Merge branch 'CycloneDX:main' into replace-libxmljs2-with-libxml2-wasm

SierraNL · web-flow · commit 452d572563bf · 2025-01-12T09:21:18.000+01:00
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -183,6 +183,9 @@ jobs:
           NODE_VERSION: '${{ matrix.node-version }}'
         run:
           case "$NODE_VERSION" in
+          '23' | '22')
+            npm i -g npm@^11
+            ;;
           '20' | '18')
             npm i -g npm@^10
             ;;
diff --git a/HISTORY.md b/HISTORY.md
@@ -8,18 +8,45 @@ All notable changes to this project will be documented in this file.
 * Dependencies
   * Support `libxml2-wasm@^0.41` as an alternative for `libxmljs2` (via [#1184])
 
+* Build
+  * Use _TypeScript_ `v5.7.3` now, was `v5.7.2` (via [#1204])
+
+[#1204]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1204
+
+## 7.1.0 -- 2025-01-09
+
+* Added
+  * New type `Models.Copyright` and class `Models.CopyrightRepository` (via [#1202])
+  * New type `Models.AttachmentContent` (via [#1202])
+* Changed
+  * Replace usage of internals `Stringable` & `SortableStringables` with public API ([#1192] via [#1202])  
+    This is considered a non-breaking change, as the types are not changed, but made publicly available.
+* Style
+  * Apply latest code style guide (via [#1201])
+* Misc
+  * Support `npm11` ([#1191] via [#1203])
+
+[#1191]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1191
+[#1192]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1192
+[#1201]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1201
+[#1202]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1202
+[#1203]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1203
+
 ## 7.0.0 -- 2024-11-26
 
 * BREAKING changes
   * Property `Models.Bom.tools` is an instance of `Models.Tools` now ([#1152] via [#1163])  
     Before, it was an instance of `Models.ToolRepository`.
+  * Property `Models.Vulnerability.tools` is an instance of `Models.Tools` now (via [#1163])  
+    Before, it was an instance of `Models.ToolRepository`.
 * Added
   * Static function `Models.Tool.fromComponent()` (via [#1163])
   * Static function `Models.Tool.fromService()` (via [#1163])
   * New class `Models.Tools` ([#1152] via [#1163])
   * New serialization/normalization for `Models.Tools` ([#1152] via [#1163], [#1180])
 * Changed
   * Serializers and `Bom`-Normalizers will take changed `Models.Bom.tools` into account ([#1152] via [#1163])
+  * Serializers and `Vulnerability`-Normalizers will take changed `Models.Vulnerability.tools` into account (via [#1163])
 * Style
   * Apply latest code style guide (via [#1170], [#1181])
 * Dependencies
@@ -37,6 +64,13 @@ All notable changes to this project will be documented in this file.
 [#1181]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1181
 [#1182]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1182
 
+## 6.13.1 -- 2024-12-22
+
+* Dependencies
+  * Support `libxmljs2@^0.35` (via [#1196])
+
+[#1196]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1196
+
 ## 6.13.0 -- 2024-11-18
 
 * Added
diff --git a/eslint.config.mjs b/eslint.config.mjs
@@ -33,6 +33,12 @@ const __dirname = path.dirname(__filename)
  */
 export default [
   ...baseCfg,
+  {
+    name: 'project-specific',
+    rules: {
+      "complexity": ["error", { "max": 15 }]
+    }
+  },
   {
     files: ['**/*.js'],
     languageOptions: { sourceType: 'commonjs' }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cyclonedx-library",
-  "version": "7.0.0",
+  "version": "7.1.0",
   "description": "Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).",
   "license": "Apache-2.0",
   "keywords": [
@@ -98,13 +98,13 @@
     "c8": "^8||^9||^10",
     "deepmerge": "^4.2.2",
     "fast-glob": "^3.3.1",
-    "mocha": "10.8.2",
+    "mocha": "10.8.2||11.1.0",
     "npm-run-all2": "^5||^6",
     "rimraf": "^4||^5",
     "ts-loader": "9.5.1",
-    "typescript": "5.7.2",
-    "webpack": "5.96.1",
-    "webpack-cli": "5.1.4",
+    "typescript": "5.7.3",
+    "webpack": "5.97.1",
+    "webpack-cli": "5.1.4||6.0.1",
     "webpack-node-externals": "3.0.0"
   },
   "browser": "./dist.web/lib.js",
diff --git a/src/models/attachment.ts b/src/models/attachment.ts
@@ -25,9 +25,11 @@ export interface OptionalAttachmentProperties {
   encoding?: Attachment['encoding']
 }
 
+export type AttachmentContent = Stringable
+
 export class Attachment {
   contentType?: string
-  content: Stringable
+  content: AttachmentContent
   encoding?: AttachmentEncoding
 
   constructor (content: Attachment['content'], op: OptionalAttachmentProperties = {}) {
diff --git a/src/models/bomLink.ts b/src/models/bomLink.ts
@@ -34,6 +34,10 @@ abstract class BomLinkBase implements Stringable, Comparable<Stringable> {
     this.value = value
   }
 
+  get value (): string {
+    return this.#value
+  }
+
   /**
    * @throws {@link RangeError} if value is invalid
    */
@@ -44,10 +48,6 @@ abstract class BomLinkBase implements Stringable, Comparable<Stringable> {
     this.#value = value
   }
 
-  get value (): string {
-    return this.#value
-  }
-
   compare (other: Stringable): number {
     return this.toString().localeCompare(other.toString())
   }
diff --git a/src/models/component.ts b/src/models/component.ts
@@ -20,13 +20,14 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 import type { PackageURL } from 'packageurl-js'
 
 import type { Comparable } from '../_helpers/sortable'
-import { SortableComparables, SortableStringables } from '../_helpers/sortable'
-import type { Stringable } from '../_helpers/stringable'
+import { SortableComparables } from '../_helpers/sortable'
 import { treeIteratorSymbol } from '../_helpers/tree'
 import type { ComponentScope, ComponentType } from '../enums'
 import type { CPE } from '../types/cpe'
 import { isCPE } from '../types/cpe'
 import { BomRef, BomRefRepository } from './bomRef'
+import type { Copyright } from './copyright'
+import { CopyrightRepository} from './copyright'
 import { ExternalReferenceRepository } from './externalReference'
 import { HashDictionary } from './hash'
 import { LicenseRepository } from './license'
@@ -61,7 +62,7 @@ export class Component implements Comparable<Component> {
   type: ComponentType
   name: string
   author?: string
-  copyright?: Stringable
+  copyright?: Copyright
   description?: string
   externalReferences: ExternalReferenceRepository
   group?: string
@@ -167,10 +168,10 @@ export interface OptionalComponentEvidenceProperties {
 
 export class ComponentEvidence {
   licenses: LicenseRepository
-  copyright: SortableStringables
+  copyright: CopyrightRepository
 
   constructor (op: OptionalComponentEvidenceProperties = {}) {
     this.licenses = op.licenses ?? new LicenseRepository()
-    this.copyright = op.copyright ?? new SortableStringables()
+    this.copyright = op.copyright ?? new CopyrightRepository()
   }
 }
diff --git a/src/models/copyright.ts b/src/models/copyright.ts
@@ -0,0 +1,26 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+import { SortableStringables } from '../_helpers/sortable'
+import type { Stringable } from '../_helpers/stringable'
+
+export type Copyright = Stringable
+
+/* eslint-disable-next-line @typescript-eslint/no-unnecessary-type-arguments -- for docs reasons */
+export class CopyrightRepository extends SortableStringables<Copyright> {}
diff --git a/src/models/index.ts b/src/models/index.ts
@@ -22,6 +22,7 @@ export * from './bom'
 export * from './bomLink'
 export * from './bomRef'
 export * from './component'
+export * from './copyright'
 export * from './externalReference'
 export * from './hash'
 export * from './license'
diff --git a/src/models/vulnerability/rating.ts b/src/models/vulnerability/rating.ts
@@ -48,6 +48,7 @@ export class Rating implements Comparable<Rating> {
     this.justification = op.justification
   }
 
+  /* eslint complexity: ["error", 50] -- acknowledged  */
   compare (other: Rating): number {
     /* eslint-disable @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */
     return ((this.score ?? 0) - (other.score ?? 0)) ||
diff --git a/src/models/vulnerability/vulnerability.ts b/src/models/vulnerability/vulnerability.ts
@@ -98,6 +98,7 @@ export class Vulnerability implements Comparable<Vulnerability> {
     return this.#bomRef
   }
 
+  /* eslint complexity: ["error", 50] -- acknowledged  */
   compare (other: Vulnerability): number {
     const bomRefCompare = this.bomRef.compare(other.bomRef)
     if (bomRefCompare !== 0) {
diff --git a/src/serialize/json/normalize.ts b/src/serialize/json/normalize.ts
@@ -17,6 +17,9 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
+/* eslint complexity: ["error", 50 ] -- acknowledged */
+/* eslint max-lines: 'off' -- intended */
+
 import { chainI } from "../../_helpers/iterable";
 import { isNotUndefined } from '../../_helpers/notUndefined'
 import type { SortableIterable } from '../../_helpers/sortable'
@@ -35,6 +38,8 @@ import type { NormalizerOptions } from '../types'
 import type { Normalized } from './types'
 import { JsonSchema } from './types'
 
+
+
 export class Factory {
   readonly #spec: Spec
 
diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts
@@ -17,6 +17,9 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
+/* eslint complexity: ["error", 50 ] -- acknowledged */
+/* eslint max-lines: 'off' -- intended */
+
 import { chainI } from "../../_helpers/iterable";
 import { isNotUndefined } from '../../_helpers/notUndefined'
 import type { SortableIterable } from '../../_helpers/sortable'
@@ -36,6 +39,8 @@ import { normalizedString, token} from './_xsd'
 import type { SimpleXml } from './types'
 import { XmlSchema } from './types'
 
+
+
 export class Factory {
   readonly #spec: Spec
 
diff --git a/tools/code-style/package.json b/tools/code-style/package.json
@@ -7,19 +7,19 @@
   },
   "dependencies": {
     "@eslint/eslintrc": "3.2.0",
-    "@eslint/js": "9.15.0",
+    "@eslint/js": "9.17.0",
     "@types/eslint": "^9.6.1",
     "eslint": "9.14.0",
-    "eslint-config-love": "107.0.0",
+    "eslint-config-love": "114.0.0",
     "eslint-plugin-editorconfig": "4.0.3",
     "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-jsdoc": "50.5.0",
+    "eslint-plugin-jsdoc": "50.6.1",
     "eslint-plugin-license-header": "0.6.1",
-    "eslint-plugin-n": "17.14.0",
-    "eslint-plugin-promise": "7.1.0",
+    "eslint-plugin-n": "17.15.1",
+    "eslint-plugin-promise": "7.2.1",
     "eslint-plugin-simple-import-sort": "12.1.1",
     "eslint-plugin-tsdoc": "0.4.0",
     "globals": "^15.7.0",
-    "typescript-eslint": "8.15.0"
+    "typescript-eslint": "8.19.1"
   }
 }
diff --git a/tools/docs-gen/package.json b/tools/docs-gen/package.json
@@ -6,7 +6,7 @@
     "node": ">=20"
   },
   "dependencies": {
-    "typedoc": "^0.26.3",
+    "typedoc": "^0.27.2",
     "typedoc-plugin-missing-exports": "^3.0.0"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,10 @@ abstract class BomLinkBase implements Stringable, Comparable<Stringable> {`
`34`	`34`	`this.value = value`
`35`	`35`	`}`
`36`	`36`
	`37`	`+ get value (): string {`
	`38`	`+ return this.#value`
	`39`	`+ }`
	`40`	`+`
`37`	`41`	`/**`
`38`	`42`	`* @throws {@link RangeError} if value is invalid`
`39`	`43`	`*/`
`@@ -44,10 +48,6 @@ abstract class BomLinkBase implements Stringable, Comparable<Stringable> {`
`44`	`48`	`this.#value = value`
`45`	`49`	`}`
`46`	`50`
`47`		`- get value (): string {`
`48`		`- return this.#value`
`49`		`- }`
`50`		`-`
`51`	`51`	`compare (other: Stringable): number {`
`52`	`52`	`return this.toString().localeCompare(other.toString())`
`53`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ export class Rating implements Comparable<Rating> {`
`48`	`48`	`this.justification = op.justification`
`49`	`49`	`}`
`50`	`50`
	`51`	`+ /* eslint complexity: ["error", 50] -- acknowledged */`
`51`	`52`	`compare (other: Rating): number {`
`52`	`53`	`/* eslint-disable @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */`
`53`	`54`	`return ((this.score ?? 0) - (other.score ?? 0)) \|\|`