Merge branch 'master' into gopkg-vcsurl

Signed-off-by: Anton Baryshnikov <a.baryshnikov@bi.zone>

deno.json

@@ -52,7 +52,7 @@
     "@appthreat/cdx-proto": "npm:@appthreat/cdx-proto@1.0.1",
     "@babel/parser": "npm:@babel/parser@^7.26.3",
     "@babel/traverse": "npm:@babel/traverse@^7.26.4",
-    "@npmcli/arborist": "npm:@npmcli/arborist@8.0.0",
+    "@npmcli/arborist": "npm:@npmcli/arborist@9.0.0",
     "ajv": "npm:ajv@^8.16.0",
     "ajv-formats": "npm:ajv-formats@^3.0.1",
     "cheerio": "npm:cheerio@^1.0.0-rc.12",

lib/evinser/evinser.js

@@ -212,7 +212,7 @@ export async function createSlice(
   options = {},
 ) {
   if (!filePath) {
-    return;
+    return undefined;
   }
   const firstLanguage = Array.isArray(purlOrLanguages)
     ? purlOrLanguages[0]
@@ -227,7 +227,7 @@ export async function createSlice(
     PROJECT_TYPE_ALIASES.swift.includes(language) &&
     sliceType !== "semantics"
   ) {
-    return;
+    return undefined;
   }
 
   let sliceOutputDir = fs.mkdtempSync(
@@ -388,7 +388,7 @@ export async function analyzeProject(dbObjMap, options) {
         fs.readFileSync(options.reachablesSlicesFile, "utf-8"),
       );
     } else {
-      retMap = createSlice(language, dirPath, "reachables", options);
+      retMap = await createSlice(language, dirPath, "reachables", options);
       if (retMap?.slicesFile && fs.existsSync(retMap.slicesFile)) {
         reachablesSlicesFile = retMap.slicesFile;
         reachablesSlice = JSON.parse(
@@ -409,7 +409,7 @@ export async function analyzeProject(dbObjMap, options) {
     usagesSlicesFile = options.usagesSlicesFile;
   } else {
     // Generate our own slices
-    retMap = createSlice(language, dirPath, "usages", options);
+    retMap = await createSlice(language, dirPath, "usages", options);
     if (retMap?.slicesFile && fs.existsSync(retMap.slicesFile)) {
       usageSlice = JSON.parse(fs.readFileSync(retMap.slicesFile, "utf-8"));
       usagesSlicesFile = retMap.slicesFile;
@@ -428,7 +428,7 @@ export async function analyzeProject(dbObjMap, options) {
       semanticsSlicesFile = options.semanticsSlicesFile;
     } else {
       // Generate our own slices
-      retMap = createSlice(language, dirPath, "semantics", options);
+      retMap = await createSlice(language, dirPath, "semantics", options);
       if (retMap?.slicesFile && fs.existsSync(retMap.slicesFile)) {
         semanticsSlice = JSON.parse(
           fs.readFileSync(retMap.slicesFile, "utf-8"),
@@ -471,7 +471,7 @@ export async function analyzeProject(dbObjMap, options) {
         fs.readFileSync(options.dataFlowSlicesFile, "utf-8"),
       );
     } else {
-      retMap = createSlice(language, dirPath, "data-flow", options);
+      retMap = await createSlice(language, dirPath, "data-flow", options);
       if (retMap?.slicesFile && fs.existsSync(retMap.slicesFile)) {
         dataFlowSlicesFile = retMap.slicesFile;
         dataFlowSlice = JSON.parse(fs.readFileSync(retMap.slicesFile, "utf-8"));

lib/helpers/utils.js

@@ -2564,7 +2564,13 @@ export function parsePom(pomFile) {
     ).toString();
   }
   if (project?.modules?.module) {
-    modules = project.modules.module.map((m) => m?._);
+    if (Array.isArray(project.modules.module)) {
+      // If it's an array, proceed with mapping
+      modules = project.modules.module.map((m) => m?._);
+    } else {
+      // If not an array, handle/convert it accordingly. For instance:
+      modules = [project.modules.module._];
+    }
   }
   if (project?.properties) {
     for (const aprop of Object.keys(project.properties)) {
@@ -12837,15 +12843,20 @@ export function isPartialTree(dependencies, componentsCount = 1) {
   if (dependencies?.length <= 1) {
     return true;
   }
+  let isCbom = false;
   let parentsWithChildsCount = 0;
   for (const adep of dependencies) {
     if (adep?.dependsOn.length > 0) {
       parentsWithChildsCount++;
     }
+    if (!isCbom && adep?.provides?.length > 0) {
+      isCbom = true;
+    }
   }
   return (
+    !isCbom &&
     parentsWithChildsCount <
-    Math.min(Math.round(componentsCount / 3), componentsCount)
+      Math.min(Math.round(componentsCount / 3), componentsCount)
   );
 }
 

lib/helpers/utils.test.js

@@ -3519,8 +3519,8 @@ test("parsePnpmLock", async () => {
   expect(parsedList.dependenciesList).toHaveLength(462);
   expect(parsedList.pkgList.filter((pkg) => !pkg.scope)).toHaveLength(3);
   parsedList = await parsePnpmLock("./pnpm-lock.yaml");
-  expect(parsedList.pkgList.length).toEqual(627);
-  expect(parsedList.dependenciesList.length).toEqual(627);
+  expect(parsedList.pkgList.length).toEqual(625);
+  expect(parsedList.dependenciesList.length).toEqual(625);
   expect(parsedList.pkgList[0]).toEqual({
     group: "@ampproject",
     name: "remapping",

lib/helpers/validator.js

@@ -223,7 +223,7 @@ export const validateRefs = (bomJson) => {
   if (bomJson?.dependencies) {
     if (isPartialTree(bomJson.dependencies, bomJson?.components?.length)) {
       warningsList.push(
-        "Dependency tree is partial with multiple empty dependsOn attributes.",
+        "Dependency tree has multiple empty dependsOn attributes.",
       );
     }
     for (const dep of bomJson.dependencies) {

package.json

@@ -65,14 +65,14 @@
   "bugs": {
     "url": "https://github.com/cyclonedx/cdxgen/issues"
   },
-  "packageManager": "pnpm@9.14.4",
+  "packageManager": "pnpm@9.15.1",
   "lint-staged": {
     "*": "biome check --fix --no-errors-on-unmatched"
   },
   "dependencies": {
     "@babel/parser": "^7.26.3",
     "@babel/traverse": "^7.26.4",
-    "@npmcli/arborist": "8.0.0",
+    "@npmcli/arborist": "9.0.0",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "cheerio": "^1.0.0",
@@ -109,7 +109,7 @@
     "@cyclonedx/cdxgen-plugins-bin-ppc64": "1.6.9",
     "@cyclonedx/cdxgen-plugins-bin-windows-amd64": "1.6.9",
     "@cyclonedx/cdxgen-plugins-bin-windows-arm64": "1.6.9",
-    "body-parser": "^2.0.1",
+    "body-parser": "^2.0.2",
     "compression": "^1.7.5",
     "connect": "^3.7.0",
     "jsonata": "^2.0.6",