[WIP] fix: dependencygraph flatten in json#993
Conversation
Relates to #941. Signed-off-by: stefan6419846 <96178532+stefan6419846@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Documentation build overview
6 files changed ·
|
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 12 |
| Duplication | 0 |
🟢 Coverage 100.00% diff coverage · +0.05% coverage variation
Metric Results Coverage variation ✅ +0.05% coverage variation Diff coverage ✅ 100.00% diff coverage (80.00%) Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (150777e) 6037 5686 94.19% Head commit (1afafac) 6070 (+33) 5720 (+34) 94.23% (+0.05%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#993) 34 34 100.00% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
| ... # TODO | ||
|
|
||
| def test_discriminate_and_reset_manually(self) -> None: | ||
| ... # TODO |
|
@stefan6419846 see this proposed fix for #941 Implementation is working as expected. if you have additional test cases, just pull-request them to the branch of this PR. |
|
|
||
| class TestBomDependencyGraphFlatMerger(TestCase): | ||
| def test_discriminate_and_reset_with(self) -> None: | ||
| ... # TODO |
There was a problem hiding this comment.
Pull request overview
This PR addresses #941 by ensuring nested cyclonedx.model.dependency.Dependency graphs are flattened into the CycloneDX JSON-required “flat list of nodes” form during JSON rendering, so nested dependency information is not silently lost.
Changes:
- Added a
BomDependencyGraphFlatMergerutility (context manager) to flatten/merge nested dependency trees into a flat dependency list. - Wrapped JSON output generation with the dependency flattener to produce correct JSON
dependenciesoutput. - Added tests + new snapshot fixtures covering the nested-dependency scenario across schema versions.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
cyclonedx/output/json.py |
Applies dependency flattening during JSON generation via a context manager. |
cyclonedx/contrib/bom/utils.py |
Introduces BomDependencyGraphFlatMerger to flatten/merge nested dependency graphs. |
cyclonedx/contrib/bom/__init__.py |
Adds contrib BOM package marker/docstring. |
tests/test_contrib/test_bom_utils.py |
Adds unit tests for flatten/merge + reset behavior. |
tests/test_contrib/__init__.py |
Adds test package marker. |
tests/_data/models.py |
Adds a new BOM factory reproducing issue #941. |
tests/_data/snapshots/*issue941* |
Adds expected XML/JSON snapshots demonstrating correct serialization output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| seen: list[int] = [] | ||
| while todos: | ||
| todo = todos.pop() | ||
| if (todo_id := id(todo)) in seen: | ||
| pass # continue | ||
| seen.append(todo_id) |
| class BomDependencyGraphFlatMerger: | ||
| """ | ||
|
|
||
| """ | ||
|
|
|
This PR shall be split in two:
|
Description
flatten nested dependency tree when rendering JSON.
Resolves or fixes issue: #941
AI Tool Disclosure
[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.][e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.][Summarize the key prompts or instructions given to the AI tools]Affirmation