Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v4 features #250

Merged
merged 71 commits into from
Mar 11, 2023
Merged

v4 features #250

merged 71 commits into from
Mar 11, 2023

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Oct 10, 2022
edited
Loading

v4.0.0-RC0

  • find lowest boundaries, after implementation is done, so that the lowest reasonable versions of composer-api and dependencies can be specified
  • have a proper reimplementation -
  • reproducible output - or add creation date etc ...
  • have all planned features implemented: https://github.com/CycloneDX/cyclonedx-php-composer/milestone/5
  • have reasonable tests - besides the demos that are integration-test-like
  • update the docs
  • update the changelog
  • pin the used version of the CDX php lib
  • BREAKING changes
    • Removed support for PHP <8.0 (#91 via #250)
    • Removed support for PHP <8.1 (via #250)
    • Removed support for Composer <2.3 (#153 via #250)
    • CLI
      • Removed deprecated composer command make-bom, call composer CycloneDX:make-sbom instead (#293 via #309)
      • Changed option output-file to default to - now, which causes to print to STDOUT (via #250)
      • Removed option exclude-dev in favour of new option omit (via #250)
      • Removed option exclude-plugins in favour of new option omit (via #250)
      • Removed option no-version-normalization (#102 via #250)
    • SBOM results
      • Components' version is no longer artificially normalized (#102 via #250)
    • Dependencies
      • Requires cyclonedx/cyclonedx-library:^2.0, was :^1.4.2 (#128 via #250)
  • Changed
    • Evidence analysis prefers actually installed packages over lock file (#122 via #250)
    • Root component's versions is unset, if version detection fails (#154 via #250)
    • Composer packages of type "composer-installer" are treated as composer plugins (via #250)
  • Added
    • Evidence collection knows actually installed packages (#122 via #250)
    • SBOM results
      • Support for CycloneDX Spec v1.4 (via #250)
      • might have serialnumber populated (#279 via #250)
      • might have metadata.timestamp populated (#112 via #250)
      • might have metadata.tools[].tool.externalReferences populated (#171 via #250)
      • might have components[].component.author populated (#261 via #250)
      • might have components[].component.properties populated according to cdx:composer Namespace Taxonomy (via #250)
    • CLI
      • New option omit (via #250)
      • New switch validate to override no-validate (via #250)
      • New switches output-reproducible and no-output-reproducible (via #250)
  • Misc
    • Added demo and reproducible continuous integration test "devReq" that is dedicated to composer's require-dev feature (via #250)
    • Reworked demo setups to be more global-install like (via #250)

@jkowalleck
kickoff v4
de9990e 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck added this to the v4 milestone Oct 10, 2022
@jkowalleck jkowalleck force-pushed the next branch 2 times, most recently from bb8cddb to fe32fa5 Compare October 10, 2022 21:39
@jkowalleck
raised lower borders
8f89540 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck added documentation Improvements or additions to documentation enhancement New feature or request dependencies QA Quality Assurance CI Continuous Integration tools breaking change schema 1.4 labels Oct 10, 2022
@jkowalleck
cleanup & redesign CLI (#253)
6d023f9 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck mentioned this pull request Oct 21, 2022
Closed
@jkowalleck
Merge remote-tracking branch 'origin/master' into next
317b862
@jkowalleck
reimplement (#254)
41b2e56 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Next version numbers (#263)
f6bcf15 
* fix and rei-mplement component versions
* set main component version
* verbose demo generator
* fix composer-unused

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
next meta tool (#264)
1dafe0a 
Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
style: regions for readability
ccbc03e 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
omit composer plugins
80738c6 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
revert manual fix on icanhazstring/composer-unused
a1613e9 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Next dependabot/composer/tools/psalm/vimeo/psalm 5.1.0 (#267)
7f71f19 
* vimeo/psalm 4.30 -> 5.1

Signed-off-by: Jan Kowalleck <[email protected]>

* adjust to latest psalm

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Root component's versions unset on undetectable (#268)
03805ff 
closes #154

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
populate metadata.timestamp (#270)
bb59f9f 

Signed-off-by: Jan Kowalleck <[email protected]>
This was referenced Dec 8, 2022
Closed
Closed
@jkowalleck
docs
da8c593 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs
09ad080 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
bump tools (#307)
e2a1509 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
style: return this as static (#310)
750efba 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
chore{deps}: bump tools (#311)
771a543 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
BC: drop deprecated command make-bom (#314)
d541af0 

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs: authors of rewrite (#312)
c3e6963 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs: typos fixes (#316)
154c0db 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
ci: optimizations (#317)
4216c1b 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Merge remote-tracking branch 'origin/master' into next
6fc05fa
@jkowalleck
fix demo data builder (#319)
8d8abb3 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Dist source reference (#320)
277230f 

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs: typo composer -> Composer (#321)
50425f7 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Chore style readability (#322)
e7f9071 
* style: simplify test FQNs

Signed-off-by: Jan Kowalleck <[email protected]>

* chore: order dependabot targets

Signed-off-by: Jan Kowalleck <[email protected]>

---------

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs: fenced code ShellSession (#323)
3bf24a9 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
feat: Prefer installed setups over lock files (#325)
ba6fa8a 

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
chore: adjust dist releases (#326)
7d0ff5f 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
bump lib and gen demos (#328)
6847c21 
- downgrade `composer-unsued` tool, since 0.8.6 was yanked.
- bump CDX lib
- gen demos with latest lib

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
bump lib and adjust code (#329)
53c89a3 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
use cyclonedx/cyclonedx-library:^2.0.0-RC1 (#330)
f8aef6a 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
funding (#331)
3f486bd 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck changed the title [WIP] v4 v4 features Mar 11, 2023
@jkowalleck jkowalleck changed the title v4 features [WIP] v4 features Mar 11, 2023
@jkowalleck jkowalleck changed the title [WIP] v4 features v4 features Mar 11, 2023
@jkowalleck
v4 merge prep
1307fdb 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck marked this pull request as ready for review March 11, 2023 21:07
@jkowalleck jkowalleck requested a review from a team as a code owner March 11, 2023 21:07
@jkowalleck jkowalleck merged commit c93fa4c into master Mar 11, 2023
@jkowalleck jkowalleck deleted the next branch March 11, 2023 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking change CI Continuous Integration dependencies documentation Improvements or additions to documentation enhancement New feature or request QA Quality Assurance schema 1.4 tools
Projects
None yet
Milestone
v4
Development

Successfully merging this pull request may close these issues.
1 participant
@jkowalleck