From eb120261134fff77bd3b3355054d151927789786 Mon Sep 17 00:00:00 2001 From: prabhu Date: Sat, 16 Nov 2024 20:44:28 +0000 Subject: [PATCH] Package updates (#1458) * Update packages Signed-off-by: Prabhu Subramanian --------- Signed-off-by: Prabhu Subramanian --- .github/workflows/app-release.yml | 2 +- .github/workflows/binary-builds.yml | 49 ++++++- .github/workflows/build-base-images.yml | 116 +++++++++++++++-- .github/workflows/dockertests.yml | 16 +-- .github/workflows/java-reachables-test.yml | 4 +- .github/workflows/npm-release.yml | 10 +- .github/workflows/nydus-demo.yml | 4 +- .github/workflows/python-atom-tests.yml | 4 +- .github/workflows/repotests.yml | 2 +- .github/workflows/snapshot-tests.yml | 4 +- ci/Dockerfile | 6 +- ci/Dockerfile-bun | 6 +- ci/Dockerfile-deno | 6 +- ci/Dockerfile-ppc64 | 2 +- ci/base-images/README.md | 42 +++--- ci/base-images/cdxgen/Dockerfile.dotnet6 | 2 +- ci/base-images/cdxgen/Dockerfile.dotnet7 | 2 +- ci/base-images/cdxgen/Dockerfile.dotnet8 | 2 +- ci/base-images/cdxgen/Dockerfile.dotnet9 | 21 +++ ci/base-images/cdxgen/Dockerfile.java | 2 +- ci/base-images/cdxgen/Dockerfile.java-slim | 2 +- ci/base-images/cdxgen/Dockerfile.java17 | 2 +- ci/base-images/cdxgen/Dockerfile.java17-slim | 2 +- ci/base-images/cdxgen/Dockerfile.node20 | 2 +- ci/base-images/cdxgen/Dockerfile.python | 2 +- ci/base-images/cdxgen/Dockerfile.python310 | 2 +- ci/base-images/cdxgen/Dockerfile.python311 | 2 +- ci/base-images/cdxgen/Dockerfile.python36 | 2 +- ci/base-images/cdxgen/Dockerfile.python39 | 2 +- ci/base-images/cdxgen/Dockerfile.rolling | 2 +- ci/base-images/opensuse/Dockerfile.lang | 4 +- ci/base-images/sle/Dockerfile.dotnet7 | 2 +- ci/base-images/sle/Dockerfile.dotnet9 | 14 ++ ci/base-images/sle/Dockerfile.java17 | 4 +- ci/base-images/sle/Dockerfile.java17-slim | 4 +- ci/base-images/sle/Dockerfile.lang | 2 +- ci/base-images/sle/Dockerfile.node20 | 2 +- ci/base-images/sle/Dockerfile.python311 | 2 +- ci/base-images/sle/Dockerfile.python36 | 2 +- contrib/lima/cdxgen-opensuse.yaml | 8 +- deno.json | 4 +- docs/ADVANCED.md | 4 +- jsr.json | 2 +- lib/cli/index.js | 8 +- lib/helpers/envcontext.js | 2 +- lib/helpers/envcontext.test.js | 2 +- lib/helpers/utils.js | 6 +- package.json | 22 ++-- pnpm-lock.yaml | 130 +++++++++---------- test/diff/generate.py | 2 +- 50 files changed, 357 insertions(+), 191 deletions(-) create mode 100644 ci/base-images/cdxgen/Dockerfile.dotnet9 create mode 100644 ci/base-images/sle/Dockerfile.dotnet9 diff --git a/.github/workflows/app-release.yml b/.github/workflows/app-release.yml index 8d7acba9f..157788a5a 100644 --- a/.github/workflows/app-release.yml +++ b/.github/workflows/app-release.yml @@ -18,7 +18,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' - name: Install dependencies run: | sudo apt-get install -y python3.8 python3.8-dev python3-pip python3-testresources python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev diff --git a/.github/workflows/binary-builds.yml b/.github/workflows/binary-builds.yml index bb7cedb6d..021f4e43d 100644 --- a/.github/workflows/binary-builds.yml +++ b/.github/workflows/binary-builds.yml @@ -18,8 +18,52 @@ jobs: if: github.repository == 'CycloneDX/cdxgen' strategy: matrix: - os: [windows-latest] + os: ['ubuntu-latest', 'windows-latest', 'arm64'] include: + - os: ubuntu-latest + build: | + rm -rf ci contrib tools_config + npx --yes @appthreat/caxa --input . --output "cdxgen" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" + chmod +x cdxgen + ./cdxgen --version + sha256sum cdxgen > cdxgen.sha256 + rm -rf node_modules + npm install --omit=optional --omit=dev --no-package-lock --no-audit --no-fund --no-progress + npx --yes @appthreat/caxa --input . --output "cdxgen-slim" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" + chmod +x cdxgen-slim + ./cdxgen-slim --version + sha256sum cdxgen-slim > cdxgen-slim.sha256 + npx --yes @appthreat/caxa --input . --output "cdx-verify" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/verify.js" + chmod +x cdx-verify + ./cdx-verify --version + sha256sum cdx-verify > cdx-verify.sha256 + ./cdxgen --help + ./cdxgen-slim --help + artifact: cdxgen + sartifact: cdxgen-slim + vartifact: cdx-verify + - os: arm64 + build: | + rm -rf ci contrib tools_config + npx --no-progress --yes @appthreat/caxa --input . --output "cdxgen-arm64" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" + chmod +x cdxgen-arm64 + ./cdxgen-arm64 --version + sha256sum cdxgen-arm64 > cdxgen-arm64.sha256 + rm -rf node_modules + npm install --omit=optional --omit=dev --no-package-lock --no-audit --no-fund --no-progress + npx --no-progress --yes @appthreat/caxa --input . --output "cdxgen-arm64-slim" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" + chmod +x cdxgen-arm64-slim + ./cdxgen-arm64-slim --version + sha256sum cdxgen-arm64-slim > cdxgen-arm64-slim.sha256 + npx --no-progress --yes @appthreat/caxa --input . --output "cdx-arm64-verify" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/verify.js" + chmod +x cdx-arm64-verify + ./cdx-arm64-verify --version + sha256sum cdx-arm64-verify > cdx-arm64-verify.sha256 + ./cdxgen-arm64 --help + ./cdxgen-arm64-slim --help + artifact: cdxgen-arm64 + sartifact: cdxgen-arm64-slim + vartifact: cdx-arm64-verify - os: windows-latest build: | Remove-Item ci -Recurse -Force @@ -53,7 +97,8 @@ jobs: node-version: '22.x' - name: Produce sae run: | - npm install --omit=dev --no-package-lock --no-audit --no-fund + npm install -g npm@10.3.0 + npm install --omit=dev --no-package-lock --no-audit --no-fund --no-progress ${{ matrix.build }} - uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 1a66a9fc2..4671224b6 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -131,7 +131,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.dotnet6 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-dotnet:v10,ghcr.io/cyclonedx/cdxgen-dotnet6:v10 + tags: ghcr.io/cyclonedx/cdxgen-dotnet:v11,ghcr.io/cyclonedx/cdxgen-dotnet6:v11 labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }} - name: Build and push Docker images @@ -219,7 +219,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.dotnet7 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-dotnet7:v10 + tags: ghcr.io/cyclonedx/cdxgen-dotnet7:v11 labels: ${{ steps.meta-cdxgen-dotnet7.outputs.labels }} - name: Build and push Docker images @@ -307,7 +307,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.dotnet8 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-dotnet8:v10 + tags: ghcr.io/cyclonedx/cdxgen-dotnet8:v11 labels: ${{ steps.meta-cdxgen-dotnet8.outputs.labels }} - name: Build and push Docker images @@ -321,6 +321,94 @@ jobs: tags: ${{ steps.meta-cdxgen-dotnet8.outputs.tags }} labels: ${{ steps.meta-cdxgen-dotnet8.outputs.labels }} + sle-dotnet9-image: + if: github.repository == 'CycloneDX/cdxgen' + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta-bci-dotnet9 + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/cyclonedx/bci-dotnet9 + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + with: + context: . + file: ci/base-images/sle/Dockerfile.dotnet9 + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta-bci-dotnet9.outputs.tags }} + labels: ${{ steps.meta-bci-dotnet9.outputs.labels }} + + cdxgen-dotnet9-image: + if: github.repository == 'CycloneDX/cdxgen' + runs-on: ubuntu-latest + needs: sle-dotnet9-image + permissions: + packages: write + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta-cdxgen-dotnet9 + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/cyclonedx/cdxgen-dotnet9 + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + if: github.ref == 'refs/heads/master' + with: + context: . + file: ci/base-images/cdxgen/Dockerfile.dotnet9 + platforms: linux/amd64,linux/arm64 + push: true + tags: ghcr.io/cyclonedx/cdxgen-dotnet9:v11 + labels: ${{ steps.meta-cdxgen-dotnet9.outputs.labels }} + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + if: startsWith(github.ref, 'refs/tags/') + with: + context: . + file: ci/base-images/cdxgen/Dockerfile.dotnet9 + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta-cdxgen-dotnet9.outputs.tags }} + labels: ${{ steps.meta-cdxgen-dotnet9.outputs.labels }} + sle-java-image: if: github.repository == 'CycloneDX/cdxgen' runs-on: ubuntu-latest @@ -434,7 +522,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.java platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-java:v10,ghcr.io/cyclonedx/cdxgen-java11:v10 + tags: ghcr.io/cyclonedx/cdxgen-java:v11,ghcr.io/cyclonedx/cdxgen-java11:v11 labels: ${{ steps.meta-cdxgen-java.outputs.labels }} - name: Build and push Docker images @@ -485,7 +573,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.java-slim platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-java-slim:v10,ghcr.io/cyclonedx/cdxgen-java11-slim:v10 + tags: ghcr.io/cyclonedx/cdxgen-java-slim:v11,ghcr.io/cyclonedx/cdxgen-java11-slim:v11 labels: ${{ steps.meta-cdxgen-java-slim.outputs.labels }} - name: Build and push Docker images @@ -574,7 +662,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.node20 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-node:v10,ghcr.io/cyclonedx/cdxgen-node20:v10 + tags: ghcr.io/cyclonedx/cdxgen-node:v11,ghcr.io/cyclonedx/cdxgen-node20:v11 labels: ${{ steps.meta-cdxgen-node20.outputs.labels }} - name: Build and push Docker images @@ -700,7 +788,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.java17 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-java17:v10 + tags: ghcr.io/cyclonedx/cdxgen-java17:v11 labels: ${{ steps.meta-cdxgen-java17.outputs.labels }} - name: Build and push Docker images @@ -750,7 +838,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.java17-slim platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-java17-slim:v10 + tags: ghcr.io/cyclonedx/cdxgen-java17-slim:v11 labels: ${{ steps.meta-cdxgen-java17-slim.outputs.labels }} - name: Build and push Docker images @@ -801,7 +889,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.python platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-python:v10,ghcr.io/cyclonedx/cdxgen-python312:v10 + tags: ghcr.io/cyclonedx/cdxgen-python:v11,ghcr.io/cyclonedx/cdxgen-python312:v11 labels: ${{ steps.meta-cdxgen-python.outputs.labels }} - name: Build and push Docker images @@ -889,7 +977,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.python311 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-python311:v10 + tags: ghcr.io/cyclonedx/cdxgen-python311:v11 labels: ${{ steps.meta-cdxgen-python311.outputs.labels }} - name: Build and push Docker images @@ -977,7 +1065,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.python36 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-python36:v10 + tags: ghcr.io/cyclonedx/cdxgen-python36:v11 labels: ${{ steps.meta-cdxgen-python36.outputs.labels }} - name: Build and push Docker images @@ -1065,7 +1153,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.rolling platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-rolling:v10 + tags: ghcr.io/cyclonedx/cdxgen-rolling:v11 labels: ${{ steps.meta-cdxgen-rolling.outputs.labels }} opensuse-python310-image: @@ -1142,7 +1230,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.python310 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-python310:v10 + tags: ghcr.io/cyclonedx/cdxgen-python310:v11 labels: ${{ steps.meta-cdxgen-python310.outputs.labels }} - name: Build and push Docker images @@ -1230,7 +1318,7 @@ jobs: file: ci/base-images/cdxgen/Dockerfile.python39 platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/cyclonedx/cdxgen-python39:v10 + tags: ghcr.io/cyclonedx/cdxgen-python39:v11 labels: ${{ steps.meta-cdxgen-python39.outputs.labels }} - name: Build and push Docker images diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 61f206f2f..64e7255d2 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -14,8 +14,8 @@ jobs: strategy: matrix: os: [ubuntu-latest] - node-version: ['22.x'] - java-version: ['21'] + node-version: ['23.x'] + java-version: ['23'] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -80,8 +80,8 @@ jobs: strategy: matrix: os: [ubuntu-latest] - node-version: ['22.x'] - java-version: ['21'] + node-version: ['23.x'] + java-version: ['23'] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -127,8 +127,8 @@ jobs: strategy: matrix: - node-version: ['22.x'] - java-version: ['21'] + node-version: ['23.x'] + java-version: ['23'] steps: - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} @@ -170,8 +170,8 @@ jobs: strategy: matrix: - node-version: ['22.x'] - java-version: ['21'] + node-version: ['23.x'] + java-version: ['23'] steps: - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} diff --git a/.github/workflows/java-reachables-test.yml b/.github/workflows/java-reachables-test.yml index 151ce247b..ba317bf58 100644 --- a/.github/workflows/java-reachables-test.yml +++ b/.github/workflows/java-reachables-test.yml @@ -11,7 +11,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: ['22.x'] + node-version: ['23.x'] os: ['ubuntu-latest'] runs-on: ${{ matrix.os }} steps: @@ -20,7 +20,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '21' + java-version: '23' - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index fd274116c..1149cfff6 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -25,7 +25,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' registry-url: https://registry.npmjs.org/ - name: Trim CI agent run: | @@ -63,7 +63,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' registry-url: https://registry.npmjs.org/ - name: Trim CI agent run: | @@ -137,7 +137,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' registry-url: https://registry.npmjs.org/ - name: Trim CI agent run: | @@ -189,7 +189,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' registry-url: https://registry.npmjs.org/ - name: Trim CI agent run: | @@ -241,7 +241,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '22.x' + node-version: '23.x' registry-url: https://registry.npmjs.org/ - name: Trim CI agent run: | diff --git a/.github/workflows/nydus-demo.yml b/.github/workflows/nydus-demo.yml index d2cf8a59e..01e3a324e 100644 --- a/.github/workflows/nydus-demo.yml +++ b/.github/workflows/nydus-demo.yml @@ -8,7 +8,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: ['22.x'] + node-version: ['23.x'] os: ['ubuntu-latest'] runs-on: ${{ matrix.os }} steps: @@ -17,7 +17,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '21' + java-version: '23' - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: diff --git a/.github/workflows/python-atom-tests.yml b/.github/workflows/python-atom-tests.yml index f2cb10bce..48ae473d0 100644 --- a/.github/workflows/python-atom-tests.yml +++ b/.github/workflows/python-atom-tests.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - node-version: ['22.x'] + node-version: ['23.x'] steps: - uses: actions/checkout@v4 with: @@ -21,7 +21,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '21' + java-version: '23' - name: npm install, build and test run: | corepack enable diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index c7d6f79ef..ae8c31026 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -23,7 +23,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '21' + java-version: '23' - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: diff --git a/.github/workflows/snapshot-tests.yml b/.github/workflows/snapshot-tests.yml index ccad86bca..60b0abb26 100644 --- a/.github/workflows/snapshot-tests.yml +++ b/.github/workflows/snapshot-tests.yml @@ -23,7 +23,7 @@ jobs: - name: Setup Node.js environment uses: actions/setup-node@v4.0.1 with: - node-version: '22.x' + node-version: '23.x' - name: Setup Python uses: actions/setup-python@v5 @@ -90,7 +90,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: diffs - path: | + path: | /home/runner/work/new_snapshots/diffs.json /home/runner/work/new_snapshots/*.html diff --git a/ci/Dockerfile b/ci/Dockerfile index 2e7b6658d..2acd1cc87 100644 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -16,10 +16,10 @@ ARG SWIFT_PLATFORM=ubi9 ARG SWIFT_BRANCH=swift-6.0.1-release ARG SWIFT_VERSION=swift-6.0.1-RELEASE ARG SWIFT_WEBROOT=https://download.swift.org -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG SBT_VERSION=1.10.2 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ARG GO_VERSION=1.23.1 ARG NODE_VERSION=23.2.0 ARG PYTHON_VERSION=3.12 @@ -77,7 +77,7 @@ RUN set -e; \ esac \ && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \ python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel glibc-common glibc-all-langpacks \ - pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \ + pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-9.0 \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && /usr/bin/python${PYTHON_VERSION} --version \ diff --git a/ci/Dockerfile-bun b/ci/Dockerfile-bun index a22d3b8b3..161056558 100644 --- a/ci/Dockerfile-bun +++ b/ci/Dockerfile-bun @@ -16,10 +16,10 @@ ARG SWIFT_PLATFORM=ubi9 ARG SWIFT_BRANCH=swift-6.0.1-release ARG SWIFT_VERSION=swift-6.0.1-RELEASE ARG SWIFT_WEBROOT=https://download.swift.org -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG SBT_VERSION=1.10.2 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ARG GO_VERSION=1.23.1 ARG PYTHON_VERSION=3.12 @@ -70,7 +70,7 @@ RUN set -e; \ esac \ && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \ python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel glibc-common glibc-all-langpacks \ - pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \ + pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-9.0 \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && python${PYTHON_VERSION} --version \ diff --git a/ci/Dockerfile-deno b/ci/Dockerfile-deno index cda697b10..8ea7b4a78 100644 --- a/ci/Dockerfile-deno +++ b/ci/Dockerfile-deno @@ -16,10 +16,10 @@ ARG SWIFT_PLATFORM=ubi9 ARG SWIFT_BRANCH=swift-6.0.1-release ARG SWIFT_VERSION=swift-6.0.1-RELEASE ARG SWIFT_WEBROOT=https://download.swift.org -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG SBT_VERSION=1.10.2 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ARG GO_VERSION=1.23.1 ARG PYTHON_VERSION=3.12 @@ -72,7 +72,7 @@ RUN set -e; \ esac \ && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \ python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel glibc-common glibc-all-langpacks \ - pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \ + pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-9.0 \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && python${PYTHON_VERSION} --version \ diff --git a/ci/Dockerfile-ppc64 b/ci/Dockerfile-ppc64 index fb5043e7c..38a2827bd 100644 --- a/ci/Dockerfile-ppc64 +++ b/ci/Dockerfile-ppc64 @@ -13,7 +13,7 @@ LABEL maintainer="cyclonedx" \ ARG SBT_VERSION=1.10.2 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ARG GO_VERSION=1.23.1 ARG PYTHON_VERSION=3.12 diff --git a/ci/base-images/README.md b/ci/base-images/README.md index 393b43327..e41702c29 100644 --- a/ci/base-images/README.md +++ b/ci/base-images/README.md @@ -13,30 +13,30 @@ Example invocations: Java 11 version ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11-slim:v10 -r /app -o /app/bom.json -t java +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11-slim:v11 -r /app -o /app/bom.json -t java ``` Java 11 version with Android 33 SDK and gcc ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11:v10 -r /app -o /app/bom.json -t java +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11:v11 -r /app -o /app/bom.json -t java ``` Java 17 version ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17-slim:v10 -r /app -o /app/bom.json -t java +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17-slim:v11 -r /app -o /app/bom.json -t java ``` Java 17 version with Android 34 SDK and gcc ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17:v10 -r /app -o /app/bom.json -t java +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17:v11 -r /app -o /app/bom.json -t java ``` ### .Net Framework, .Net Core 3.1, and .Net 6.0 applications -Use the custom image `ghcr.io/cyclonedx/cdxgen-dotnet:v10`. +Use the custom image `ghcr.io/cyclonedx/cdxgen-dotnet:v11`. Example invocation: @@ -45,47 +45,45 @@ Example invocation: A bundled version of [nuget](./nuget/) and mono is used to support .Net framework apps. ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v10 -r /app -o /app/bom.json -t dotnet-framework +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet-framework ``` Dotnet 3.1 or Dotnet 6.0 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v10 -r /app -o /app/bom.json -t dotnet +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet ``` Dotnet 7.0 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet7:v10 -r /app -o /app/bom.json -t dotnet +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet7:v11 -r /app -o /app/bom.json -t dotnet ``` Dotnet 8.0 -Dotnet 8 is also bundled with the official `ghcr.io/cyclonedx/cdxgen` image. - ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v10 -r /app -o /app/bom.json -t dotnet +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v11 -r /app -o /app/bom.json -t dotnet ``` Dotnet 9.0 -Use the `cdxgen-rolling` image for testing dotnet 9 apps. +Dotnet 9 is also bundled with the official `ghcr.io/cyclonedx/cdxgen` image. ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-rolling:v10 -r /app -o /app/bom.json -t dotnet +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet9:v11 -r /app -o /app/bom.json -t dotnet ``` ### Python applications -Use the custom image `ghcr.io/cyclonedx/cdxgen-python312:v10` or `ghcr.io/cyclonedx/cdxgen-python311:v10`. This includes additional build tools and libraries to build a range of Python applications. Construction of the dependency tree is supported with Python >= 3.9. +Use the custom image `ghcr.io/cyclonedx/cdxgen-python312:v11` or `ghcr.io/cyclonedx/cdxgen-python311:v11`. This includes additional build tools and libraries to build a range of Python applications. Construction of the dependency tree is supported with Python >= 3.9. Example invocation: Python 3.6 (Direct dependencies only without dependency tree) ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python36:v10 -r /app -o /app/bom.json -t python +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python36:v11 -r /app -o /app/bom.json -t python ``` NOTE: dependency tree is unavailable with Python 3.6 @@ -93,35 +91,35 @@ NOTE: dependency tree is unavailable with Python 3.6 Python 3.9 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python39:v10 -r /app -o /app/bom.json -t python +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python39:v11 -r /app -o /app/bom.json -t python ``` Python 3.10 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v10 -r /app -o /app/bom.json -t python +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/bom.json -t python ``` Python 3.11 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python311:v10 -r /app -o /app/bom.json -t python +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python311:v11 -r /app -o /app/bom.json -t python ``` Python 3.12 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python312:v10 -r /app -o /app/bom.json -t python +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python312:v11 -r /app -o /app/bom.json -t python ``` ### Node.js applications -Use the custom image `ghcr.io/cyclonedx/cdxgen-node20:v10`. +Use the custom image `ghcr.io/cyclonedx/cdxgen-node20:v11`. Node.js 20 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v10 -r /app -o /app/bom.json -t js +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v11 -r /app -o /app/bom.json -t js ``` ## Troubleshooting @@ -199,7 +197,7 @@ Include the below argument with the `nerdctl run` command. Example: ```shell -nerdctl run --rm --platform=linux/arm64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v10 -r /app -o /app/bom.json -t js +nerdctl run --rm --platform=linux/arm64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v11 -r /app -o /app/bom.json -t js ``` ## License diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet6 b/ci/base-images/cdxgen/Dockerfile.dotnet6 index 2dad83d08..63874fd02 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet6 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet6 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for legacy .Net Core and .Net Framework apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet7 b/ci/base-images/cdxgen/Dockerfile.dotnet7 index a67d58cf7..34125b259 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet7 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet7 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 7 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet7:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet7:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet8 b/ci/base-images/cdxgen/Dockerfile.dotnet8 index 1b51998d6..1cf11fa5b 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet8 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet8 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 8 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet9 b/ci/base-images/cdxgen/Dockerfile.dotnet9 new file mode 100644 index 000000000..62b89f922 --- /dev/null +++ b/ci/base-images/cdxgen/Dockerfile.dotnet9 @@ -0,0 +1,21 @@ +FROM ghcr.io/cyclonedx/bci-dotnet9:master + +LABEL maintainer="CycloneDX" \ + org.opencontainers.image.authors="Team AppThreat " \ + org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ + org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ + org.opencontainers.image.version="rolling" \ + org.opencontainers.image.vendor="AppThreat" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.title="cdxgen" \ + org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 8 apps" \ + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet9:v11 -r /app --server" + +ENV CDXGEN_IN_CONTAINER=true \ + PYTHONPATH=/opt/pypi +ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin: + +RUN npm install -g @cyclonedx/cdxgen --omit=dev \ + && pip install --upgrade --no-cache-dir blint --target /opt/pypi + +ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.java b/ci/base-images/cdxgen/Dockerfile.java index 2524f112c..34e7737eb 100644 --- a/ci/base-images/cdxgen/Dockerfile.java +++ b/ci/base-images/cdxgen/Dockerfile.java @@ -9,7 +9,7 @@ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 11 and android apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true diff --git a/ci/base-images/cdxgen/Dockerfile.java-slim b/ci/base-images/cdxgen/Dockerfile.java-slim index abb8da24d..a83bebdad 100644 --- a/ci/base-images/cdxgen/Dockerfile.java-slim +++ b/ci/base-images/cdxgen/Dockerfile.java-slim @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 11 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java-slim:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java-slim:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true diff --git a/ci/base-images/cdxgen/Dockerfile.java17 b/ci/base-images/cdxgen/Dockerfile.java17 index 2c66ae9a3..3054163c4 100644 --- a/ci/base-images/cdxgen/Dockerfile.java17 +++ b/ci/base-images/cdxgen/Dockerfile.java17 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 17 and android apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true diff --git a/ci/base-images/cdxgen/Dockerfile.java17-slim b/ci/base-images/cdxgen/Dockerfile.java17-slim index b9491d401..84e98a3da 100644 --- a/ci/base-images/cdxgen/Dockerfile.java17-slim +++ b/ci/base-images/cdxgen/Dockerfile.java17-slim @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 17 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17-slim:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17-slim:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true diff --git a/ci/base-images/cdxgen/Dockerfile.node20 b/ci/base-images/cdxgen/Dockerfile.node20 index edcede26d..fb0a1e852 100644 --- a/ci/base-images/cdxgen/Dockerfile.node20 +++ b/ci/base-images/cdxgen/Dockerfile.node20 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Node.js 20 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true diff --git a/ci/base-images/cdxgen/Dockerfile.python b/ci/base-images/cdxgen/Dockerfile.python index c86ca9bc8..1ef5c86a2 100644 --- a/ci/base-images/cdxgen/Dockerfile.python +++ b/ci/base-images/cdxgen/Dockerfile.python @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Python 3.12 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python:v11 -r /app --server" ARG NODE_VERSION=23.2.0 diff --git a/ci/base-images/cdxgen/Dockerfile.python310 b/ci/base-images/cdxgen/Dockerfile.python310 index 565dd6959..bd8d47088 100644 --- a/ci/base-images/cdxgen/Dockerfile.python310 +++ b/ci/base-images/cdxgen/Dockerfile.python310 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for python 3.10 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ diff --git a/ci/base-images/cdxgen/Dockerfile.python311 b/ci/base-images/cdxgen/Dockerfile.python311 index c0b62520a..1d56a5618 100644 --- a/ci/base-images/cdxgen/Dockerfile.python311 +++ b/ci/base-images/cdxgen/Dockerfile.python311 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Python 3.11 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python311:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python311:v11 -r /app --server" ARG NODE_VERSION=20.17.0 diff --git a/ci/base-images/cdxgen/Dockerfile.python36 b/ci/base-images/cdxgen/Dockerfile.python36 index 59a110e22..b6d3120a5 100644 --- a/ci/base-images/cdxgen/Dockerfile.python36 +++ b/ci/base-images/cdxgen/Dockerfile.python36 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Python 3.6 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python36:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python36:v11 -r /app --server" ARG NODE_VERSION=20.17.0 diff --git a/ci/base-images/cdxgen/Dockerfile.python39 b/ci/base-images/cdxgen/Dockerfile.python39 index 4d6c73037..92f7ba85a 100644 --- a/ci/base-images/cdxgen/Dockerfile.python39 +++ b/ci/base-images/cdxgen/Dockerfile.python39 @@ -9,7 +9,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for python 3.9 apps" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python39:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python39:v11 -r /app --server" ENV CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ diff --git a/ci/base-images/cdxgen/Dockerfile.rolling b/ci/base-images/cdxgen/Dockerfile.rolling index e4c0a803f..b4449dc43 100644 --- a/ci/base-images/cdxgen/Dockerfile.rolling +++ b/ci/base-images/cdxgen/Dockerfile.rolling @@ -15,7 +15,7 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cdxgen" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator based on tumbleweed" \ - org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-rolling:v10 -r /app --server" + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-rolling:v11 -r /app --server" RUN npm install -g git+https://github.com/CycloneDX/cdxgen --omit=dev \ && pip install --upgrade --no-cache-dir blint --target /opt/pypi diff --git a/ci/base-images/opensuse/Dockerfile.lang b/ci/base-images/opensuse/Dockerfile.lang index af1a76dba..7aed58939 100644 --- a/ci/base-images/opensuse/Dockerfile.lang +++ b/ci/base-images/opensuse/Dockerfile.lang @@ -2,8 +2,8 @@ FROM opensuse/tumbleweed:latest ARG MAVEN_VERSION=4.0.0-beta-4 ARG SBT_VERSION=1.10.2 -ARG GRADLE_VERSION=8.10.1 -ARG DOTNET_SDK_VERSION=9.0.100-rc.2.24474.11 +ARG GRADLE_VERSION=8.11 +ARG DOTNET_SDK_VERSION=9.0.100 ENV SBT_VERSION=$SBT_VERSION \ MAVEN_VERSION=$MAVEN_VERSION \ diff --git a/ci/base-images/sle/Dockerfile.dotnet7 b/ci/base-images/sle/Dockerfile.dotnet7 index c7e6289a5..033a6024e 100644 --- a/ci/base-images/sle/Dockerfile.dotnet7 +++ b/ci/base-images/sle/Dockerfile.dotnet7 @@ -1,6 +1,6 @@ FROM registry.suse.com/bci/dotnet-sdk:7.0 -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false \ DOTNET_NOLOGO=true \ diff --git a/ci/base-images/sle/Dockerfile.dotnet9 b/ci/base-images/sle/Dockerfile.dotnet9 new file mode 100644 index 000000000..abe727820 --- /dev/null +++ b/ci/base-images/sle/Dockerfile.dotnet9 @@ -0,0 +1,14 @@ +FROM registry.suse.com/bci/dotnet-sdk:9.0 + +ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false \ + DOTNET_NOLOGO=true \ + DOTNET_USE_POLLING_FILE_WATCHER=true \ + NUGET_XMLDOC_MODE=skip \ + DOTNET_RUNNING_IN_CONTAINER=true \ + DOTNET_CLI_TELEMETRY_OPTOUT=1 + +RUN zypper refresh && zypper --non-interactive update && zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 python311 python311-pip wget zip unzip make gawk java-21-openjdk-devel \ + && dotnet --list-sdks \ + && zypper clean -a + +CMD /bin/bash diff --git a/ci/base-images/sle/Dockerfile.java17 b/ci/base-images/sle/Dockerfile.java17 index 6ca4e6f60..468ddeefe 100644 --- a/ci/base-images/sle/Dockerfile.java17 +++ b/ci/base-images/sle/Dockerfile.java17 @@ -1,8 +1,8 @@ FROM registry.suse.com/bci/openjdk-devel:17 -ARG SBT_VERSION=1.10.1 +ARG SBT_VERSION=1.10.5 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ARG GCC_VERSION=13 ENV SBT_VERSION=$SBT_VERSION \ diff --git a/ci/base-images/sle/Dockerfile.java17-slim b/ci/base-images/sle/Dockerfile.java17-slim index b249ca1b9..1a3ebdd9e 100644 --- a/ci/base-images/sle/Dockerfile.java17-slim +++ b/ci/base-images/sle/Dockerfile.java17-slim @@ -1,8 +1,8 @@ FROM registry.suse.com/bci/openjdk-devel:17 -ARG SBT_VERSION=1.10.1 +ARG SBT_VERSION=1.10.5 ARG MAVEN_VERSION=3.9.9 -ARG GRADLE_VERSION=8.10 +ARG GRADLE_VERSION=8.11 ENV SBT_VERSION=$SBT_VERSION \ MAVEN_VERSION=$MAVEN_VERSION \ diff --git a/ci/base-images/sle/Dockerfile.lang b/ci/base-images/sle/Dockerfile.lang index 1c216c90c..5b5d34409 100644 --- a/ci/base-images/sle/Dockerfile.lang +++ b/ci/base-images/sle/Dockerfile.lang @@ -1,6 +1,6 @@ FROM registry.suse.com/bci/python:3.12 -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG MAVEN_VERSION=3.9.9 ARG GCC_VERSION=13 ARG NODE_VERSION=23.2.0 diff --git a/ci/base-images/sle/Dockerfile.node20 b/ci/base-images/sle/Dockerfile.node20 index 35096c2c7..1b86415aa 100644 --- a/ci/base-images/sle/Dockerfile.node20 +++ b/ci/base-images/sle/Dockerfile.node20 @@ -1,6 +1,6 @@ FROM registry.suse.com/bci/nodejs:20 -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG GCC_VERSION=13 ENV JAVA_VERSION=$JAVA_VERSION \ diff --git a/ci/base-images/sle/Dockerfile.python311 b/ci/base-images/sle/Dockerfile.python311 index fdc8cac11..9441d435a 100644 --- a/ci/base-images/sle/Dockerfile.python311 +++ b/ci/base-images/sle/Dockerfile.python311 @@ -1,6 +1,6 @@ FROM registry.suse.com/bci/python:3.11 -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG MAVEN_VERSION=3.9.9 ARG GCC_VERSION=13 ARG NODE_VERSION=20.17.0 diff --git a/ci/base-images/sle/Dockerfile.python36 b/ci/base-images/sle/Dockerfile.python36 index 59703e31a..91edc275d 100644 --- a/ci/base-images/sle/Dockerfile.python36 +++ b/ci/base-images/sle/Dockerfile.python36 @@ -1,6 +1,6 @@ FROM registry.suse.com/bci/python:3.6 -ARG JAVA_VERSION=23-tem +ARG JAVA_VERSION=23.0.1-tem ARG MAVEN_VERSION=3.9.9 ARG GCC_VERSION=13 ARG NODE_VERSION=20.17.0 diff --git a/contrib/lima/cdxgen-opensuse.yaml b/contrib/lima/cdxgen-opensuse.yaml index 97b148e40..4f971861f 100644 --- a/contrib/lima/cdxgen-opensuse.yaml +++ b/contrib/lima/cdxgen-opensuse.yaml @@ -12,8 +12,8 @@ containerd: user: true env: MAVEN_VERSION: 3.9.9 - SBT_VERSION: 1.10.1 - GRADLE_VERSION: 8.10 + SBT_VERSION: 1.10.5 + GRADLE_VERSION: 8.11 MAVEN_HOME: /.sdkman/candidates/maven/current MAVEN_CMD: /.sdkman/candidates/maven/current/bin/mvn GRADLE_HOME: /.sdkman/candidates/gradle/current @@ -48,8 +48,8 @@ provision: #!/bin/bash set -e -o pipefail export MAVEN_VERSION=3.9.9 - export SBT_VERSION=1.10.1 - export GRADLE_VERSION=8.10 + export SBT_VERSION=1.10.5 + export GRADLE_VERSION=8.11 export MAVEN_HOME="/.sdkman/candidates/maven/${MAVEN_VERSION}" export GRADLE_HOME="/.sdkman/candidates/gradle/${GRADLE_VERSION}" export SBT_HOME="/.sdkman/candidates/sbt/${SBT_VERSION}" diff --git a/deno.json b/deno.json index 2975c5be0..cc8107d30 100644 --- a/deno.json +++ b/deno.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "11.0.0", + "version": "11.0.1", "exports": "./lib/cli/index.js", "compilerOptions": { "lib": ["deno.window"], @@ -48,7 +48,7 @@ "gen-types": "npx -p typescript tsc" }, "imports": { - "@appthreat/atom": "npm:@appthreat/atom@2.0.21", + "@appthreat/atom": "npm:@appthreat/atom@2.0.22", "@appthreat/cdx-proto": "npm:@appthreat/cdx-proto@1.0.1", "@babel/parser": "npm:@babel/parser@^7.26.2", "@babel/traverse": "npm:@babel/traverse@^7.25.7", diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md index 4a09971bf..0ed626967 100644 --- a/docs/ADVANCED.md +++ b/docs/ADVANCED.md @@ -459,12 +459,12 @@ docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/cyclonedx/cdxgen -r / If the project requires a different version of the SDK, such as .Net core 3.1 or dotnet 6.0, then try with the below custom [images](https://github.com/CycloneDX/cdxgen/ci/base-images). ```shell -docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/cyclonedx/cdxgen-dotnet:v10 -r /app -o bom.json -t dotnet +docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/cyclonedx/cdxgen-dotnet:v11 -r /app -o bom.json -t dotnet ``` If the project requires legacy frameworks such as .Net Framework 4.6/4.7, then a Windows operating system or container is required to generate the SBOM correctly. A workaround is to commit the project.assets.json and the lock files to the repository from Windows and run cdxgen from Linux as normal. -For legacy Java projects, use the custom images `ghcr.io/cyclonedx/cdxgen-java:v10` (Java 11) or `ghcr.io/cyclonedx/cdxgen-java17:v10` (Java 17). Alternatively, use the CLI arguments as shown. +For legacy Java projects, use the custom images `ghcr.io/cyclonedx/cdxgen-java:v11` (Java 11) or `ghcr.io/cyclonedx/cdxgen-java17:v11` (Java 17). Alternatively, use the CLI arguments as shown. ```shell cdxgen -t java11 diff --git a/jsr.json b/jsr.json index 788efa8c2..2b3b98a93 100644 --- a/jsr.json +++ b/jsr.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "11.0.0", + "version": "11.0.1", "exports": "./lib/cli/index.js", "include": ["*.js", "lib/**", "bin/**", "data/**", "types/**"], "exclude": [ diff --git a/lib/cli/index.js b/lib/cli/index.js index 21c08da5b..f90f64240 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -1470,7 +1470,7 @@ export async function createJavaBom(path, options) { ); } else { console.log( - "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.", + "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v11`.", ); } console.log( @@ -5127,7 +5127,7 @@ export async function createCsharpBom(path, options) { "This project requires a specific version of dotnet sdk to be installed. The cdxgen container image bundles dotnet SDK 8.0, which might be incompatible.", ); console.log( - "Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v10` container images.", + "Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v11` container images.", ); } else { console.error( @@ -5138,7 +5138,7 @@ export async function createCsharpBom(path, options) { ); if (process.env?.CDXGEN_IN_CONTAINER !== "true") { console.log( - "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` container image, which bundles nuget (mono) and a range of dotnet SDKs.", + "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` container image, which bundles nuget (mono) and a range of dotnet SDKs.", ); } } @@ -5228,7 +5228,7 @@ export async function createCsharpBom(path, options) { "3. If the project uses the legacy .Net Framework 4.6/4.7/4.8, it might require execution on Windows.", ); console.log( - "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.", + "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet:v11` container image, which bundles a range of dotnet SDKs.", ); options.failOnError && process.exit(1); } diff --git a/lib/helpers/envcontext.js b/lib/helpers/envcontext.js index 485a417d2..afb1b2083 100644 --- a/lib/helpers/envcontext.js +++ b/lib/helpers/envcontext.js @@ -30,7 +30,7 @@ export const SDKMAN_JAVA_TOOL_ALIASES = { java17: process.env.JAVA17_TOOL || "17.0.12-tem", java21: process.env.JAVA21_TOOL || "21.0.4-tem", java22: process.env.JAVA22_TOOL || "22.0.2-tem", - java23: process.env.JAVA23_TOOL || "23-tem", + java23: process.env.JAVA23_TOOL || "23.0.1-tem", }; /** diff --git a/lib/helpers/envcontext.test.js b/lib/helpers/envcontext.test.js index 40395f08d..f52a1b402 100644 --- a/lib/helpers/envcontext.test.js +++ b/lib/helpers/envcontext.test.js @@ -41,7 +41,7 @@ test("tools tests", () => { test("sdkman tests", () => { if (process.env?.SDKMAN_VERSION) { expect(isSdkmanAvailable()).toBeTruthy(); - expect(isSdkmanToolAvailable("java", "23-tem")).toBeTruthy(); + expect(isSdkmanToolAvailable("java", "23.0.1-tem")).toBeTruthy(); } }); diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js index 86aa0b8a7..89b44fbe4 100644 --- a/lib/helpers/utils.js +++ b/lib/helpers/utils.js @@ -3198,7 +3198,7 @@ export function executeParallelGradleProperties(dir, allProjectsStr) { "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7.\n cdxgen container image bundles Java 23 with gradle 8 which might be incompatible.", ); console.log( - "2. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.", + "2. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v11`.", ); if (result.stderr?.includes("not get unknown property")) { console.log( @@ -10987,7 +10987,7 @@ export function getPipFrozenTree( ); } console.warn( - "This project does not support python with version types. Use an appropriate container image such as `ghcr.io/appthreat/cdxgen-python39:v10` or `ghcr.io/appthreat/cdxgen-python311:v10` and invoke cdxgen with `-t python` instead.\n", + "This project does not support python with version types. Use an appropriate container image such as `ghcr.io/appthreat/cdxgen-python39:v11` or `ghcr.io/appthreat/cdxgen-python311:v11` and invoke cdxgen with `-t python` instead.\n", ); } if (!versionRelatedError) { @@ -11025,7 +11025,7 @@ export function getPipFrozenTree( "1. Try invoking cdxgen with a specific python version type. Example: `-t python36` or `-t python39`", ); console.log( - "2. Alternatively, try using the custom container images `ghcr.io/cyclonedx/cdxgen-python39:v10` or `ghcr.io/cyclonedx/cdxgen-python311:v10`, which bundles a range of build tools and development libraries.", + "2. Alternatively, try using the custom container images `ghcr.io/cyclonedx/cdxgen-python39:v11` or `ghcr.io/cyclonedx/cdxgen-python311:v11`, which bundles a range of build tools and development libraries.", ); } else if ( process.env?.PIP_INSTALL_ARGS?.includes("--python-version") diff --git a/package.json b/package.json index 0d22c89eb..eb161bba3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "11.0.0", + "version": "11.0.1", "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image", "homepage": "http://github.com/cyclonedx/cdxgen", "author": "Prabhu Subramanian ", @@ -65,7 +65,7 @@ "bugs": { "url": "https://github.com/cyclonedx/cdxgen/issues" }, - "packageManager": "pnpm@9.12.3", + "packageManager": "pnpm@9.13.2", "lint-staged": { "*": "biome check --fix --no-errors-on-unmatched" }, @@ -99,16 +99,16 @@ "yargs": "^17.7.2" }, "optionalDependencies": { - "@appthreat/atom": "2.0.21", + "@appthreat/atom": "2.0.22", "@appthreat/cdx-proto": "1.0.1", - "@cyclonedx/cdxgen-plugins-bin": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-arm": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-arm64": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-darwin-amd64": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-darwin-arm64": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-ppc64": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-windows-amd64": "1.6.7", - "@cyclonedx/cdxgen-plugins-bin-windows-arm64": "1.6.7", + "@cyclonedx/cdxgen-plugins-bin": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-arm": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-arm64": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-darwin-amd64": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-darwin-arm64": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-ppc64": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-windows-amd64": "1.6.9", + "@cyclonedx/cdxgen-plugins-bin-windows-arm64": "1.6.9", "body-parser": "^2.0.1", "compression": "^1.7.5", "connect": "^3.7.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c9b37655d..49f054965 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -86,7 +86,7 @@ importers: version: 3.0.0 uuid: specifier: ^11.0.2 - version: 11.0.2 + version: 11.0.3 validate-iri: specifier: ^1.0.1 version: 1.0.1 @@ -98,35 +98,35 @@ importers: version: 17.7.2 optionalDependencies: '@appthreat/atom': - specifier: 2.0.21 - version: 2.0.21 + specifier: 2.0.22 + version: 2.0.22 '@appthreat/cdx-proto': specifier: 1.0.1 version: 1.0.1 '@cyclonedx/cdxgen-plugins-bin': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-arm': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-arm64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-darwin-amd64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-darwin-arm64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-ppc64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-windows-amd64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 '@cyclonedx/cdxgen-plugins-bin-windows-arm64': - specifier: 1.6.7 - version: 1.6.7 + specifier: 1.6.9 + version: 1.6.9 body-parser: specifier: ^2.0.1 version: 2.0.2 @@ -162,8 +162,8 @@ packages: resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==} engines: {node: '>=6.0.0'} - '@appthreat/atom@2.0.21': - resolution: {integrity: sha512-kdCW6ASdh7oUN9yz95eDmgzo1M/8/K0EmxPIMHf4JI+FLbLkdGtN3MEqZqyF9GHHMhfdwHtyZcrnRp3v6c27AQ==} + '@appthreat/atom@2.0.22': + resolution: {integrity: sha512-EZCS8p3JmWj/pIp1sM0PxXI+PzT9TGiyRGMdtGaORjP9ExZ7PmdIt7sfidA4jRxAAfRYVPVmOi8MGy7KgIrbAw==} engines: {node: '>=16.0.0'} hasBin: true @@ -388,43 +388,43 @@ packages: '@bufbuild/protobuf@1.7.2': resolution: {integrity: sha512-i5GE2Dk5ekdlK1TR7SugY4LWRrKSfb5T1Qn4unpIMbfxoeGKERKQ59HG3iYewacGD10SR7UzevfPnh6my4tNmQ==} - '@cyclonedx/cdxgen-plugins-bin-arm64@1.6.7': - resolution: {integrity: sha512-lv7oz5pCOPA4FWozn5LTnZ2XsV0/q5qGzgSQD8552+xR0/L2iylljjIE3M42OMaCqI/ddQlGt1N2WWQ0RxBb9g==} + '@cyclonedx/cdxgen-plugins-bin-arm64@1.6.9': + resolution: {integrity: sha512-Cmab5i0cqDMNBPBbtqmezHboY8w+a0slTFEahBlO6NWF5Zp9KGF8XdGLkhh7BAKzHrOvoEYqsLum/XRIiptx/A==} cpu: [arm64] os: [linux] - '@cyclonedx/cdxgen-plugins-bin-arm@1.6.7': - resolution: {integrity: sha512-ruVMoipaL5T+ZQwP+KXGE9nMlTmMVCNGDZMB9dUgJzZaqcjBFBfibNHRqsdelUYVhBop+7BTfq7W247R1TTU8w==} + '@cyclonedx/cdxgen-plugins-bin-arm@1.6.9': + resolution: {integrity: sha512-33rCgOEq+YwPeXw1RsqCUm0HwM3SB693FFL/lRvBxeIoO2WJSokDFTKNX1qFbLhpWbcyjktYPOybi9E4eLfKZA==} cpu: [arm] os: [linux] - '@cyclonedx/cdxgen-plugins-bin-darwin-amd64@1.6.7': - resolution: {integrity: sha512-t/z41SkqOAISfK/kANeou5BNy0UNZSiqrtxrANtsolIiqjp22uT981AnR7b/YJVzaM8ycPxWNAxE0lborVAHLw==} + '@cyclonedx/cdxgen-plugins-bin-darwin-amd64@1.6.9': + resolution: {integrity: sha512-q+UJFfsIjnKJK/gi2JGDEgNIx/NlZ+GyKi4eN+KfOoQ89oiw1LeP3NeWbFuq65s7RMjE14JR7fk7mHKwY7/j4Q==} cpu: [x64] os: [darwin] - '@cyclonedx/cdxgen-plugins-bin-darwin-arm64@1.6.7': - resolution: {integrity: sha512-BxKVwkKA24zzC0PI7bBLbdhWgTZykvPzfkzedud044ezuhr6f1+6xJZ0iHuJ0YtgTB6msEVgDjJK1Sa9ejXrOw==} + '@cyclonedx/cdxgen-plugins-bin-darwin-arm64@1.6.9': + resolution: {integrity: sha512-MhpS7l6mjLRbk5/qMkAOU52l7D9Zu+FRYcwMAjK07LyJQPtCQ3woh75nmLWDJBYGoC0HGtruqW5injsRB3U43g==} cpu: [arm64] os: [darwin] - '@cyclonedx/cdxgen-plugins-bin-ppc64@1.6.7': - resolution: {integrity: sha512-Jg0oCwBMiTRsVrhXs7Ev1QiBo13rnIoJbEOPV3VLW9euMlmfWk6aJCJc1K3knNSm3Jd8MaCUxwjDoTE/CB6PAg==} + '@cyclonedx/cdxgen-plugins-bin-ppc64@1.6.9': + resolution: {integrity: sha512-+UOV66PilNNWCAqlicpANDs/RfUeAqfsQL1jmKrrIlcmoUzh4YmXHvGu9zYJpOBUiY03dlJMUuzvV2HjCS9V+w==} cpu: [ppc64] os: [linux] - '@cyclonedx/cdxgen-plugins-bin-windows-amd64@1.6.7': - resolution: {integrity: sha512-d3IT0PqquFyEULgjEkZA0+k/9bMmcHAHSb1SDkF7joki15CKeb+nzsHFn65oax52Jf6nrJ247hlggAbAca6yDQ==} + '@cyclonedx/cdxgen-plugins-bin-windows-amd64@1.6.9': + resolution: {integrity: sha512-O6AHve3MS8n6ND2jQ3ZqOjuMiMCyrpKmQ0MjAOpWhUH2dEcvFV4uEdb9BY1um6RtqfVtoUodMx/49x4m9q0z+A==} cpu: [x64] os: [win32] - '@cyclonedx/cdxgen-plugins-bin-windows-arm64@1.6.7': - resolution: {integrity: sha512-nSfJ3r9WbgMhQz0+ioHurvD7UIxVsbxPqqt2gAkCp/8au6xUre1AEV7HWpzC3eblXRRtmZPmjUEcxkObFj2nEw==} + '@cyclonedx/cdxgen-plugins-bin-windows-arm64@1.6.9': + resolution: {integrity: sha512-8OK5G1wczb8yf5vhmYWjueKdWq2G4SEogUb86lwuemz1bTOZkuLl4oRYwAp79+fzF/lMKJmxK4pTWmf+2zhdZQ==} cpu: [arm64] os: [win32] - '@cyclonedx/cdxgen-plugins-bin@1.6.7': - resolution: {integrity: sha512-cgcqgTAQlnJx3//E0dSz4psZzhbmXs6nnD9g3f9wGhWg6TFNIPTHxXLWsEFex6tgDtjKfjcQ1lSdkbWNqX4djQ==} + '@cyclonedx/cdxgen-plugins-bin@1.6.9': + resolution: {integrity: sha512-WGXpmuokvkCblmvvPxH8tvk5bC/Jq2Zgy/RVXrYYt51uW9vtA++GmPeWpMewMfgg/jto9pJY+twnDS2l4t/bCQ==} cpu: [x64] '@isaacs/cliui@8.0.2': @@ -872,8 +872,8 @@ packages: resolution: {integrity: sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==} engines: {node: '>=10'} - caniuse-lite@1.0.30001679: - resolution: {integrity: sha512-j2YqID/YwpLnKzCmBOS4tlZdWprXm3ZmQLBH9ZBXFOhoxLA46fwyBvx6toCBWBmnuwUY/qB3kEU6gFx8qgCroA==} + caniuse-lite@1.0.30001680: + resolution: {integrity: sha512-rPQy70G6AGUMnbwS1z6Xg+RkHYPAi18ihs47GH0jcxIG7wArmPgY3XbS2sRdBbxJljp3thdT8BIqv9ccCypiPA==} chalk@4.1.2: resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==} @@ -1089,8 +1089,8 @@ packages: ee-first@1.1.1: resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==} - electron-to-chromium@1.5.55: - resolution: {integrity: sha512-6maZ2ASDOTBtjt9FhqYPRnbvKU5tjG0IN9SztUOWYw2AzNDNpKJYLJmlK0/En4Hs/aiWnB+JZ+gW19PIGszgKg==} + electron-to-chromium@1.5.62: + resolution: {integrity: sha512-t8c+zLmJHa9dJy96yBZRXGQYoiCEnHYgFwn1asvSPZSUdVxnB62A4RASd7k41ytG3ErFBA0TpHlKg9D9SQBmLg==} emittery@0.13.1: resolution: {integrity: sha512-DeWwawk6r5yR9jFgnDKYt4sLS0LmHJJi3ZOnb5/JdbYwj3nW+FxQnHIjhBKz8YLC7oRNPVM9NQ47I3CVx34eqQ==} @@ -2466,8 +2466,8 @@ packages: resolution: {integrity: sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==} engines: {node: '>=10'} - type-fest@4.26.1: - resolution: {integrity: sha512-yOGpmOAL7CkKe/91I5O3gPICmJNLJ1G4zFYVAsRHg7M64biSnPtRj0WNQt++bRkjYOqjWXrhnUw1utzmVErAdg==} + type-fest@4.27.0: + resolution: {integrity: sha512-3IMSWgP7C5KSQqmo1wjhKrwsvXAtF33jO3QY+Uy++ia7hqvgSK6iXbbg5PbDBc1P2ZbNEDgejOrN4YooXvhwCw==} engines: {node: '>=16'} type-is@1.6.18: @@ -2482,8 +2482,8 @@ packages: undici-types@6.19.8: resolution: {integrity: sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==} - undici@6.20.1: - resolution: {integrity: sha512-AjQF1QsmqfJys+LXfGTNum+qw4S88CojRInG/6t31W/1fk6G59s92bnAvGz5Cmur+kQv2SURXEvvudLmbrE8QA==} + undici@6.21.0: + resolution: {integrity: sha512-BUgJXc752Kou3oOIuU1i+yZZypyZRqNPW0vqoMPl8VaoalSfeR0D8/t4iAS3yirs79SSMTxTag+ZC86uswv+Cw==} engines: {node: '>=18.17'} unicorn-magic@0.1.0: @@ -2523,8 +2523,8 @@ packages: resolution: {integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==} engines: {node: '>= 0.4.0'} - uuid@11.0.2: - resolution: {integrity: sha512-14FfcOJmqdjbBPdDjFQyk/SdT4NySW4eM0zcG+HqbHP5jzuH56xO3J1DGhgs/cEMCfwYi3HQI1gnTO62iaG+tQ==} + uuid@11.0.3: + resolution: {integrity: sha512-d0z310fCWv5dJwnX1Y/MncBAqGMKEzlBb1AOf7z9K8ALnd0utBX/msg/fA0+sbyN1ihbMsLhrBlnl1ak7Wa0rg==} hasBin: true uuid@8.3.2: @@ -2645,7 +2645,7 @@ snapshots: '@jridgewell/gen-mapping': 0.3.5 '@jridgewell/trace-mapping': 0.3.25 - '@appthreat/atom@2.0.21': + '@appthreat/atom@2.0.22': dependencies: '@babel/parser': 7.26.2 typescript: 5.6.3 @@ -2882,28 +2882,28 @@ snapshots: '@bufbuild/protobuf@1.7.2': optional: true - '@cyclonedx/cdxgen-plugins-bin-arm64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-arm64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-arm@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-arm@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-darwin-amd64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-darwin-amd64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-darwin-arm64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-darwin-arm64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-ppc64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-ppc64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-windows-amd64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-windows-amd64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin-windows-arm64@1.6.7': + '@cyclonedx/cdxgen-plugins-bin-windows-arm64@1.6.9': optional: true - '@cyclonedx/cdxgen-plugins-bin@1.6.7': + '@cyclonedx/cdxgen-plugins-bin@1.6.9': optional: true '@isaacs/cliui@8.0.2': @@ -3541,8 +3541,8 @@ snapshots: browserslist@4.24.2: dependencies: - caniuse-lite: 1.0.30001679 - electron-to-chromium: 1.5.55 + caniuse-lite: 1.0.30001680 + electron-to-chromium: 1.5.62 node-releases: 2.0.18 update-browserslist-db: 1.1.1(browserslist@4.24.2) @@ -3620,7 +3620,7 @@ snapshots: camelcase@6.3.0: {} - caniuse-lite@1.0.30001679: {} + caniuse-lite@1.0.30001680: {} chalk@4.1.2: dependencies: @@ -3649,7 +3649,7 @@ snapshots: parse5: 7.2.1 parse5-htmlparser2-tree-adapter: 7.1.0 parse5-parser-stream: 7.1.2 - undici: 6.20.1 + undici: 6.21.0 whatwg-mimetype: 4.0.0 chownr@1.1.4: @@ -3839,7 +3839,7 @@ snapshots: ee-first@1.1.1: optional: true - electron-to-chromium@1.5.55: {} + electron-to-chromium@1.5.62: {} emittery@0.13.1: {} @@ -4050,7 +4050,7 @@ snapshots: lowercase-keys: 3.0.0 p-cancelable: 4.0.1 responselike: 3.0.0 - type-fest: 4.26.1 + type-fest: 4.27.0 graceful-fs@4.2.11: {} @@ -5462,7 +5462,7 @@ snapshots: type-fest@0.21.3: {} - type-fest@4.26.1: {} + type-fest@4.27.0: {} type-is@1.6.18: dependencies: @@ -5474,7 +5474,7 @@ snapshots: undici-types@6.19.8: {} - undici@6.20.1: {} + undici@6.21.0: {} unicorn-magic@0.1.0: {} @@ -5508,7 +5508,7 @@ snapshots: utils-merge@1.0.1: optional: true - uuid@11.0.2: {} + uuid@11.0.3: {} uuid@8.3.2: optional: true diff --git a/test/diff/generate.py b/test/diff/generate.py index 92fe872e8..99949e1ce 100644 --- a/test/diff/generate.py +++ b/test/diff/generate.py @@ -357,7 +357,7 @@ def run_pre_builds(repo_data, output_dir, debug_cmds): cmds = set(cmds) commands = [c.replace('use', 'install') for c in cmds] - commands.append('sdk install java 23-tem') + commands.append('sdk install java 23.0.1-tem') commands = '\n'.join(commands) sh_path = Path.joinpath(output_dir, 'sdkman_installs.sh') write_script_file(sh_path, commands, debug_cmds)