Merge pull request #119 from secvisogram/chore/dependency-updates

Chore/dependency updates

Author: MarcoKorinth

backend/lib/app.js

@@ -10,7 +10,7 @@ export default async function (fastify) {
     openapi: {
       info: {
         title: 'CSAF Validator Service',
-        version: '1.3.41',
+        version: '1.3.42',
         description:
           'This is a service to validate documents against the CSAF standard.',
         contact: {

backend/package-lock.json

@@ -16,11 +16,11 @@ export default function mandatoryTest_6_1_13(doc) {
         /** @type {any} */ fullProductName,
         /** @type {number} */ fullProductNameIndex
       ) => {
-        checkProductIdentificationHelperPURL(fullProductName, () => {
+        checkProductIdentificationHelperPURL(fullProductName, (errorMessage) => {
           isValid = false
           errors.push({
             instancePath: `/product_tree/full_product_names/${fullProductNameIndex}/product_identification_helper/purl`,
-            message: `invalid purl`,
+            message: `invalid purl: ${errorMessage}`,
           })
         })
       }
@@ -35,11 +35,11 @@ export default function mandatoryTest_6_1_13(doc) {
       ) => {
         checkProductIdentificationHelperPURL(
           relationship.full_product_name,
-          () => {
+          (errorMessage) => {
             isValid = false
             errors.push({
               instancePath: `/product_tree/relationships/${relationshipIndex}/full_product_name/product_identification_helper/purl`,
-              message: `invalid purl`,
+              message: `invalid purl: ${errorMessage}`,
             })
           }
         )
@@ -48,15 +48,15 @@ export default function mandatoryTest_6_1_13(doc) {
   }
 
   if (doc.product_tree) {
-    checkBranchesForInvalidPURLs(doc.product_tree, ({ branchIndexes }) => {
+    checkBranchesForInvalidPURLs(doc.product_tree, ({ branchIndexes, errorMessage }) => {
       isValid = false
       const branchPathPart = branchIndexes.reduce(
         (str, index) => `${str}/branches/${index}`,
         '/product_tree'
       )
       errors.push({
         instancePath: `${branchPathPart}/product/product_identification_helper/purl`,
-        message: `invalid purl`,
+        message: `invalid purl: ${errorMessage}`,
       })
     })
   }
@@ -67,7 +67,7 @@ export default function mandatoryTest_6_1_13(doc) {
 /**
  *
  * @param {any} parent
- * @param {(error: { branchIndexes: number[] }) => void} onError
+ * @param {(error: { branchIndexes: number[], errorMessage: string }) => void} onError
  * @param {number[]} [branchIndexes]
  */
 const checkBranchesForInvalidPURLs = (parent, onError, branchIndexes = []) => {
@@ -76,9 +76,10 @@ const checkBranchesForInvalidPURLs = (parent, onError, branchIndexes = []) => {
       (/** @type {any} */ branch, /** @type {number} */ branchIndex) => {
         const currentBranchIndexes = branchIndexes.concat([branchIndex])
 
-        checkProductIdentificationHelperPURL(branch.product, () => {
+        checkProductIdentificationHelperPURL(branch.product, (errorMessage) => {
           onError({
             branchIndexes: currentBranchIndexes,
+            errorMessage,
           })
         })
         checkBranchesForInvalidPURLs(branch, onError, currentBranchIndexes)
@@ -89,7 +90,7 @@ const checkBranchesForInvalidPURLs = (parent, onError, branchIndexes = []) => {
 
 /**
  * @param {any} productALike
- * @param {() => void} onError
+ * @param {(errorMessage: string) => void} onError
  * @returns
  */
 const checkProductIdentificationHelperPURL = (productALike, onError) => {
@@ -98,6 +99,7 @@ const checkProductIdentificationHelperPURL = (productALike, onError) => {
   try {
     PackageURL.fromString(productALike?.product_identification_helper?.purl)
   } catch (e) {
-    onError()
+    const errorObject = /** @type {{message: string}} */ (e)
+    onError(errorObject?.message ?? "Unknown purl error")
   }
 }

csaf-validator-lib/lib/mandatoryTests/mandatoryTest_6_1_13.js

@@ -28,7 +28,7 @@
     "cvss2js": "^1.1.0",
     "json-pointer": "^0.6.1",
     "lodash": "^4.17.21",
-    "packageurl-js": "^1.1.1",
+    "packageurl-js": "^2.0.1",
     "semver": "^7.5.4",
     "undici": "^5.27.0"
   },
@@ -48,5 +48,5 @@
     "typescript": "^4.9.4",
     "xml2js": "^0.5.0"
   },
-  "version": "1.3.40"
+  "version": "1.3.41"
 }

csaf-validator-lib/package-lock.json

@@ -1,6 +1,6 @@
 = CSAF Validator Service
 secvisogram@bsi.bund.de
-1.3.41
+1.3.42
 :toc: left
 :numbered:
 :toclevels: 4

csaf-validator-lib/package.json

@@ -183,7 +183,7 @@ <h1>CSAF Validator Service</h1>
     <div class="app-desc">This is a service to validate documents against the CSAF standard.</div>
     <div class="app-desc">More information: <a href="https://github.com/secvisogram/csaf-validator-service">https://github.com/secvisogram/csaf-validator-service</a></div>
     <div class="app-desc">Contact Info: <a href="secvisogram@bsi.bund.de">secvisogram@bsi.bund.de</a></div>
-    <div class="app-desc">Version: 1.3.41</div>
+    <div class="app-desc">Version: 1.3.42</div>
     <div class="app-desc">BasePath:</div>
     <div class="license-info">MIT</div>
     <div class="license-url">https://github.com/secvisogram/csaf-validator-service/blob/main/LICENSE</div>

documents/generated/asciidoc/index.adoc

@@ -32,5 +32,5 @@
     "prettier": "^2.8.8",
     "typescript": "^5.3.3"
   },
-  "version": "1.3.41"
+  "version": "1.3.42"
 }