diff --git a/lib/cli/index.js b/lib/cli/index.js index 5d0e8d752..16365147e 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -918,8 +918,22 @@ function addComponent( pkg.evidence.identity && !Array.isArray(pkg.evidence.identity) ) { + // Automatically add concludedValue + if (pkg.evidence.identity?.methods?.length === 1) { + pkg.evidence.identity.concludedValue = + pkg.evidence.identity.methods[0].value; + } component.evidence.identity = [pkg.evidence.identity]; } + // Convert evidence.identity section to an object for 1.5 + if ( + options.specVersion === 1.5 && + pkg.evidence && + pkg.evidence.identity && + Array.isArray(pkg.evidence.identity) + ) { + component.evidence.identity = pkg.evidence.identity[0]; + } } // Upgrade authors section if (options.specVersion >= 1.6 && component.author) { @@ -4947,6 +4961,7 @@ export function createPHPBom(path, options) { const retMap = parseComposerLock(f, rootRequires); if (retMap.pkgList?.length) { pkgList = pkgList.concat(retMap.pkgList); + pkgList = trimComponents(pkgList); } if (retMap.dependenciesList) { if (moduleParent?.["bom-ref"]) { @@ -5598,6 +5613,43 @@ export function trimComponents(components) { existingComponent.properties = comp.properties; } } + // Retain all component.evidence.identity + if (comp?.evidence?.identity) { + if (!existingComponent.evidence) { + existingComponent.evidence = { identity: [] }; + } else if ( + existingComponent?.evidence?.identity && + !Array.isArray(existingComponent.evidence.identity) + ) { + existingComponent.evidence.identity = [ + existingComponent.evidence.identity, + ]; + } + // comp.evidence.identity can be an array or object + // Merge the evidence.identity based on methods or objects + const identities = Array.isArray(comp.evidence.identity) + ? comp.evidence.identity + : [comp.evidence.identity]; + for (const aident of identities) { + let methodBasedMerge = false; + if (aident?.methods?.length) { + for (const amethod of aident.methods) { + for (const existIdent of existingComponent.evidence.identity) { + if (existIdent.field === aident.field) { + if (!existIdent.methods) { + existIdent.methods = []; + } + existIdent.methods.push(amethod); + methodBasedMerge = true; + } + } + } + } + if (!methodBasedMerge && aident.field && aident.confidence) { + existingComponent.evidence.identity.push(aident); + } + } + } // If the component is required in any of the child projects, then make it required if ( existingComponent?.scope !== "required" && diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index e80b41e96..13dd29bb8 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA4wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAgWD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAwfhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAgJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAuCC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAqdlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAqOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA4wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AA8WD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAwfhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA4EC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAqdlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAqOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file