update atom to get cpg 1.0.1 and the latest protobuf (#1462)

* update atom to get cpg 1.0.1 and the latest protobuf Signed-off-by: Prabhu Subramanian <[email protected]> * Fetch license for java in deep mode Signed-off-by: Prabhu Subramanian <[email protected]> * update atom Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Nov 17, 2024 · d83d58a · d83d58a
1 parent aec1e96
commit d83d58a
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 12 deletions.
diff --git a/deno.json b/deno.json
@@ -48,7 +48,7 @@
     "gen-types": "npx -p typescript tsc"
   },
   "imports": {
-    "@appthreat/atom": "npm:@appthreat/[email protected].22",
+    "@appthreat/atom": "npm:@appthreat/[email protected].24",
     "@appthreat/cdx-proto": "npm:@appthreat/[email protected]",
     "@babel/parser": "npm:@babel/parser@^7.26.2",
     "@babel/traverse": "npm:@babel/traverse@^7.25.7",

diff --git a/lib/cli/index.js b/lib/cli/index.js
@@ -2142,7 +2142,7 @@ export async function createJavaBom(path, options) {
     }
   }
   pkgList = trimComponents(pkgList);
-  pkgList = await getMvnMetadata(pkgList, jarNSMapping);
+  pkgList = await getMvnMetadata(pkgList, jarNSMapping, options.deep);
   return buildBomNSData(options, pkgList, "maven", {
     src: path,
     nsMapping: jarNSMapping,

diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -3426,8 +3426,15 @@ export function guessLicenseId(content) {
  *
  * @param {Array} pkgList Package list
  * @param {Object} jarNSMapping Jar Namespace mapping object
+ * @param {Boolean} force Force fetching of license
+ *
+ * @returns {Array} Updated package list
  */
-export async function getMvnMetadata(pkgList, jarNSMapping = {}) {
+export async function getMvnMetadata(
+  pkgList,
+  jarNSMapping = {},
+  force = false,
+) {
   const MAVEN_CENTRAL_URL =
     process.env.MAVEN_CENTRAL_URL || "https://repo1.maven.org/maven2/";
   const ANDROID_MAVEN_URL =
@@ -3472,7 +3479,7 @@ export async function getMvnMetadata(pkgList, jarNSMapping = {}) {
     }
     const group = p.group || "";
     // If the package already has key metadata skip querying maven
-    if (group && p.name && p.version && !shouldFetchLicense()) {
+    if (group && p.name && p.version && !shouldFetchLicense() && !force) {
       cdepList.push(p);
       continue;
     }

diff --git a/package.json b/package.json
@@ -99,7 +99,7 @@
     "yargs": "^17.7.2"
   },
   "optionalDependencies": {
-    "@appthreat/atom": "2.0.22",
+    "@appthreat/atom": "2.0.24",
     "@appthreat/cdx-proto": "1.0.1",
     "@cyclonedx/cdxgen-plugins-bin": "1.6.9",
     "@cyclonedx/cdxgen-plugins-bin-arm": "1.6.9",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/types/lib/helpers/utils.d.ts b/types/lib/helpers/utils.d.ts
@@ -315,8 +315,11 @@ export function guessLicenseId(content: string): any;
  *
  * @param {Array} pkgList Package list
  * @param {Object} jarNSMapping Jar Namespace mapping object
+ * @param {Boolean} force Force fetching of license
+ *
+ * @returns {Array} Updated package list
  */
-export function getMvnMetadata(pkgList: any[], jarNSMapping?: any): Promise<any[]>;
+export function getMvnMetadata(pkgList: any[], jarNSMapping?: any, force?: boolean): any[];
 /**
  * Method to compose URL of pom.xml
  *

diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map