Duplicate build-system external references #1356
Comments
for the follwing reasons:
original request was aware of this - as of #1344 (comment) Therefoa, the original "expected behaviour" is debatable.
Therefore, i tend to closing this ticket as "not planned." |
|
In case the original "expected behaviour" was valid,
both solutions are a breaking change -- not a blocker, just a remark/justification My recommendation for a solution: override. |
jkowalleck
added
question
jkowalleck
changed the title
|
The build system is not part of the package manifest. |
|
If you want another discussion around the handling of the VCS we can open a new issue. |
you are right. i was wrong. Now that i understood, can you craft a reproducible setup, so that we might have a regression test for this. |
|
Regarding the concern with the VCS configuration overriding the default from the package.json - I'm 100% on board with this. I'll try and put together a regression test. |
jkowalleck
added
bug
|
thank you so much for all your effort. And thank you even more for your persistence 👍 |
PR #1349, for some projects, ends up creating multiple duplicate `build-system` external references. The fix is to ensure we have not already added an external reference of type: `build-system`. With the current implementation, I've seen the plugin produce records like: ```json "externalReferences": [ { "url": "https://some.build.system.internal/job/88", "type": "build-system", "comment": "as declared via cyclonedx-webpack-plugin config \"rootComponentBuildSystem\"" }, { "url": "https://some.internal.vcs/org/repo", "type": "vcs", "comment": "as declared via cyclonedx-webpack-plugin config \"rootComponentVCS\"" }, { "url": "https://some.build.system.internal/job/88", "type": "build-system", "comment": "as declared via cyclonedx-webpack-plugin config \"rootComponentBuildSystem\"" }, { "url": "https://some.build.system.internal/job/88", "type": "build-system", "comment": "as declared via cyclonedx-webpack-plugin config \"rootComponentBuildSystem\"" }, { "url": "https://some.build.system.internal/job/88", "type": "build-system", "comment": "as declared via cyclonedx-webpack-plugin config \"rootComponentBuildSystem\"" } ] ``` fixes #1356 Signed-off-by: Jeremy Long <[email protected]>
|
fix was released via https://github.com/CycloneDX/cyclonedx-webpack-plugin/releases/tag/v4.0.1 |
|
As a maintainer myself - I hate it when people continue to post on closed issues. I just wanted to comment about the
|
|
re: #1356 (comment) if you wanted to propose a change of the process, feel free to open a new ticket describing the use-cases and reasoning. |
Describe the bug
PR #1349 creates multiple duplicate
build-systemexternal references for some projects.To Reproduce
I do not have a shareable project that replicates the issue. However, with the current implementation, I've seen the plugin produce records like:
Expected behavior
There should not be duplicate
build-systemexternal references.Screenshots or output-paste
See above
Environment
Additional context
Proposed fix #1355 - uses the same mechanism to prevent multiple entries as the external references for VCS so I assumed there would be no issue.
Contribution
The text was updated successfully, but these errors were encountered: