feat: support CycloneDX 1.7 (#1451)

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

README.md

@@ -47,14 +47,14 @@ new CycloneDxWebpackPlugin(options?: object)
 
 | Name | Type | Default | Description |
 |:-----|:----:|:-------:|:------------|
-| **`specVersion`** | `{string}`<br/> one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"` | `"1.6"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
+| **`specVersion`** | `{string}`<br/> one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"`, `"1.7"` | `"1.6"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
 | **`reproducibleResults`** | `{boolean}` | `false` | Whether to go the extra mile and make the output reproducible.<br/> Reproducibility might result in loss of time- and random-based-values. |
 | **`validateResults`** | `{boolean}` | `true` | Whether to validate the BOM result.<br/> Validation is skipped, if requirements not met. Requires [transitive optional dependencies](https://github.com/CycloneDX/cyclonedx-javascript-library#optional-dependencies). |
 | **`outputLocation`** | `{string}` | `"./cyclonedx"` | Path to write the output to. The path is relative to _webpack_'s overall output path. |
 | **`includeWellknown`** | `{boolean}` | `true` | Whether to write the Wellknowns. |
 | **`wellknownLocation`** | `{string}` | `"./.well-known"` | Path to write the Wellknowns to. The path is relative to _webpack_'s overall output path. | 
 | **`rootComponentAutodetect`** | `{boolean}` | `true` | Whether to try auto-detection of the RootComponent.<br/> Tries to find the nearest `package.json` and build a CycloneDX component from it, so it can be assigned to `bom.metadata.component`. |
-| **`rootComponentType`** | `{string}` | `"application"` | Set the RootComponent's type.<br/> See [the list of valid values](https://cyclonedx.org/docs/1.6/json/#metadata_component_type). Supported values depend on [CycloneDX-javascript-library]'s enum `ComponentType`. |
+| **`rootComponentType`** | `{string}` | `"application"` | Set the RootComponent's type.<br/> See [the list of valid values](https://cyclonedx.org/docs/1.7/json/#metadata_component_type). Supported values depend on [CycloneDX-javascript-library]'s enum `ComponentType`. |
 | **`rootComponentName`** | optional `{string}` | `undefined` | If `rootComponentAutodetect` is disabled, then this value is assumed as the "name" of the `package.json`. |
 | **`rootComponentVersion`** | optional `{string}` | `undefined` | If `rootComponentAutodetect` is disabled, then this value is assumed as the "version" of the `package.json`. |
 | **`rootComponentVCS`** | optional `{string}` | `undefined` | If `rootComponentAutodetect` is disabled or the Version Control System is not declared in the `package.json`, then this value is used as the URL for [RootComponent's External References'][docs_cdx_metadata_component_externalReferences] of type "vcs". |
@@ -70,7 +70,7 @@ const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin');
 
 /** @type {import('@cyclonedx/webpack-plugin').CycloneDxWebpackPluginOptions} */
 const cycloneDxWebpackPluginOptions = {
-  specVersion: '1.6',
+  specVersion: '1.7',
   outputLocation: './bom'
 }
 
@@ -170,4 +170,4 @@ See the [LICENSE][license_file] file for the full license.
 [link_discussion]: https://groups.io/g/CycloneDX
 [link_twitter]: https://twitter.com/CycloneDX_Spec
 
-[docs_cdx_metadata_component_externalReferences]: https://cyclonedx.org/docs/1.6/json/#metadata_component_externalReferences
+[docs_cdx_metadata_component_externalReferences]: https://cyclonedx.org/docs/1.7/json/#metadata_component_externalReferences

examples/simple/webpack.config.js

@@ -25,7 +25,7 @@ const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin')
 
 /** @type {import('@cyclonedx/webpack-plugin').CycloneDxWebpackPluginOptions} */
 const cycloneDxWebpackPluginOptions = {
-  specVersion: '1.6',
+  specVersion: '1.7',
   reproducibleResults: false,
   outputLocation: './sbom',
   includeWellknown: true,

src/plugin.ts

@@ -91,7 +91,7 @@ export interface CycloneDxWebpackPluginOptions {
   rootComponentAutodetect?: CycloneDxWebpackPlugin['rootComponentAutodetect']
   /**
    * Set the RootComponent's type.
-   * See {@link https://cyclonedx.org/docs/1.6/json/#metadata_component_type | the list of valid values}.
+   * See {@link https://cyclonedx.org/docs/1.7/json/#metadata_component_type | the list of valid values}.
    *
    * @defaultValue `'application'`
    */
@@ -113,12 +113,12 @@ export interface CycloneDxWebpackPluginOptions {
 
   /**
    * Set the externalReference URL for the build-system for the RootComponent.
-   * See {@link https://cyclonedx.org/docs/1.6/json/#metadata_component_externalReferences}.
+   * See {@link https://cyclonedx.org/docs/1.7/json/#metadata_component_externalReferences}.
    */
   rootComponentBuildSystem?: CycloneDxWebpackPlugin['rootComponentBuildSystem']
   /**
    * Set the externalReference URL for the version control system for the RootComponent.
-   * See {@link https://cyclonedx.org/docs/1.6/json/#metadata_component_externalReferences}.
+   * See {@link https://cyclonedx.org/docs/1.7/json/#metadata_component_externalReferences}.
    */
   rootComponentVCS?: CycloneDxWebpackPlugin['rootComponentVCS']