fix: preserve author when downgrading components below 1.6#271
Open
arpitjain099 wants to merge 1 commit into
Open
fix: preserve author when downgrading components below 1.6#271arpitjain099 wants to merge 1 commit into
arpitjain099 wants to merge 1 commit into
Conversation
When converting a component to a spec version below 1.6, the Authors field is cleared because it does not exist in earlier schemas. If the deprecated single Author string was not set, the author information was dropped entirely on the way down. Collapse the first entry of Authors into the deprecated Author field before clearing Authors, but only when Author is not already populated. This also covers tool components, since they recurse through the same componentConverter. Fixes CycloneDX#190 Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
Up to standards ✅🟢 Issues
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #190.
Downgrading a component to a spec version below 1.6 clears the
authorsfield, since it doesn't exist in the earlier schemas. If the deprecated singleauthorstring wasn't set, the author info was dropped entirely on the way down.This collapses the first entry of
authorsinto the deprecatedauthorfield before clearingauthors, but only whenauthorisn't already set so an explicit value is never clobbered. That follows what you outlined in the issue ("reduce the array of authors to a single string, and populate author with that instead"). It also covers the tool-components half of the report: components undermetadata.toolsrecurse through the samecomponentConverter, so theirauthorsare reduced the same way now rather than ending up in a 1.5 BOM.Added subtests under
Test_convertAuthors: one for the collapse on a 1.5 downgrade, one confirming an existingauthoris preserved when both are set. The collapse case fails without the change and passes with it; the existing case still passes.go test ./...andgo vet ./...are clean.Happy to adjust if you'd prefer something other than first-author-wins. Thanks!