From 37167633183b413b04df963d29e443a6a8117c04 Mon Sep 17 00:00:00 2001 From: Hendrik Borchardt Date: Wed, 22 Mar 2023 22:46:28 +0100 Subject: [PATCH 1/7] Add spdx expression field to component dialog and list The licenseExpression field has been added to the component model in the backend. Show it and make it editable in the component popup, and show it in the component list's "license" column if no resolved license is available. Signed-off-by: Hendrik Borchardt --- src/i18n/locales/en.json | 2 ++ src/views/portfolio/projects/ComponentDetailsModal.vue | 3 +++ src/views/portfolio/projects/ProjectComponents.vue | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index db78e4e78..822f2ef25 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -245,6 +245,7 @@ "template": "Template", "source_header": "Source Header", "license_name": "License Name", + "license_expression": "SPDX Expression", "license_url": "License URL", "required_license_name": "The license name is required", "license_name_desc": "The name of the license as provided by the supplier", @@ -310,6 +311,7 @@ "component_swid_tagid_desc": "The ISO/IEC 19770-2:2015 (SWID) tag ID provided by the software vendor", "component_classifier_desc": "Specifies the type of component: Assets (applications, operating systems, and hardware) and non-assets (libraries, frameworks, and files)", "component_spdx_license_desc": "Specifies the SPDX license ID of the component", + "component_license_expression_desc": "Specifies license information for the component in the form of an SPDX expression", "component_license_url_desc": "Specifies the URL to the license of the component", "component_filename_desc": "Specifies the observed filename of the component", "component_hash_desc": "Specifies the observed hash value of the component using the preceding algorithm", diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue index 9649fed16..34495c0b1 100644 --- a/src/views/portfolio/projects/ComponentDetailsModal.vue +++ b/src/views/portfolio/projects/ComponentDetailsModal.vue @@ -66,6 +66,9 @@ v-model="selectedLicense" :options="selectableLicenses" :label="$t('message.license')" :tooltip="$t('message.component_spdx_license_desc')" :disabled="this.isNotPermitted(PERMISSIONS.PORTFOLIO_MANAGEMENT)" /> + diff --git a/src/views/portfolio/projects/ProjectComponents.vue b/src/views/portfolio/projects/ProjectComponents.vue index 262d4980d..5ae80db45 100644 --- a/src/views/portfolio/projects/ProjectComponents.vue +++ b/src/views/portfolio/projects/ProjectComponents.vue @@ -130,8 +130,12 @@ if (Object.prototype.hasOwnProperty.call(row, "resolvedLicense")) { let licenseurl = "../../../licenses/" + row.resolvedLicense.licenseId; return "" + xssFilters.inHTMLData(row.resolvedLicense.licenseId) + ""; - } else { + } else if (value) { return xssFilters.inHTMLData(common.valueWithDefault(value, "")); + } else if (row.licenseExpression) { + return xssFilters.inHTMLData(common.valueWithDefault(row.licenseExpression, "")); + } else { + return ""; } } }, From 93989cf2328f1e58c3027a1ac3b946f3154ed38a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 02:05:30 +0000 Subject: [PATCH 2/7] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from `0569600` to `279824e`. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index f85e78caa..a1a039efd 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:05696001775e33798fccab756b8a9441671aa961718019d7097fb7c75dae69b6 +FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:279824ecfd934ab8cf08b5e4debabdc711c5768371203263f2d5c5141423ed80 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From af7d2deee0d10ebf8ca1a90327635ce1eef2d094 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Aug 2023 01:23:32 +0000 Subject: [PATCH 3/7] build(deps): bump actions/setup-node from 3.7.0 to 3.8.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.7.0 to 3.8.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.7.0...v3.8.1) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- .github/workflows/ci-release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..90e1d2f03 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v3.5.3 - name: Set up NodeJs - uses: actions/setup-node@v3.7.0 + uses: actions/setup-node@v3.8.1 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index bc6682e67..4a9064e02 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v3.5.3 - name: Set up NodeJs - uses: actions/setup-node@v3.7.0 + uses: actions/setup-node@v3.8.1 with: node-version: '18' cache: 'npm' From 787a745c30163f3a3eae6c2e2a3beddff2cf1eb7 Mon Sep 17 00:00:00 2001 From: nscuro Date: Sun, 20 Aug 2023 00:11:31 +0200 Subject: [PATCH 4/7] Fix license expression input fields Signed-off-by: nscuro --- src/views/portfolio/projects/ComponentDetailsModal.vue | 3 +++ src/views/portfolio/projects/ProjectAddComponentModal.vue | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue index 34495c0b1..0f001160d 100644 --- a/src/views/portfolio/projects/ComponentDetailsModal.vue +++ b/src/views/portfolio/projects/ComponentDetailsModal.vue @@ -224,6 +224,7 @@ author: this.component.author, description: this.component.description, license: this.selectedLicense, + licenseExpression: this.component.licenseExpression, licenseUrl: this.component.licenseUrl, filename: this.component.filename, classifier: this.component.classifier, @@ -258,6 +259,8 @@ retrieveLicenses: function() { let url = `${this.$api.BASE_URL}/${this.$api.URL_LICENSE_CONCISE}`; this.axios.get(url).then((response) => { + // Allow for license to be un-selected. + this.selectableLicenses.push({value: '', text: ''}); for (let i = 0; i < response.data.length; i++) { let license = response.data[i]; this.selectableLicenses.push({value: license.licenseId, text: license.name, uuid: license.uuid}); diff --git a/src/views/portfolio/projects/ProjectAddComponentModal.vue b/src/views/portfolio/projects/ProjectAddComponentModal.vue index b3a2146e0..974cc0671 100644 --- a/src/views/portfolio/projects/ProjectAddComponentModal.vue +++ b/src/views/portfolio/projects/ProjectAddComponentModal.vue @@ -48,6 +48,10 @@ + + { + // Allow for license to be un-selected. + this.selectableLicenses.push({value: '', text: ''}); for (let i = 0; i < response.data.length; i++) { let license = response.data[i]; this.selectableLicenses.push({value: license.licenseId, text: license.name}); From ca2cfe95d6773dc6724e320d0e01caed2ac95c4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Aug 2023 01:18:31 +0000 Subject: [PATCH 5/7] build(deps): bump nginxinc/nginx-unprivileged in /docker Bumps nginxinc/nginx-unprivileged from 1.25.1-alpine to 1.25.2-alpine. --- updated-dependencies: - dependency-name: nginxinc/nginx-unprivileged dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docker/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index a1a039efd..102b8bb9c 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:279824ecfd934ab8cf08b5e4debabdc711c5768371203263f2d5c5141423ed80 +FROM nginxinc/nginx-unprivileged:1.25.2-alpine@sha256:200c8aaeff3588ef5434a957ac2e84d80a4833127035918080074353934b8e30 # Arguments that can be passed at build time ARG COMMIT_SHA=unknown From 5f91262d1bc637e3773059f684e8523d486652c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Aug 2023 01:15:27 +0000 Subject: [PATCH 6/7] build(deps): bump actions/checkout from 3.5.3 to 3.6.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 4 ++-- .github/workflows/ci-publish.yaml | 4 ++-- .github/workflows/ci-release.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/dependency-review.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..9e839d31a 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set up NodeJs uses: actions/setup-node@v3.7.0 @@ -68,7 +68,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-publish.yaml b/.github/workflows/ci-publish.yaml index 5285abf66..8754f2949 100644 --- a/.github/workflows/ci-publish.yaml +++ b/.github/workflows/ci-publish.yaml @@ -20,7 +20,7 @@ jobs: fi - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Parse Version from package.json id: parse @@ -46,7 +46,7 @@ jobs: - call-build steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Download Artifacts uses: actions/download-artifact@v3.0.2 diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index bc6682e67..9aeaa6183 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set up NodeJs uses: actions/setup-node@v3.7.0 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index a78347682..8f619f854 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 10ddeeeca..844814a98 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Dependency Review uses: actions/dependency-review-action@v3 From 08a5947e9b1b4bbdc3a1a1b92d66747231936317 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 01:31:49 +0000 Subject: [PATCH 7/7] build(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.9.1 to 2.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2.9.1...v2.10.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/_meta-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml index f701536a5..52cd6ecb5 100644 --- a/.github/workflows/_meta-build.yaml +++ b/.github/workflows/_meta-build.yaml @@ -79,7 +79,7 @@ jobs: uses: docker/setup-qemu-action@v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.9.1 + uses: docker/setup-buildx-action@v2.10.0 id: buildx with: install: true