Skip to content

fix: preserve author when downgrading components below 1.6#271

Open
arpitjain099 wants to merge 1 commit into
CycloneDX:masterfrom
arpitjain099:chore/preserve-authors-downgrade
Open

fix: preserve author when downgrading components below 1.6#271
arpitjain099 wants to merge 1 commit into
CycloneDX:masterfrom
arpitjain099:chore/preserve-authors-downgrade

Conversation

@arpitjain099

@arpitjain099 arpitjain099 commented Jun 27, 2026

Copy link
Copy Markdown

Fixes #190.

Downgrading a component to a spec version below 1.6 clears the authors field, since it doesn't exist in the earlier schemas. If the deprecated single author string wasn't set, the author info was dropped entirely on the way down.

This collapses the first entry of authors into the deprecated author field before clearing authors, but only when author isn't already set so an explicit value is never clobbered. That follows what you outlined in the issue ("reduce the array of authors to a single string, and populate author with that instead"). It also covers the tool-components half of the report: components under metadata.tools recurse through the same componentConverter, so their authors are reduced the same way now rather than ending up in a 1.5 BOM.

Added subtests under Test_convertAuthors: one for the collapse on a 1.5 downgrade, one confirming an existing author is preserved when both are set. The collapse case fails without the change and passes with it; the existing case still passes. go test ./... and go vet ./... are clean.

Happy to adjust if you'd prefer something other than first-author-wins. Thanks!

When converting a component to a spec version below 1.6, the Authors
field is cleared because it does not exist in earlier schemas. If the
deprecated single Author string was not set, the author information was
dropped entirely on the way down.

Collapse the first entry of Authors into the deprecated Author field
before clearing Authors, but only when Author is not already populated.
This also covers tool components, since they recurse through the same
componentConverter.

Fixes CycloneDX#190

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@arpitjain099 arpitjain099 requested a review from a team as a code owner June 27, 2026 01:12
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Inconsistent authors handling for 1.5

1 participant