4'} + type-fest@4.41.0: resolution: {integrity: sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==} engines: {node: '>=16'} @@ -2020,6 +2070,19 @@ snapshots: '@sindresorhus/is@7.1.0': {} + '@sinonjs/commons@3.0.1': + dependencies: + type-detect: 4.0.8 + + '@sinonjs/fake-timers@13.0.5': + dependencies: + '@sinonjs/commons': 3.0.1 + + '@sinonjs/samsam@8.0.3': + dependencies: + '@sinonjs/commons': 3.0.1 + type-detect: 4.1.0 + '@szmarczak/http-timer@5.0.1': dependencies: defer-to-connect: 2.0.1 @@ -2299,6 +2362,8 @@ snapshots: detect-node@2.1.0: {} + diff@7.0.0: {} + dom-serializer@2.0.0: dependencies: domelementtype: 2.3.0 @@ -2432,8 +2497,7 @@ snapshots: minipass: 7.1.2 optional: true - function-bind@1.1.2: - optional: true + function-bind@1.1.2: {} get-caller-file@2.0.5: {} @@ -2517,7 +2581,6 @@ snapshots: hasown@2.0.2: dependencies: function-bind: 1.1.2 - optional: true hosted-git-info@9.0.2: dependencies: @@ -2579,6 +2642,10 @@ snapshots: ip-address@10.0.1: optional: true + is-core-module@2.16.1: + dependencies: + hasown: 2.0.2 + is-fullwidth-code-point@3.0.0: {} is-stream@4.0.1: {} @@ -2627,8 +2694,7 @@ snapshots: lodash.truncate@4.4.2: {} - lodash@4.17.21: - optional: true + lodash@4.17.21: {} lowercase-keys@3.0.0: {} @@ -2853,6 +2919,8 @@ snapshots: path-key@3.1.1: {} + path-parse@1.0.7: {} + path-scurry@2.0.0: dependencies: lru-cache: 11.2.2 @@ -2922,6 +2990,11 @@ snapshots: side-channel: 1.1.0 optional: true + quibble@0.9.2: + dependencies: + lodash: 4.17.21 + resolve: 1.22.10 + quick-lru@5.1.1: {} raw-body@3.0.1: @@ -2953,6 +3026,12 @@ snapshots: resolve-alpn@1.2.1: {} + resolve@1.22.10: + dependencies: + is-core-module: 2.16.1 + path-parse: 1.0.7 + supports-preserve-symlinks-flag: 1.0.0 + responselike@3.0.0: dependencies: lowercase-keys: 3.0.0 @@ -3065,6 +3144,13 @@ snapshots: simple-concat: 1.0.1 optional: true + sinon@21.0.0: + dependencies: + '@sinonjs/commons': 3.0.1 + '@sinonjs/fake-timers': 13.0.5 + '@sinonjs/samsam': 8.0.3 + diff: 7.0.0 + slice-ansi@4.0.0: dependencies: ansi-styles: 4.3.0 @@ -3145,6 +3231,8 @@ snapshots: strip-json-comments@3.1.1: optional: true + supports-preserve-symlinks-flag@1.0.0: {} + table@6.9.0: dependencies: ajv: 8.17.1 @@ -3208,6 +3296,10 @@ snapshots: safe-buffer: 5.2.1 optional: true + type-detect@4.0.8: {} + + type-detect@4.1.0: {} + type-fest@4.41.0: {} type-is@2.0.1: From 068be9a77050aa8dae77f656b8b67be2b8e81ccf Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 10:02:05 +0200 Subject: [PATCH 03/12] docs(cli): Docs concerning tag feature on SBOM reporting - Reference (link) to dependency-track release v4.12.0 which introduces the feature - API docu links Signed-off-by: Guenter Schafranek --- lib/cli/index.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/cli/index.js b/lib/cli/index.js index 8484735bce..81d1637e56 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -8688,6 +8688,12 @@ export async function submitBom(args, bomContents) { ) { bomPayload.parentUUID = args.parentProjectId || args.parentUUID; } + // Add project tags if provided + // see https://docs.dependencytrack.org/2024/10/01/v4.12.0/ + // corresponding API usage documentation can be found on the + // API docs site of your instance, see + // https://docs.dependencytrack.org/integrations/rest-api/ + // or public instance see https://yoursky.blue/documentation/rest-api if (typeof args.projectTag !== "undefined") { // If args.projectTag is not an array, convert it to an array // Attention, array items should be of form { name: "tagName " } From c3fc454f677e066a2d2a9cc089c376b0313e3597 Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 10:02:53 +0200 Subject: [PATCH 04/12] test(cli): First SBOM reporting test - Taking dependency-track project id, name, version and tag into account Signed-off-by: Guenter Schafranek --- lib/cli/index.poku.js | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/lib/cli/index.poku.js b/lib/cli/index.poku.js index c851e3df1a..0bf87d526c 100644 --- a/lib/cli/index.poku.js +++ b/lib/cli/index.poku.js @@ -30,16 +30,30 @@ describe("CLI tests", () => { quibble.reset(); // Restore real modules }); - it("should report the SBOM with given project tag", async () => { - const serverUrl = "https://api.example.com/upload"; - const projectId = "1111"; - const projectName = "test"; + it("should successfully report the SBOM with given project id, name, version and a single tag", async () => { + const serverUrl = "https://dtrack.example.com"; + const projectId = "f7cb9f02-8041-4991-9101-b01fa07a6522"; + const projectName = "cdxgen-test-project"; const projectVersion = "1.0.0"; - const bomPayload = { bom: "test" }; + const projectTag = "tag1"; + const bomContent = { + bom: "test" + }; + const apiKey = "TEST_API_KEY"; + const skipDtTlsCheck = false; + + const expectedRequestPayload = { + autoCreate: "true", + bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent + project: projectId, + projectName, + projectVersion, + projectTags: [{ name: projectTag }], + }; await submitBom( - { serverUrl, projectId, projectName, projectVersion }, - bomPayload, + { serverUrl, projectId, projectName, projectVersion, apiKey, skipDtTlsCheck, projectTag }, + bomContent, ); // Verify got was called exactly once @@ -48,11 +62,12 @@ describe("CLI tests", () => { // Grab call arguments const [calledUrl, options] = gotStub.firstCall.args; - assert.equal(calledUrl, serverUrl); + // Assert call arguments against expectations + assert.equal(calledUrl, serverUrl + "/api/v1/bom"); assert.equal(options.method, "PUT"); - assert.equal(options.https.rejectUnauthorized, true); - assert.equal(options.headers["X-Api-Key"], "MY_API_KEY"); + assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); + assert.equal(options.headers["X-Api-Key"], apiKey); assert.match(options.headers["user-agent"], /@CycloneDX\/cdxgen/); - assert.deepEqual(options.json, bomPayload); + assert.deepEqual(options.json, expectedRequestPayload); }); }); From 10c6f7cc2e6f823029c50c945d001b4b39548cd4 Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 16:02:07 +0200 Subject: [PATCH 05/12] build(deps): Package fixed versions and overrides Signed-off-by: Guenter Schafranek --- package.json | 8 ++++++-- pnpm-lock.yaml | 10 +++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 6d13338488..dbae5e3616 100644 --- a/package.json +++ b/package.json @@ -517,8 +517,8 @@ "devDependencies": { "@biomejs/biome": "2.2.6", "poku": "3.0.2", - "quibble": "^0.9.2", - "sinon": "^21.0.0", + "quibble": "0.9.2", + "sinon": "21.0.0", "typescript": "5.9.3" }, "optionalDependencies": { @@ -612,6 +612,9 @@ "@npmcli/redact": "3.2.2", "@sec-ant/readable-stream": "0.4.1", "@sindresorhus/is": "7.1.0", + "@sinonjs/commons": "3.0.1", + "@sinonjs/fake-timers": "13.0.5", + "@sinonjs/samsam": "8.0.3", "@szmarczak/http-timer": "5.0.1", "@types/debug": "4.1.12", "@types/http-cache-semantics": "4.0.4", @@ -846,6 +849,7 @@ "signal-exit": "4.1.0", "simple-concat": "1.0.1", "simple-get": "4.0.1", + "sinon": "21.0.0", "slice-ansi": "4.0.0", "smart-buffer": "4.2.0", "socks": "2.8.7", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1e2d9ce3c6..59961af620 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -63,6 +63,9 @@ overrides: '@npmcli/redact': 3.2.2 '@sec-ant/readable-stream': 0.4.1 '@sindresorhus/is': 7.1.0 + '@sinonjs/commons': 3.0.1 + '@sinonjs/fake-timers': 13.0.5 + '@sinonjs/samsam': 8.0.3 '@szmarczak/http-timer': 5.0.1 '@types/debug': 4.1.12 '@types/http-cache-semantics': 4.0.4 @@ -297,6 +300,7 @@ overrides: signal-exit: 4.1.0 simple-concat: 1.0.1 simple-get: 4.0.1 + sinon: 21.0.0 slice-ansi: 4.0.0 smart-buffer: 4.2.0 socks: 2.8.7 @@ -519,10 +523,10 @@ importers: specifier: 3.0.2 version: 3.0.2 quibble: - specifier: ^0.9.2 + specifier: 0.9.2 version: 0.9.2 sinon: - specifier: ^21.0.0 + specifier: 21.0.0 version: 21.0.0 typescript: specifier: 5.9.3 @@ -1697,7 +1701,7 @@ packages: resolution: {integrity: sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==} engines: {node: '>= 0.4'} hasBin: true - + responselike@4.0.2: resolution: {integrity: sha512-cGk8IbWEAnaCpdAt1BHzJ3Ahz5ewDJa0KseTsE3qIRMJ3C698W8psM7byCeWVpd/Ha7FUYzuRVzXoKoM6nRUbA==} engines: {node: '>=20'} From 9777208a24742e46b3bb65eae24c7ed1091a8bba Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 16:41:10 +0200 Subject: [PATCH 06/12] build(deps): Package overrides Signed-off-by: Guenter Schafranek --- package.json | 18 ++++++++++++++++++ pnpm-lock.yaml | 15 ++++++++------- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index dbae5e3616..ab6964d55c 100644 --- a/package.json +++ b/package.json @@ -170,6 +170,9 @@ "@npmcli/redact": "3.2.2", "@sec-ant/readable-stream": "0.4.1", "@sindresorhus/is": "7.1.0", + "@sinonjs/commons": "3.0.1", + "@sinonjs/fake-timers": "13.0.5", + "@sinonjs/samsam": "8.0.3", "@szmarczak/http-timer": "5.0.1", "@types/debug": "4.1.12", "@types/http-cache-semantics": "4.0.4", @@ -225,6 +228,7 @@ "depd": "2.0.0", "detect-libc": "2.1.0", "detect-node": "2.1.0", + "diff": "7.0.0", "dom-serializer": "2.0.0", "domelementtype": "2.3.0", "domhandler": "5.0.3", @@ -288,6 +292,7 @@ "inherits": "2.0.4", "ini": "5.0.0", "ip-address": "10.0.1", + "is-core-module": "2.16.1", "is-fullwidth-code-point": "3.0.0", "is-stream": "4.0.1", "isexe": "3.1.1", @@ -358,6 +363,7 @@ "parse5-parser-stream": "7.1.2", "parseurl": "1.3.3", "path-key": "3.1.1", + "path-parse": "1.0.7", "path-scurry": "2.0.0", "pg-connection-string": "2.9.1", "picocolors": "1.1.1", @@ -374,6 +380,7 @@ "properties-reader": "2.3.0", "pump": "3.0.3", "qs": "6.14.0", + "quibble": "0.9.2", "quick-lru": "5.1.1", "raw-body": "3.0.1", "rc": "1.2.8", @@ -382,6 +389,7 @@ "require-directory": "2.1.1", "require-from-string": "2.0.2", "resolve-alpn": "1.2.1", + "resolve": "1.22.10", "responselike": "4.0.2", "retry": "0.12.0", "retry-as-promised": "7.1.1", @@ -404,6 +412,7 @@ "signal-exit": "4.1.0", "simple-concat": "1.0.1", "simple-get": "4.0.1", + "sinon": "21.0.0", "slice-ansi": "4.0.0", "smart-buffer": "4.2.0", "socks": "2.8.7", @@ -420,6 +429,7 @@ "string-width": "4.2.3", "strip-ansi": "6.0.1", "strip-json-comments": "3.1.1", + "supports-preserve-symlinks-flag": "1.0.0", "table": "6.9.0", "tar": "7.5.1", "tar-fs": "3.1.1", @@ -430,6 +440,7 @@ "toposort-class": "1.0.1", "treeverse": "3.0.0", "tunnel-agent": "0.6.0", + "type-detect": "4.1.0", "type-fest": "4.41.0", "type-is": "2.0.1", "typescript": "5.9.3", @@ -670,6 +681,7 @@ "depd": "2.0.0", "detect-libc": "2.1.0", "detect-node": "2.1.0", + "diff": "7.0.0", "dom-serializer": "2.0.0", "domelementtype": "2.3.0", "domhandler": "5.0.3", @@ -733,6 +745,7 @@ "inherits": "2.0.4", "ini": "5.0.0", "ip-address": "10.0.1", + "is-core-module": "2.16.1", "is-fullwidth-code-point": "3.0.0", "is-stream": "4.0.1", "isexe": "3.1.1", @@ -803,6 +816,7 @@ "parse5-parser-stream": "7.1.2", "parseurl": "1.3.3", "path-key": "3.1.1", + "path-parse": "1.0.7", "path-scurry": "2.0.0", "pg-connection-string": "2.9.1", "picocolors": "1.1.1", @@ -819,6 +833,7 @@ "properties-reader": "2.3.0", "pump": "3.0.3", "qs": "6.14.0", + "quibble": "0.9.2", "quick-lru": "5.1.1", "raw-body": "3.0.1", "rc": "1.2.8", @@ -827,6 +842,7 @@ "require-directory": "2.1.1", "require-from-string": "2.0.2", "resolve-alpn": "1.2.1", + "resolve": "1.22.10", "responselike": "4.0.2", "retry": "0.12.0", "retry-as-promised": "7.1.1", @@ -866,6 +882,7 @@ "string-width": "4.2.3", "strip-ansi": "6.0.1", "strip-json-comments": "3.1.1", + "supports-preserve-symlinks-flag": "1.0.0", "table": "6.9.0", "tar": "7.5.1", "tar-fs": "3.1.1", @@ -876,6 +893,7 @@ "toposort-class": "1.0.1", "treeverse": "3.0.0", "tunnel-agent": "0.6.0", + "type-detect": "4.1.0", "type-fest": "4.41.0", "type-is": "2.0.1", "typescript": "5.9.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 59961af620..77cca68c69 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -121,6 +121,7 @@ overrides: depd: 2.0.0 detect-libc: 2.1.0 detect-node: 2.1.0 + diff: 7.0.0 dom-serializer: 2.0.0 domelementtype: 2.3.0 domhandler: 5.0.3 @@ -184,6 +185,7 @@ overrides: inherits: 2.0.4 ini: 5.0.0 ip-address: 10.0.1 + is-core-module: 2.16.1 is-fullwidth-code-point: 3.0.0 is-stream: 4.0.1 isexe: 3.1.1 @@ -254,6 +256,7 @@ overrides: parse5-parser-stream: 7.1.2 parseurl: 1.3.3 path-key: 3.1.1 + path-parse: 1.0.7 path-scurry: 2.0.0 pg-connection-string: 2.9.1 picocolors: 1.1.1 @@ -270,6 +273,7 @@ overrides: properties-reader: 2.3.0 pump: 3.0.3 qs: 6.14.0 + quibble: 0.9.2 quick-lru: 5.1.1 raw-body: 3.0.1 rc: 1.2.8 @@ -278,6 +282,7 @@ overrides: require-directory: 2.1.1 require-from-string: 2.0.2 resolve-alpn: 1.2.1 + resolve: 1.22.10 responselike: 4.0.2 retry: 0.12.0 retry-as-promised: 7.1.1 @@ -317,6 +322,7 @@ overrides: string-width: 4.2.3 strip-ansi: 6.0.1 strip-json-comments: 3.1.1 + supports-preserve-symlinks-flag: 1.0.0 table: 6.9.0 tar: 7.5.1 tar-fs: 3.1.1 @@ -327,6 +333,7 @@ overrides: toposort-class: 1.0.1 treeverse: 3.0.0 tunnel-agent: 0.6.0 + type-detect: 4.1.0 type-fest: 4.41.0 type-is: 2.0.1 typescript: 5.9.3 @@ -1908,10 +1915,6 @@ packages: tunnel-agent@0.6.0: resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==} - type-detect@4.0.8: - resolution: {integrity: sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==} - engines: {node: '>=4'} - type-detect@4.1.0: resolution: {integrity: sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw==} engines: {node: '>=4'} @@ -2293,7 +2296,7 @@ snapshots: '@sinonjs/commons@3.0.1': dependencies: - type-detect: 4.0.8 + type-detect: 4.1.0 '@sinonjs/fake-timers@13.0.5': dependencies: @@ -3491,8 +3494,6 @@ snapshots: safe-buffer: 5.2.1 optional: true - type-detect@4.0.8: {} - type-detect@4.1.0: {} type-fest@4.41.0: {} From ef52e56867e41c0783cc83125b95e623741f92a4 Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Wed, 22 Oct 2025 17:12:07 +0200 Subject: [PATCH 07/12] test(cli): Added another test case Signed-off-by: Guenter Schafranek --- lib/cli/index.poku.js | 178 ++++++++++++++++++++++++++++-------------- 1 file changed, 119 insertions(+), 59 deletions(-) diff --git a/lib/cli/index.poku.js b/lib/cli/index.poku.js index 0bf87d526c..8b1ff14f7b 100644 --- a/lib/cli/index.poku.js +++ b/lib/cli/index.poku.js @@ -1,73 +1,133 @@ +import { afterEach, assert, beforeEach, describe, it } from "poku"; import quibble from "quibble"; import sinon from "sinon"; -import { assert, beforeEach, afterEach, describe, it } from "poku"; describe("CLI tests", () => { - let gotStub; - let submitBom; + describe("submitBom()", () => { + let gotStub; + let submitBom; - beforeEach(async () => { - // Create a sinon stub that mimics got() - const fakeGotResponse = { - json: sinon.stub().resolves({ success: true }), - }; + beforeEach(async () => { + // Create a sinon stub that mimics got() + const fakeGotResponse = { + json: sinon.stub().resolves({ success: true }), + }; - gotStub = sinon.stub().returns(fakeGotResponse); + gotStub = sinon.stub().returns(fakeGotResponse); - // Attach extend to the function itself - gotStub.extend = sinon.stub().returns(gotStub); + // Attach extend to the function itself + gotStub.extend = sinon.stub().returns(gotStub); - // Replace the real 'got' module with our stub - await quibble.esm("got", { - default: gotStub, + // Replace the real 'got' module with our stub + await quibble.esm("got", { + default: gotStub, + }); + + // Import the module under test AFTER quibble + ({ submitBom } = await import(`./index.js?update=${Date.now()}`)); }); - // Import the module under test AFTER quibble - ({ submitBom } = await import("./index.js")); - }); + afterEach(async () => { + await quibble.reset(); + sinon.reset(); + }); - afterEach(() => { - quibble.reset(); // Restore real modules - }); + it("should successfully report the SBOM with given project id, name, version and a single tag", async () => { + const serverUrl = "https://dtrack.example.com"; + const projectId = "f7cb9f02-8041-4991-9101-b01fa07a6522"; + const projectName = "cdxgen-test-project"; + const projectVersion = "1.0.0"; + const projectTag = "tag1"; + const bomContent = { + bom: "test", + }; + const apiKey = "TEST_API_KEY"; + const skipDtTlsCheck = false; + + const expectedRequestPayload = { + autoCreate: "true", + bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent + project: projectId, + projectName, + projectVersion, + projectTags: [{ name: projectTag }], + }; + + await submitBom( + { + serverUrl, + projectId, + projectName, + projectVersion, + apiKey, + skipDtTlsCheck, + projectTag, + }, + bomContent, + ); + + // Verify got was called exactly once + sinon.assert.calledOnce(gotStub); + + // Grab call arguments + const [calledUrl, options] = gotStub.firstCall.args; - it("should successfully report the SBOM with given project id, name, version and a single tag", async () => { - const serverUrl = "https://dtrack.example.com"; - const projectId = "f7cb9f02-8041-4991-9101-b01fa07a6522"; - const projectName = "cdxgen-test-project"; - const projectVersion = "1.0.0"; - const projectTag = "tag1"; - const bomContent = { - bom: "test" - }; - const apiKey = "TEST_API_KEY"; - const skipDtTlsCheck = false; - - const expectedRequestPayload = { - autoCreate: "true", - bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent - project: projectId, - projectName, - projectVersion, - projectTags: [{ name: projectTag }], - }; - - await submitBom( - { serverUrl, projectId, projectName, projectVersion, apiKey, skipDtTlsCheck, projectTag }, - bomContent, - ); - - // Verify got was called exactly once - sinon.assert.calledOnce(gotStub); - - // Grab call arguments - const [calledUrl, options] = gotStub.firstCall.args; - - // Assert call arguments against expectations - assert.equal(calledUrl, serverUrl + "/api/v1/bom"); - assert.equal(options.method, "PUT"); - assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); - assert.equal(options.headers["X-Api-Key"], apiKey); - assert.match(options.headers["user-agent"], /@CycloneDX\/cdxgen/); - assert.deepEqual(options.json, expectedRequestPayload); + // Assert call arguments against expectations + assert.equal(calledUrl, serverUrl + "/api/v1/bom"); + assert.equal(options.method, "PUT"); + assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); + assert.equal(options.headers["X-Api-Key"], apiKey); + assert.match(options.headers["user-agent"], /@CycloneDX\/cdxgen/); + assert.deepEqual(options.json, expectedRequestPayload); + }); + + it("should successfully report the SBOM with given parent project, name, version and multiple single tags", async () => { + const serverUrl = "https://dtrack.example.com"; + const projectName = "cdxgen-test-project"; + const projectVersion = "1.0.0"; + const projectTag = "tag1"; + const parentProjectId = "f7cb9f02-8041-4991-9101-b01fa07a6522"; + const bomContent = { + bom: "test", + }; + const apiKey = "TEST_API_KEY"; + const skipDtTlsCheck = false; + + const expectedRequestPayload = { + autoCreate: "true", + bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent + parentUUID: parentProjectId, + projectName, + projectVersion, + projectTags: [{ name: projectTag }], + }; + + await submitBom( + { + serverUrl, + parentProjectId, + projectName, + projectVersion, + apiKey, + skipDtTlsCheck, + projectTag, + }, + bomContent, + ); + + // Verify got was called exactly once + sinon.assert.calledOnce(gotStub); + + // Grab call arguments + const [calledUrl, options] = gotStub.firstCall.args; + + // Assert call arguments against expectations + assert.equal(calledUrl, serverUrl + "/api/v1/bom"); + assert.equal(options.method, "PUT"); + assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); + assert.equal(options.headers["X-Api-Key"], apiKey); + assert.match(options.headers["user-agent"], /@CycloneDX\/cdxgen/); + assert.deepEqual(options.json, expectedRequestPayload); + }); }); }); From d6e797e437ed79cba36b59eadaf4e02aab35d7d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnter=20Schafranek?= Date: Thu, 23 Oct 2025 22:44:41 +0200 Subject: [PATCH 08/12] style(cli): Biome fix/format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günter Schafranek --- lib/cli/index.poku.js | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/lib/cli/index.poku.js b/lib/cli/index.poku.js index 0bf87d526c..4b310f48c7 100644 --- a/lib/cli/index.poku.js +++ b/lib/cli/index.poku.js @@ -1,6 +1,6 @@ +import { afterEach, assert, beforeEach, describe, it } from "poku"; import quibble from "quibble"; import sinon from "sinon"; -import { assert, beforeEach, afterEach, describe, it } from "poku"; describe("CLI tests", () => { let gotStub; @@ -37,22 +37,30 @@ describe("CLI tests", () => { const projectVersion = "1.0.0"; const projectTag = "tag1"; const bomContent = { - bom: "test" - }; - const apiKey = "TEST_API_KEY"; - const skipDtTlsCheck = false; + bom: "test", + }; + const apiKey = "TEST_API_KEY"; + const skipDtTlsCheck = false; - const expectedRequestPayload = { - autoCreate: "true", - bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent - project: projectId, - projectName, - projectVersion, - projectTags: [{ name: projectTag }], - }; + const expectedRequestPayload = { + autoCreate: "true", + bom: "eyJib20iOiJ0ZXN0In0=", // stringified and base64 encoded bomContent + project: projectId, + projectName, + projectVersion, + projectTags: [{ name: projectTag }], + }; await submitBom( - { serverUrl, projectId, projectName, projectVersion, apiKey, skipDtTlsCheck, projectTag }, + { + serverUrl, + projectId, + projectName, + projectVersion, + apiKey, + skipDtTlsCheck, + projectTag, + }, bomContent, ); @@ -62,8 +70,8 @@ describe("CLI tests", () => { // Grab call arguments const [calledUrl, options] = gotStub.firstCall.args; - // Assert call arguments against expectations - assert.equal(calledUrl, serverUrl + "/api/v1/bom"); + // Assert call arguments against expectations + assert.equal(calledUrl, `${serverUrl}/api/v1/bom`); assert.equal(options.method, "PUT"); assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); assert.equal(options.headers["X-Api-Key"], apiKey); From df3d26bf29115b3bb1bc74eb8b2814a33dd3854d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnter=20Schafranek?= Date: Thu, 23 Oct 2025 22:45:29 +0200 Subject: [PATCH 09/12] build(deps): Reverted overrides, only keeping direct packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günter Schafranek --- package.json | 128 +++-------------------------------------------- pnpm-lock.yaml | 133 +++++++++++++++---------------------------------- 2 files changed, 47 insertions(+), 214 deletions(-) diff --git a/package.json b/package.json index 947f373849..969a04bbdb 100644 --- a/package.json +++ b/package.json @@ -139,17 +139,9 @@ "@npmcli/package-json": "7.0.1", "@npmcli/query": "4.0.1", "@npmcli/redact": "3.2.2", - "@sec-ant/readable-stream": "0.4.1", - "@sindresorhus/is": "7.1.0", "@sinonjs/commons": "3.0.1", "@sinonjs/fake-timers": "13.0.5", "@sinonjs/samsam": "8.0.3", - "@szmarczak/http-timer": "5.0.1", - "@types/debug": "4.1.12", - "@types/http-cache-semantics": "4.0.4", - "@types/ms": "2.1.0", - "@types/node": "24.5.1", - "@types/validator": "13.15.3", "abbrev": "3.0.1", "ajv": "8.17.1", "ajv-formats": "3.0.1", @@ -162,22 +154,7 @@ "compression": "1.8.1", "connect": "3.7.0", "debug": "4.4.1", - "decompress-response": "6.0.0", - "deep-extend": "0.6.0", - "defer-to-connect": "2.0.1", - "define-data-property": "1.1.4", - "define-properties": "1.2.1", - "depd": "2.0.0", - "detect-libc": "2.1.0", - "detect-node": "2.1.0", - "diff": "7.0.0", - "dom-serializer": "2.0.0", - "domelementtype": "2.3.0", - "domhandler": "5.0.3", - "domutils": "3.2.2", - "dottie": "2.0.6", - "dunder-proto": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", + "decompress-response": "7.0.0", "edn-data": "1.1.2", "encoding": "0.1.13", "escape-string-regexp": "4.0.0", @@ -187,9 +164,6 @@ "hosted-git-info": "9.0.2", "iconv-lite": "0.7.0", "ini": "5.0.0", - "ip-address": "10.0.1", - "is-core-module": "2.16.1", - "is-fullwidth-code-point": "3.0.0", "is-stream": "4.0.1", "isexe": "3.1.1", "json-parse-even-better-errors": "4.0.0", @@ -213,16 +187,6 @@ "on-finished": "2.4.1", "packageurl-js": "1.0.2", "parse-conflict-json": "4.0.0", - "parse5": "7.3.0", - "parse5-htmlparser2-tree-adapter": "7.1.0", - "parse5-parser-stream": "7.1.2", - "parseurl": "1.3.3", - "path-key": "3.1.1", - "path-parse": "1.0.7", - "path-scurry": "2.0.0", - "pg-connection-string": "2.9.1", - "picocolors": "1.1.1", - "picomatch": "4.0.3", "poku": "3.0.2", "prettify-xml": "1.2.0", "proc-log": "5.0.0", @@ -230,44 +194,21 @@ "promise-all-reject-late": "1.0.1", "promise-call-limit": "3.0.2", "properties-reader": "2.3.0", - "pump": "3.0.3", - "qs": "6.14.0", - "quibble": "0.9.2", - "quick-lru": "5.1.1", - "raw-body": "3.0.1", - "rc": "1.2.8", - "read-cmd-shim": "5.0.0", + "quibble": "0.9.2", "read-package-json-fast": "4.0.0", - "require-directory": "2.1.1", - "require-from-string": "2.0.2", - "resolve-alpn": "1.2.1", - "resolve": "1.22.10", "responselike": "4.0.2", "semver": "7.7.3", "sequelize": "6.37.7", "signal-exit": "4.1.0", - "simple-concat": "1.0.1", - "simple-get": "4.0.1", "sinon": "21.0.0", - "slice-ansi": "4.0.0", - "smart-buffer": "4.2.0", - "socks": "2.8.7", - "socks-proxy-agent": "8.0.5", - "spdx-correct": "3.2.0", - "spdx-exceptions": "2.5.0", - "spdx-expression-parse": "3.0.1", - "spdx-license-ids": "3.0.22", "sprintf-js": "1.1.3", "sqlite3": "npm:@appthreat/sqlite3@6.0.9", "ssri": "12.0.0", "statuses": "2.0.2", "strip-json-comments": "3.1.1", - "supports-preserve-symlinks-flag": "1.0.0", "table": "6.9.0", "tar": "7.5.1", "treeverse": "3.0.0", - "tunnel-agent": "0.6.0", - "type-detect": "4.1.0", "type-fest": "4.41.0", "typescript": "5.9.3", "unique-filename": "4.0.0", @@ -401,17 +342,9 @@ "@npmcli/package-json": "7.0.1", "@npmcli/query": "4.0.1", "@npmcli/redact": "3.2.2", - "@sec-ant/readable-stream": "0.4.1", - "@sindresorhus/is": "7.1.0", "@sinonjs/commons": "3.0.1", "@sinonjs/fake-timers": "13.0.5", "@sinonjs/samsam": "8.0.3", - "@szmarczak/http-timer": "5.0.1", - "@types/debug": "4.1.12", - "@types/http-cache-semantics": "4.0.4", - "@types/ms": "2.1.0", - "@types/node": "24.5.1", - "@types/validator": "13.15.3", "abbrev": "3.0.1", "ajv": "8.17.1", "ajv-formats": "3.0.1", @@ -424,22 +357,7 @@ "compression": "1.8.1", "connect": "3.7.0", "debug": "4.4.1", - "decompress-response": "6.0.0", - "deep-extend": "0.6.0", - "defer-to-connect": "2.0.1", - "define-data-property": "1.1.4", - "define-properties": "1.2.1", - "depd": "2.0.0", - "detect-libc": "2.1.0", - "detect-node": "2.1.0", - "diff": "7.0.0", - "dom-serializer": "2.0.0", - "domelementtype": "2.3.0", - "domhandler": "5.0.3", - "domutils": "3.2.2", - "dottie": "2.0.6", - "dunder-proto": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", + "decompress-response": "7.0.0", "edn-data": "1.1.2", "encoding": "0.1.13", "escape-string-regexp": "4.0.0", @@ -449,9 +367,6 @@ "hosted-git-info": "9.0.2", "iconv-lite": "0.7.0", "ini": "5.0.0", - "ip-address": "10.0.1", - "is-core-module": "2.16.1", - "is-fullwidth-code-point": "3.0.0", "is-stream": "4.0.1", "isexe": "3.1.1", "json-parse-even-better-errors": "4.0.0", @@ -475,16 +390,6 @@ "on-finished": "2.4.1", "packageurl-js": "1.0.2", "parse-conflict-json": "4.0.0", - "parse5": "7.3.0", - "parse5-htmlparser2-tree-adapter": "7.1.0", - "parse5-parser-stream": "7.1.2", - "parseurl": "1.3.3", - "path-key": "3.1.1", - "path-parse": "1.0.7", - "path-scurry": "2.0.0", - "pg-connection-string": "2.9.1", - "picocolors": "1.1.1", - "picomatch": "4.0.3", "poku": "3.0.2", "prettify-xml": "1.2.0", "proc-log": "5.0.0", @@ -492,45 +397,22 @@ "promise-all-reject-late": "1.0.1", "promise-call-limit": "3.0.2", "properties-reader": "2.3.0", - "pump": "3.0.3", - "qs": "6.14.0", "quibble": "0.9.2", - "quick-lru": "5.1.1", - "raw-body": "3.0.1", - "rc": "1.2.8", - "read-cmd-shim": "5.0.0", "read-package-json-fast": "4.0.0", - "require-directory": "2.1.1", - "require-from-string": "2.0.2", - "resolve-alpn": "1.2.1", - "resolve": "1.22.10", "responselike": "4.0.2", "semver": "7.7.3", "sequelize": "6.37.7", "signal-exit": "4.1.0", - "simple-concat": "1.0.1", - "simple-get": "4.0.1", "sinon": "21.0.0", - "slice-ansi": "4.0.0", - "smart-buffer": "4.2.0", - "socks": "2.8.7", - "socks-proxy-agent": "8.0.5", - "spdx-correct": "3.2.0", - "spdx-exceptions": "2.5.0", - "spdx-expression-parse": "3.0.1", - "spdx-license-ids": "3.0.22", "sprintf-js": "1.1.3", "sqlite3": "npm:@appthreat/sqlite3@6.0.9", "ssri": "12.0.0", "statuses": "2.0.2", "strip-json-comments": "3.1.1", - "supports-preserve-symlinks-flag": "1.0.0", "table": "6.9.0", "tar": "7.5.1", "tar-fs": "3.1.1", "treeverse": "3.0.0", - "tunnel-agent": "0.6.0", - "type-detect": "4.1.0", "type-fest": "4.41.0", "typescript": "5.9.3", "unique-filename": "4.0.0", @@ -567,5 +449,9 @@ "onFail": "ignore" } ] + }, + "volta": { + "node": "22.21.0", + "pnpm": "10.19.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 20a7968a3e..a621d756ce 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,17 +32,9 @@ overrides: '@npmcli/package-json': 7.0.1 '@npmcli/query': 4.0.1 '@npmcli/redact': 3.2.2 - '@sec-ant/readable-stream': 0.4.1 - '@sindresorhus/is': 7.1.0 '@sinonjs/commons': 3.0.1 '@sinonjs/fake-timers': 13.0.5 '@sinonjs/samsam': 8.0.3 - '@szmarczak/http-timer': 5.0.1 - '@types/debug': 4.1.12 - '@types/http-cache-semantics': 4.0.4 - '@types/ms': 2.1.0 - '@types/node': 24.5.1 - '@types/validator': 13.15.3 abbrev: 3.0.1 ajv: 8.17.1 ajv-formats: 3.0.1 @@ -55,22 +47,7 @@ overrides: compression: 1.8.1 connect: 3.7.0 debug: 4.4.1 - decompress-response: 6.0.0 - deep-extend: 0.6.0 - defer-to-connect: 2.0.1 - define-data-property: 1.1.4 - define-properties: 1.2.1 - depd: 2.0.0 - detect-libc: 2.1.0 - detect-node: 2.1.0 - diff: 7.0.0 - dom-serializer: 2.0.0 - domelementtype: 2.3.0 - domhandler: 5.0.3 - domutils: 3.2.2 - dottie: 2.0.6 - dunder-proto: 1.0.1 - ecdsa-sig-formatter: 1.0.11 + decompress-response: 7.0.0 edn-data: 1.1.2 encoding: 0.1.13 escape-string-regexp: 4.0.0 @@ -80,9 +57,6 @@ overrides: hosted-git-info: 9.0.2 iconv-lite: 0.7.0 ini: 5.0.0 - ip-address: 10.0.1 - is-core-module: 2.16.1 - is-fullwidth-code-point: 3.0.0 is-stream: 4.0.1 isexe: 3.1.1 json-parse-even-better-errors: 4.0.0 @@ -106,16 +80,6 @@ overrides: on-finished: 2.4.1 packageurl-js: 1.0.2 parse-conflict-json: 4.0.0 - parse5: 7.3.0 - parse5-htmlparser2-tree-adapter: 7.1.0 - parse5-parser-stream: 7.1.2 - parseurl: 1.3.3 - path-key: 3.1.1 - path-parse: 1.0.7 - path-scurry: 2.0.0 - pg-connection-string: 2.9.1 - picocolors: 1.1.1 - picomatch: 4.0.3 poku: 3.0.2 prettify-xml: 1.2.0 proc-log: 5.0.0 @@ -123,45 +87,22 @@ overrides: promise-all-reject-late: 1.0.1 promise-call-limit: 3.0.2 properties-reader: 2.3.0 - pump: 3.0.3 - qs: 6.14.0 quibble: 0.9.2 - quick-lru: 5.1.1 - raw-body: 3.0.1 - rc: 1.2.8 - read-cmd-shim: 5.0.0 read-package-json-fast: 4.0.0 - require-directory: 2.1.1 - require-from-string: 2.0.2 - resolve-alpn: 1.2.1 - resolve: 1.22.10 responselike: 4.0.2 semver: 7.7.3 sequelize: 6.37.7 signal-exit: 4.1.0 - simple-concat: 1.0.1 - simple-get: 4.0.1 sinon: 21.0.0 - slice-ansi: 4.0.0 - smart-buffer: 4.2.0 - socks: 2.8.7 - socks-proxy-agent: 8.0.5 - spdx-correct: 3.2.0 - spdx-exceptions: 2.5.0 - spdx-expression-parse: 3.0.1 - spdx-license-ids: 3.0.22 sprintf-js: 1.1.3 sqlite3: npm:@appthreat/sqlite3@6.0.9 ssri: 12.0.0 statuses: 2.0.2 strip-json-comments: 3.1.1 - supports-preserve-symlinks-flag: 1.0.0 table: 6.9.0 tar: 7.5.1 tar-fs: 3.1.1 treeverse: 3.0.0 - tunnel-agent: 0.6.0 - type-detect: 4.1.0 type-fest: 4.41.0 typescript: 5.9.3 unique-filename: 4.0.0 @@ -421,16 +362,16 @@ packages: hasBin: true '@appthreat/atom@2.4.2': - resolution: {integrity: sha512-z9PkDrSydnuP+VoBeHcF4evVE98S1+ZASWfMR0ryBFUEDsZCWw3/bs8bpZNqwBYSo5/58ilEJRUcHQs7HwtbTA==} + resolution: {integrity: sha512-z9PkDrSydnuP+VoBeHcF4evVE98S1+ZASWfMR0ryBFUEDsZCWw3/bs8bpZNqwBYSo5/58ilEJRUcHQs7HwtbTA==, tarball: https://registry.npmjs.org/@appthreat/atom/-/atom-2.4.2.tgz} engines: {node: '>=16.0.0'} hasBin: true '@appthreat/cdx-proto@1.1.4': - resolution: {integrity: sha512-cAC1EpAesqMOfaOl1Q37WN38PV+nbc3MQmab0p3cVGsrL3KWP3dUbNWRdzN4sVL/gVOYEouwvR/PXvDF9WCeVA==} + resolution: {integrity: sha512-cAC1EpAesqMOfaOl1Q37WN38PV+nbc3MQmab0p3cVGsrL3KWP3dUbNWRdzN4sVL/gVOYEouwvR/PXvDF9WCeVA==, tarball: https://registry.npmjs.org/@appthreat/cdx-proto/-/cdx-proto-1.1.4.tgz} engines: {node: '>=20'} '@appthreat/sqlite3@6.0.9': - resolution: {integrity: sha512-Aim5tAIusHm2zZVhqedZwl1MGiSMaWhJ9Ev9ctBuv82fJv/gmE0FhHY/tv/ikoMTNGWlaClAgJayfPLJxvkQ7Q==} + resolution: {integrity: sha512-Aim5tAIusHm2zZVhqedZwl1MGiSMaWhJ9Ev9ctBuv82fJv/gmE0FhHY/tv/ikoMTNGWlaClAgJayfPLJxvkQ7Q==, tarball: https://registry.npmjs.org/@appthreat/sqlite3/-/sqlite3-6.0.9.tgz} engines: {node: '>=20'} '@babel/code-frame@7.27.1': @@ -476,118 +417,118 @@ packages: hasBin: true '@biomejs/cli-darwin-arm64@2.2.6': - resolution: {integrity: sha512-UZPmn3M45CjTYulgcrFJFZv7YmK3pTxTJDrFYlNElT2FNnkkX4fsxjExTSMeWKQYoZjvekpH5cvrYZZlWu3yfA==} + resolution: {integrity: sha512-UZPmn3M45CjTYulgcrFJFZv7YmK3pTxTJDrFYlNElT2FNnkkX4fsxjExTSMeWKQYoZjvekpH5cvrYZZlWu3yfA==, tarball: https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [arm64] os: [darwin] '@biomejs/cli-darwin-x64@2.2.6': - resolution: {integrity: sha512-HOUIquhHVgh/jvxyClpwlpl/oeMqntlteL89YqjuFDiZ091P0vhHccwz+8muu3nTyHWM5FQslt+4Jdcd67+xWQ==} + resolution: {integrity: sha512-HOUIquhHVgh/jvxyClpwlpl/oeMqntlteL89YqjuFDiZ091P0vhHccwz+8muu3nTyHWM5FQslt+4Jdcd67+xWQ==, tarball: https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [x64] os: [darwin] '@biomejs/cli-linux-arm64-musl@2.2.6': - resolution: {integrity: sha512-TjCenQq3N6g1C+5UT3jE1bIiJb5MWQvulpUngTIpFsL4StVAUXucWD0SL9MCW89Tm6awWfeXBbZBAhJwjyFbRQ==} + resolution: {integrity: sha512-TjCenQq3N6g1C+5UT3jE1bIiJb5MWQvulpUngTIpFsL4StVAUXucWD0SL9MCW89Tm6awWfeXBbZBAhJwjyFbRQ==, tarball: https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [arm64] os: [linux] libc: [musl] '@biomejs/cli-linux-arm64@2.2.6': - resolution: {integrity: sha512-BpGtuMJGN+o8pQjvYsUKZ+4JEErxdSmcRD/JG3mXoWc6zrcA7OkuyGFN1mDggO0Q1n7qXxo/PcupHk8gzijt5g==} + resolution: {integrity: sha512-BpGtuMJGN+o8pQjvYsUKZ+4JEErxdSmcRD/JG3mXoWc6zrcA7OkuyGFN1mDggO0Q1n7qXxo/PcupHk8gzijt5g==, tarball: https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [arm64] os: [linux] libc: [glibc] '@biomejs/cli-linux-x64-musl@2.2.6': - resolution: {integrity: sha512-1ZcBux8zVM3JhWN2ZCPaYf0+ogxXG316uaoXJdgoPZcdK/rmRcRY7PqHdAos2ExzvjIdvhQp72UcveI98hgOog==} + resolution: {integrity: sha512-1ZcBux8zVM3JhWN2ZCPaYf0+ogxXG316uaoXJdgoPZcdK/rmRcRY7PqHdAos2ExzvjIdvhQp72UcveI98hgOog==, tarball: https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [x64] os: [linux] libc: [musl] '@biomejs/cli-linux-x64@2.2.6': - resolution: {integrity: sha512-1HaM/dpI/1Z68zp8ZdT6EiBq+/O/z97a2AiHMl+VAdv5/ELckFt9EvRb8hDHpk8hUMoz03gXkC7VPXOVtU7faA==} + resolution: {integrity: sha512-1HaM/dpI/1Z68zp8ZdT6EiBq+/O/z97a2AiHMl+VAdv5/ELckFt9EvRb8hDHpk8hUMoz03gXkC7VPXOVtU7faA==, tarball: https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [x64] os: [linux] libc: [glibc] '@biomejs/cli-win32-arm64@2.2.6': - resolution: {integrity: sha512-h3A88G8PGM1ryTeZyLlSdfC/gz3e95EJw9BZmA6Po412DRqwqPBa2Y9U+4ZSGUAXCsnSQE00jLV8Pyrh0d+jQw==} + resolution: {integrity: sha512-h3A88G8PGM1ryTeZyLlSdfC/gz3e95EJw9BZmA6Po412DRqwqPBa2Y9U+4ZSGUAXCsnSQE00jLV8Pyrh0d+jQw==, tarball: https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [arm64] os: [win32] '@biomejs/cli-win32-x64@2.2.6': - resolution: {integrity: sha512-yx0CqeOhPjYQ5ZXgPfu8QYkgBhVJyvWe36as7jRuPrKPO5ylVDfwVtPQ+K/mooNTADW0IhxOZm3aPu16dP8yNQ==} + resolution: {integrity: sha512-yx0CqeOhPjYQ5ZXgPfu8QYkgBhVJyvWe36as7jRuPrKPO5ylVDfwVtPQ+K/mooNTADW0IhxOZm3aPu16dP8yNQ==, tarball: https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.2.6.tgz} engines: {node: '>=14.21.3'} cpu: [x64] os: [win32] '@bufbuild/protobuf@2.9.0': - resolution: {integrity: sha512-rnJenoStJ8nvmt9Gzye8nkYd6V22xUAnu4086ER7h1zJ508vStko4pMvDeQ446ilDTFpV5wnoc5YS7XvMwwMqA==} + resolution: {integrity: sha512-rnJenoStJ8nvmt9Gzye8nkYd6V22xUAnu4086ER7h1zJ508vStko4pMvDeQ446ilDTFpV5wnoc5YS7XvMwwMqA==, tarball: https://registry.npmjs.org/@bufbuild/protobuf/-/protobuf-2.9.0.tgz} '@cyclonedx/cdxgen-plugins-bin-darwin-amd64@1.7.0': - resolution: {integrity: sha512-evJAEetfhKU7N9tCaOl/CZcs4upoEIKvLdhV9ogzk9QIur+HtZX5F9LddGNoQuzhB1Umy2tAyFAKhl+EX63BFQ==} + resolution: {integrity: sha512-evJAEetfhKU7N9tCaOl/CZcs4upoEIKvLdhV9ogzk9QIur+HtZX5F9LddGNoQuzhB1Umy2tAyFAKhl+EX63BFQ==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-darwin-amd64/-/cdxgen-plugins-bin-darwin-amd64-1.7.0.tgz} cpu: [x64] os: [darwin] '@cyclonedx/cdxgen-plugins-bin-darwin-arm64@1.7.0': - resolution: {integrity: sha512-gnQqfDNd8RXKH3n/BUtSi1aJghPLSVpAScaM0iiuGvdfOVuwqBEMAKx/SC0v5yXdCtThC45W5/Zz8Lc9eNoNAw==} + resolution: {integrity: sha512-gnQqfDNd8RXKH3n/BUtSi1aJghPLSVpAScaM0iiuGvdfOVuwqBEMAKx/SC0v5yXdCtThC45W5/Zz8Lc9eNoNAw==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-darwin-arm64/-/cdxgen-plugins-bin-darwin-arm64-1.7.0.tgz} cpu: [arm64] os: [darwin] '@cyclonedx/cdxgen-plugins-bin-linux-amd64@1.7.0': - resolution: {integrity: sha512-Nitd3y1yb8Xv2e7ODqki3M8DO6SzWe/gGsioRiA6iNXcQ/JYzg03CyHEaTjCAhJXFO4qraCn4N6OPN2H7c8bew==} + resolution: {integrity: sha512-Nitd3y1yb8Xv2e7ODqki3M8DO6SzWe/gGsioRiA6iNXcQ/JYzg03CyHEaTjCAhJXFO4qraCn4N6OPN2H7c8bew==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linux-amd64/-/cdxgen-plugins-bin-linux-amd64-1.7.0.tgz} cpu: [x64] os: [linux] libc: glibc '@cyclonedx/cdxgen-plugins-bin-linux-arm64@1.7.0': - resolution: {integrity: sha512-/96YdFdwASQVr+MDO1IbUMYbLoHawTDIsGlhyMV4AI47qKZ59Ein5dvdibqqmnxgmWvG4Vqp941gRaCBlCLWag==} + resolution: {integrity: sha512-/96YdFdwASQVr+MDO1IbUMYbLoHawTDIsGlhyMV4AI47qKZ59Ein5dvdibqqmnxgmWvG4Vqp941gRaCBlCLWag==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linux-arm64/-/cdxgen-plugins-bin-linux-arm64-1.7.0.tgz} cpu: [arm64] os: [linux] libc: glibc '@cyclonedx/cdxgen-plugins-bin-linux-arm@1.7.0': - resolution: {integrity: sha512-eNnS9Kd+j4YDiIotCA3EQWyiHKjx7iZqh5+gyF38zmSJQRssEWvCdv+IPvXPyZw8hh5g9/8IQWPYMFpB3fpopg==} + resolution: {integrity: sha512-eNnS9Kd+j4YDiIotCA3EQWyiHKjx7iZqh5+gyF38zmSJQRssEWvCdv+IPvXPyZw8hh5g9/8IQWPYMFpB3fpopg==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linux-arm/-/cdxgen-plugins-bin-linux-arm-1.7.0.tgz} cpu: [arm] os: [linux] libc: glibc '@cyclonedx/cdxgen-plugins-bin-linux-ppc64@1.7.0': - resolution: {integrity: sha512-AWLQ33x/mUtYLfIfCq8tZ8TykXUzzNo6ZLvf1eOmEeEyYw/9Yx6E7KzzaAakGl886lJW/1gzmhvFPXD+ZKEIpA==} + resolution: {integrity: sha512-AWLQ33x/mUtYLfIfCq8tZ8TykXUzzNo6ZLvf1eOmEeEyYw/9Yx6E7KzzaAakGl886lJW/1gzmhvFPXD+ZKEIpA==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linux-ppc64/-/cdxgen-plugins-bin-linux-ppc64-1.7.0.tgz} cpu: [ppc64] os: [linux] libc: glibc '@cyclonedx/cdxgen-plugins-bin-linuxmusl-amd64@1.7.0': - resolution: {integrity: sha512-miYABkiNS+0m0z9L5lfIyiAQezuYthkzzPqX6DgPeMgFT8SfoUng2dtRzkCPLtCUBj8lMyBntXTjZrmH7QOMoA==} + resolution: {integrity: sha512-miYABkiNS+0m0z9L5lfIyiAQezuYthkzzPqX6DgPeMgFT8SfoUng2dtRzkCPLtCUBj8lMyBntXTjZrmH7QOMoA==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linuxmusl-amd64/-/cdxgen-plugins-bin-linuxmusl-amd64-1.7.0.tgz} cpu: [x64] os: [linux] libc: musl '@cyclonedx/cdxgen-plugins-bin-linuxmusl-arm64@1.7.0': - resolution: {integrity: sha512-Rh8ChTldyY/01EWrciyhnUltC2YNLmdkwaPDZsJT/as1Bu0Q4iOnepMw2WpqwzkaGbZG5PgFtzeuV1kBKjo07Q==} + resolution: {integrity: sha512-Rh8ChTldyY/01EWrciyhnUltC2YNLmdkwaPDZsJT/as1Bu0Q4iOnepMw2WpqwzkaGbZG5PgFtzeuV1kBKjo07Q==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-linuxmusl-arm64/-/cdxgen-plugins-bin-linuxmusl-arm64-1.7.0.tgz} cpu: [arm64] os: [linux] libc: musl '@cyclonedx/cdxgen-plugins-bin-windows-amd64@1.7.0': - resolution: {integrity: sha512-sCeTnlDq3Wojit2+MqErsYhD/Mv7VickLU2PazmamQc4LVZHakZPGxoG4CFUt4oFVux9CoY1+RxkE+Ia+E+fsA==} + resolution: {integrity: sha512-sCeTnlDq3Wojit2+MqErsYhD/Mv7VickLU2PazmamQc4LVZHakZPGxoG4CFUt4oFVux9CoY1+RxkE+Ia+E+fsA==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-windows-amd64/-/cdxgen-plugins-bin-windows-amd64-1.7.0.tgz} cpu: [x64] os: [win32] '@cyclonedx/cdxgen-plugins-bin-windows-arm64@1.7.0': - resolution: {integrity: sha512-AzQrY0H1A7JduJTBr/Ub7ppt9RKXjc2+AXV38dvekXYvKSnwnR4715gEZ0mwRnn/BZ4az0uQwMlJCpY8qttJIg==} + resolution: {integrity: sha512-AzQrY0H1A7JduJTBr/Ub7ppt9RKXjc2+AXV38dvekXYvKSnwnR4715gEZ0mwRnn/BZ4az0uQwMlJCpY8qttJIg==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin-windows-arm64/-/cdxgen-plugins-bin-windows-arm64-1.7.0.tgz} cpu: [arm64] os: [win32] '@cyclonedx/cdxgen-plugins-bin@1.7.0': - resolution: {integrity: sha512-pgPMY2vHKMTcW24qtcql0uIck3t66U+QmUrO7C6E8kg06tJqBgo8PtT58FhI4B41lPrpq8rAQzo2jLCLu1JnCw==} + resolution: {integrity: sha512-pgPMY2vHKMTcW24qtcql0uIck3t66U+QmUrO7C6E8kg06tJqBgo8PtT58FhI4B41lPrpq8rAQzo2jLCLu1JnCw==, tarball: https://registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin/-/cdxgen-plugins-bin-1.7.0.tgz} cpu: [x64] '@iarna/toml@2.2.5': @@ -751,7 +692,7 @@ packages: resolution: {integrity: sha512-b3N5eTW1g7vXkw+0CXh/HazGTcO5KYuu/RCNaJbDMPI6LHDi+7qe8EmxKUVe1sUbY2KZOVZFyj62x0OEz9qyAA==} bare-fs@4.4.4: - resolution: {integrity: sha512-Q8yxM1eLhJfuM7KXVP3zjhBvtMJCYRByoTT+wHXjpdMELv0xICFJX+1w4c7csa+WZEOsq4ItJ4RGwvzid6m/dw==} + resolution: {integrity: sha512-Q8yxM1eLhJfuM7KXVP3zjhBvtMJCYRByoTT+wHXjpdMELv0xICFJX+1w4c7csa+WZEOsq4ItJ4RGwvzid6m/dw==, tarball: https://registry.npmjs.org/bare-fs/-/bare-fs-4.4.4.tgz} engines: {bare: '>=1.16.0'} peerDependencies: bare-buffer: '*' @@ -764,7 +705,7 @@ packages: engines: {bare: '>=1.14.0'} bare-path@3.0.0: - resolution: {integrity: sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==} + resolution: {integrity: sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==, tarball: https://registry.npmjs.org/bare-path/-/bare-path-3.0.0.tgz} bare-stream@2.7.0: resolution: {integrity: sha512-oyXQNicV1y8nc2aKffH+BUHFRXmx6VrPzlnaEvMhram0nPBrKcEdcyBg5r08D0i8VxngHFAiVyn1QKXpSG0B8A==} @@ -788,7 +729,7 @@ packages: resolution: {integrity: sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==} body-parser@2.2.0: - resolution: {integrity: sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==} + resolution: {integrity: sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==, tarball: https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz} engines: {node: '>=18'} boolbase@1.0.0: @@ -852,11 +793,11 @@ packages: engines: {node: '>= 0.6'} compression@1.8.1: - resolution: {integrity: sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==} + resolution: {integrity: sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==, tarball: https://registry.npmjs.org/compression/-/compression-1.8.1.tgz} engines: {node: '>= 0.8.0'} connect@3.7.0: - resolution: {integrity: sha512-ZqRXc+tZukToSNmh5C2iWMSoV3X1YUcPbqEM4DkEG5tNQXrQUZCNVGGv3IuicnkMtPfGf3Xtp8WCXs295iQ1pQ==} + resolution: {integrity: sha512-ZqRXc+tZukToSNmh5C2iWMSoV3X1YUcPbqEM4DkEG5tNQXrQUZCNVGGv3IuicnkMtPfGf3Xtp8WCXs295iQ1pQ==, tarball: https://registry.npmjs.org/connect/-/connect-3.7.0.tgz} engines: {node: '>= 0.10.0'} content-type@1.0.5: @@ -1208,7 +1149,7 @@ packages: resolution: {integrity: sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==} jsonata@2.1.0: - resolution: {integrity: sha512-OCzaRMK8HobtX8fp37uIVmL8CY1IGc/a6gLsDqz3quExFR09/U78HUzWYr7T31UEB6+Eu0/8dkVD5fFDOl9a8w==} + resolution: {integrity: sha512-OCzaRMK8HobtX8fp37uIVmL8CY1IGc/a6gLsDqz3quExFR09/U78HUzWYr7T31UEB6+Eu0/8dkVD5fFDOl9a8w==, tarball: https://registry.npmjs.org/jsonata/-/jsonata-2.1.0.tgz} engines: {node: '>= 8'} just-diff-apply@5.5.0: @@ -1344,7 +1285,7 @@ packages: engines: {node: ^18 || ^20 || >= 21} node-gyp@11.5.0: - resolution: {integrity: sha512-ra7Kvlhxn5V9Slyus0ygMa2h+UqExPqUIkfk7Pc8QTLT956JLSy51uWFwHtIYy0vI8cB4BDhc/S03+880My/LQ==} + resolution: {integrity: sha512-ra7Kvlhxn5V9Slyus0ygMa2h+UqExPqUIkfk7Pc8QTLT956JLSy51uWFwHtIYy0vI8cB4BDhc/S03+880My/LQ==, tarball: https://registry.npmjs.org/node-gyp/-/node-gyp-11.5.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} hasBin: true @@ -1578,7 +1519,7 @@ packages: engines: {node: '>= 10.0.0'} sequelize@6.37.7: - resolution: {integrity: sha512-mCnh83zuz7kQxxJirtFD7q6Huy6liPanI67BSlbzSYgVNl5eXVdE2CN1FuAeZwG1SNpGsNRCV+bJAVVnykZAFA==} + resolution: {integrity: sha512-mCnh83zuz7kQxxJirtFD7q6Huy6liPanI67BSlbzSYgVNl5eXVdE2CN1FuAeZwG1SNpGsNRCV+bJAVVnykZAFA==, tarball: https://registry.npmjs.org/sequelize/-/sequelize-6.37.7.tgz} engines: {node: '>=10.0.0'} peerDependencies: ibm_db: '*' @@ -1755,6 +1696,10 @@ packages: tunnel-agent@0.6.0: resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==} + type-detect@4.0.8: + resolution: {integrity: sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==, tarball: https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz} + engines: {node: '>=4'} + type-detect@4.1.0: resolution: {integrity: sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw==} engines: {node: '>=4'} @@ -1838,7 +1783,7 @@ packages: resolution: {integrity: sha512-Xng/d4Ichh8uN4l0FToV/258EjMGU9MGcA0HV2d9B/ZpZB3lqQm7nkOdZdm5GhKtLLhAE7PiVQwN4eN+2YJJUg==} wrap-ansi@7.0.0: - resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==} + resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==, tarball: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz} engines: {node: '>=10'} wrappy@1.0.2: @@ -2136,7 +2081,7 @@ snapshots: '@sinonjs/commons@3.0.1': dependencies: - type-detect: 4.1.0 + type-detect: 4.0.8 '@sinonjs/fake-timers@13.0.5': dependencies: @@ -3359,6 +3304,8 @@ snapshots: safe-buffer: 5.2.1 optional: true + type-detect@4.0.8: {} + type-detect@4.1.0: {} type-fest@4.41.0: {} From 09a26130e4ce253a56b61f0b0baf6995beefb452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnter=20Schafranek?= Date: Thu, 23 Oct 2025 22:46:12 +0200 Subject: [PATCH 10/12] test(utils): Adapted parsePnpmLock test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - since pnpm lock changed to added packages Signed-off-by: Günter Schafranek --- lib/helpers/utils.poku.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/helpers/utils.poku.js b/lib/helpers/utils.poku.js index 14e77e557f..b7bda7106a 100644 --- a/lib/helpers/utils.poku.js +++ b/lib/helpers/utils.poku.js @@ -3942,8 +3942,8 @@ it("parsePnpmLock", async () => { 3, ); parsedList = await parsePnpmLock("./pnpm-lock.yaml"); - assert.deepStrictEqual(parsedList.pkgList.length, 355); - assert.deepStrictEqual(parsedList.dependenciesList.length, 355); + assert.deepStrictEqual(parsedList.pkgList.length, 367); + assert.deepStrictEqual(parsedList.dependenciesList.length, 367); assert.ok(parsedList.pkgList[0]); assert.ok(parsedList.dependenciesList[0]); parsedList = await parsePnpmLock( From 24b69cac4007b339c5775a903b5178bbf735dba5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnter=20Schafranek?= Date: Thu, 23 Oct 2025 23:10:38 +0200 Subject: [PATCH 11/12] style: Biome fix/format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günter Schafranek --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 969a04bbdb..2e2cc3a727 100644 --- a/package.json +++ b/package.json @@ -194,7 +194,7 @@ "promise-all-reject-late": "1.0.1", "promise-call-limit": "3.0.2", "properties-reader": "2.3.0", - "quibble": "0.9.2", + "quibble": "0.9.2", "read-package-json-fast": "4.0.0", "responselike": "4.0.2", "semver": "7.7.3", From a0661b6b63098d7f8fac965286508e7e99624ac7 Mon Sep 17 00:00:00 2001 From: Guenter Schafranek Date: Fri, 24 Oct 2025 09:08:10 +0200 Subject: [PATCH 12/12] test(cli): Code style Signed-off-by: Guenter Schafranek --- lib/cli/index.poku.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cli/index.poku.js b/lib/cli/index.poku.js index 8b1ff14f7b..fd3ac42b0e 100644 --- a/lib/cli/index.poku.js +++ b/lib/cli/index.poku.js @@ -73,7 +73,7 @@ describe("CLI tests", () => { const [calledUrl, options] = gotStub.firstCall.args; // Assert call arguments against expectations - assert.equal(calledUrl, serverUrl + "/api/v1/bom"); + assert.equal(calledUrl, `${serverUrl}/api/v1/bom`); assert.equal(options.method, "PUT"); assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); assert.equal(options.headers["X-Api-Key"], apiKey); @@ -122,7 +122,7 @@ describe("CLI tests", () => { const [calledUrl, options] = gotStub.firstCall.args; // Assert call arguments against expectations - assert.equal(calledUrl, serverUrl + "/api/v1/bom"); + assert.equal(calledUrl, `${serverUrl}/api/v1/bom`); assert.equal(options.method, "PUT"); assert.equal(options.https.rejectUnauthorized, !skipDtTlsCheck); assert.equal(options.headers["X-Api-Key"], apiKey);