From 39d49a4465de65781cfce992d71a27499ce46b7c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 13 Jul 2025 20:23:19 +0200 Subject: [PATCH 01/10] wip Signed-off-by: Jan Kowalleck --- src/_buildtimeInfo.ts | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/_buildtimeInfo.ts b/src/_buildtimeInfo.ts index 13190c83..f8fb15fa 100644 --- a/src/_buildtimeInfo.ts +++ b/src/_buildtimeInfo.ts @@ -17,11 +17,14 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import type { PackageJson} from "@cyclonedx/cyclonedx-library/Types"; + +interface BuildtimeInfo { + self: PackageJson + [key: string]: PackageJson +} + /* eslint-disable-next-line @typescript-eslint/explicit-function-return-type -- dynamic import helper */ -export async function getBuildtimeInfo () { - /* - The included file is generated by `../tools/gather-buildtime-info.cjs`. - Its content is pseudo-dynamic and so is the return type of this function. - */ - return (await import('./__buildtimeInfo.json')).default +export async function getBuildtimeInfo (): Promise { + return (await import('./__buildtimeInfo.json')).default satisfies BuildtimeInfo } From 5a28c320e311e158193eb21fa0d235455f4d1787 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 13 Jul 2025 23:07:56 +0200 Subject: [PATCH 02/10] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- src/_buildtimeInfo.ts | 6 +++--- yarn.lock | 11 +++++------ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 16435d92..557720c8 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ } ], "dependencies": { - "@cyclonedx/cyclonedx-library": "^8.4.0", + "@cyclonedx/cyclonedx-library": "portal:../cyclonedx-javascript-library", "@yarnpkg/cli": "^4", "@yarnpkg/core": "^4", "@yarnpkg/fslib": "^3", diff --git a/src/_buildtimeInfo.ts b/src/_buildtimeInfo.ts index f8fb15fa..8eda58d7 100644 --- a/src/_buildtimeInfo.ts +++ b/src/_buildtimeInfo.ts @@ -17,11 +17,11 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -import type { PackageJson} from "@cyclonedx/cyclonedx-library/Types"; +import type { NodePackageJson } from "@cyclonedx/cyclonedx-library/Types"; interface BuildtimeInfo { - self: PackageJson - [key: string]: PackageJson + self: NodePackageJson + [key: string]: NodePackageJson } /* eslint-disable-next-line @typescript-eslint/explicit-function-return-type -- dynamic import helper */ diff --git a/yarn.lock b/yarn.lock index 7ea62d66..387fadbb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -172,9 +172,9 @@ __metadata: languageName: node linkType: hard -"@cyclonedx/cyclonedx-library@npm:^8.4.0": - version: 8.4.0 - resolution: "@cyclonedx/cyclonedx-library@npm:8.4.0" +"@cyclonedx/cyclonedx-library@portal:../cyclonedx-javascript-library::locator=%40cyclonedx%2Fyarn-plugin-cyclonedx%40workspace%3A.": + version: 0.0.0-use.local + resolution: "@cyclonedx/cyclonedx-library@portal:../cyclonedx-javascript-library::locator=%40cyclonedx%2Fyarn-plugin-cyclonedx%40workspace%3A." dependencies: ajv: "npm:^8.12.0" ajv-formats: "npm:^3.0.1" @@ -194,15 +194,14 @@ __metadata: optional: true xmlbuilder2: optional: true - checksum: 10c0/e9ab0a2112ee3f3c2ab01c1fc8cd3d34b9fdc7b4d663c5c86fb20839020cbf55028c53cb64ae42d033a25247810cadc9180f17d3973a37d0e3c0786f7626db28 languageName: node - linkType: hard + linkType: soft "@cyclonedx/yarn-plugin-cyclonedx@workspace:.": version: 0.0.0-use.local resolution: "@cyclonedx/yarn-plugin-cyclonedx@workspace:." dependencies: - "@cyclonedx/cyclonedx-library": "npm:^8.4.0" + "@cyclonedx/cyclonedx-library": "portal:../cyclonedx-javascript-library" "@eslint/js": "npm:9.31.0" "@types/hosted-git-info": "npm:^3.0.5" "@types/mocha": "npm:^10.0.6" From 2abf409bed313b5c6344afae67cc595fd12e49bc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 13 Jul 2025 23:14:58 +0200 Subject: [PATCH 03/10] wip Signed-off-by: Jan Kowalleck --- src/_buildtimeInfo.ts | 1 - tests/integration/index.test.js | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/_buildtimeInfo.ts b/src/_buildtimeInfo.ts index 8eda58d7..747357a1 100644 --- a/src/_buildtimeInfo.ts +++ b/src/_buildtimeInfo.ts @@ -24,7 +24,6 @@ interface BuildtimeInfo { [key: string]: NodePackageJson } -/* eslint-disable-next-line @typescript-eslint/explicit-function-return-type -- dynamic import helper */ export async function getBuildtimeInfo (): Promise { return (await import('./__buildtimeInfo.json')).default satisfies BuildtimeInfo } diff --git a/tests/integration/index.test.js b/tests/integration/index.test.js index b304803c..6d8c9c89 100644 --- a/tests/integration/index.test.js +++ b/tests/integration/index.test.js @@ -23,10 +23,10 @@ const { spawnSync } = require('node:child_process') const fs = require('node:fs') const path = require('node:path') +const { Spec: { Version: SpecVersion }, Validation } = require('@cyclonedx/cyclonedx-library') const { suite, test } = require('mocha') const { name: thisName, version: thisVersion } = require('../../package.json') -const { Spec: { Version: SpecVersion }, Validation } = require('@cyclonedx/cyclonedx-library') const testSetups = [ /* region functional tests */ From 3a8aa3fb00c1dc0101696fd21c51cd8859bd7190 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 09:49:41 +0200 Subject: [PATCH 04/10] wip Signed-off-by: Jan Kowalleck --- src/_buildtimeInfo.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/_buildtimeInfo.ts b/src/_buildtimeInfo.ts index 747357a1..2dc4b3d9 100644 --- a/src/_buildtimeInfo.ts +++ b/src/_buildtimeInfo.ts @@ -25,5 +25,7 @@ interface BuildtimeInfo { } export async function getBuildtimeInfo (): Promise { + /* eslint-disable-next-line @typescript-eslint/ban-ts-comment -- requires ignore, not expect */ + /* @ts-ignore" TS2307 -- if this fails, run `yarn run build:gbti``in your dev-env */ return (await import('./__buildtimeInfo.json')).default satisfies BuildtimeInfo } From d716898c46901ca1c1979973a80fcd8f1fbf4eee Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 09:57:59 +0200 Subject: [PATCH 05/10] wip Signed-off-by: Jan Kowalleck --- src/_buildtimeInfo.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/_buildtimeInfo.ts b/src/_buildtimeInfo.ts index 2dc4b3d9..45fd88e9 100644 --- a/src/_buildtimeInfo.ts +++ b/src/_buildtimeInfo.ts @@ -25,7 +25,6 @@ interface BuildtimeInfo { } export async function getBuildtimeInfo (): Promise { - /* eslint-disable-next-line @typescript-eslint/ban-ts-comment -- requires ignore, not expect */ - /* @ts-ignore" TS2307 -- if this fails, run `yarn run build:gbti``in your dev-env */ + /* if this fails, run `yarn run build:gbti` in your dev-env */ return (await import('./__buildtimeInfo.json')).default satisfies BuildtimeInfo } From 110f7ecbb6f465c7bd64b46eec005453238fbc7d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 10:13:27 +0200 Subject: [PATCH 06/10] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 557720c8..4b55f462 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ } ], "dependencies": { - "@cyclonedx/cyclonedx-library": "portal:../cyclonedx-javascript-library", + "@cyclonedx/cyclonedx-library": "^8.5.0", "@yarnpkg/cli": "^4", "@yarnpkg/core": "^4", "@yarnpkg/fslib": "^3", From eb9e8a317d3057ef95088b95504d3a00973220f0 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 10:13:51 +0200 Subject: [PATCH 07/10] wip Signed-off-by: Jan Kowalleck --- yarn.lock | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/yarn.lock b/yarn.lock index 387fadbb..06917cee 100644 --- a/yarn.lock +++ b/yarn.lock @@ -172,9 +172,9 @@ __metadata: languageName: node linkType: hard -"@cyclonedx/cyclonedx-library@portal:../cyclonedx-javascript-library::locator=%40cyclonedx%2Fyarn-plugin-cyclonedx%40workspace%3A.": - version: 0.0.0-use.local - resolution: "@cyclonedx/cyclonedx-library@portal:../cyclonedx-javascript-library::locator=%40cyclonedx%2Fyarn-plugin-cyclonedx%40workspace%3A." +"@cyclonedx/cyclonedx-library@npm:^8.5.0": + version: 8.5.0 + resolution: "@cyclonedx/cyclonedx-library@npm:8.5.0" dependencies: ajv: "npm:^8.12.0" ajv-formats: "npm:^3.0.1" @@ -194,14 +194,15 @@ __metadata: optional: true xmlbuilder2: optional: true + checksum: 10c0/b43732f1a36bdf5e42c321e629b3888e25a03de4954e64516824180dea5e7fc07b1ab235882b44fdad72b35a6be4c59b47ca116e42554420b565e1b167fccbd4 languageName: node - linkType: soft + linkType: hard "@cyclonedx/yarn-plugin-cyclonedx@workspace:.": version: 0.0.0-use.local resolution: "@cyclonedx/yarn-plugin-cyclonedx@workspace:." dependencies: - "@cyclonedx/cyclonedx-library": "portal:../cyclonedx-javascript-library" + "@cyclonedx/cyclonedx-library": "npm:^8.5.0" "@eslint/js": "npm:9.31.0" "@types/hosted-git-info": "npm:^3.0.5" "@types/mocha": "npm:^10.0.6" From 5df0d63cb0d61ddf2c53fc2ecbb6ce85854702a1 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 10:24:25 +0200 Subject: [PATCH 08/10] wip Signed-off-by: Jan Kowalleck --- HISTORY.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/HISTORY.md b/HISTORY.md index beb3c7e7..dbec5ca4 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -6,6 +6,13 @@ All notable changes to this project will be documented in this file. +* Refactor + * Add typing to internal function `getBuildtimeInfo` (via [#345]) +* Dependencies + * Upgraded runtime-dependency `@cyclonedx/cyclonedx-library@8.5.0`, was `@8.4.0` (via [#345]) + +[#345]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/345 + ## 3.1.0 - 2025-06-16 * Changed From 1926515cb65c087d0a51fd16f5a91580abccb210 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 10:25:10 +0200 Subject: [PATCH 09/10] wip Signed-off-by: Jan Kowalleck --- HISTORY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index dbec5ca4..14011633 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -9,7 +9,7 @@ All notable changes to this project will be documented in this file. * Refactor * Add typing to internal function `getBuildtimeInfo` (via [#345]) * Dependencies - * Upgraded runtime-dependency `@cyclonedx/cyclonedx-library@8.5.0`, was `@8.4.0` (via [#345]) + * Upgraded runtime-dependency `@cyclonedx/cyclonedx-library@^8.5.0`, was `@^8.4.0` (via [#345]) [#345]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/345 From 7f53ca106f8dd892762df5d2e4c2dfc8e148a1f4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 14 Jul 2025 10:32:30 +0200 Subject: [PATCH 10/10] wip Signed-off-by: Jan Kowalleck --- tests/integration/index.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/index.test.js b/tests/integration/index.test.js index 6d8c9c89..b304803c 100644 --- a/tests/integration/index.test.js +++ b/tests/integration/index.test.js @@ -23,10 +23,10 @@ const { spawnSync } = require('node:child_process') const fs = require('node:fs') const path = require('node:path') -const { Spec: { Version: SpecVersion }, Validation } = require('@cyclonedx/cyclonedx-library') const { suite, test } = require('mocha') const { name: thisName, version: thisVersion } = require('../../package.json') +const { Spec: { Version: SpecVersion }, Validation } = require('@cyclonedx/cyclonedx-library') const testSetups = [ /* region functional tests */