Replace toml library (#1468)

* Replace toml library Signed-off-by: Prabhu Subramanian <[email protected]> * Bump version Signed-off-by: Prabhu Subramanian <[email protected]> * Remove self-hosted repo tests Signed-off-by: Prabhu Subramanian <[email protected]> * Update readme Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Nov 21, 2024 · 3887470 · 3887470
1 parent aebea7b
commit 3887470
Show file tree

Hide file tree

Showing 10 changed files with 87 additions and 72 deletions.
diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml
@@ -15,7 +15,7 @@ jobs:
       fail-fast: true
       matrix:
         node-version: ['23.x']
-        os: ['ubuntu-latest', 'windows-latest', 'self-hosted']
+        os: ['ubuntu-latest', 'windows-latest']
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4

diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ Our philosophy:
 
 ## Documentation
 
-Please visit our [documentation site][docs-homepage] for detailed usage, tutorials, and support documentation.
+Please visit our [GPT app][cdxgen-gpt] or the [documentation site][docs-homepage] for detailed usage, tutorials, and support documentation.
 
 Sections include:
 
@@ -556,3 +556,4 @@ pnpm test
 [podman-github-rootless]: https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md
 [podman-github-remote]: https://github.com/containers/podman/blob/master/docs/tutorials/mac_win_client.md
 [swh-cdxgen]: https://archive.softwareheritage.org/browse/origin/?origin_url=https://github.com/CycloneDX/cdxgen
+[cdxgen-gpt]: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cyclonedx-generator-cdxgen
diff --git a/data/component-tags.json b/data/component-tags.json
@@ -232,7 +232,8 @@
     "sbom": [
       {
         "test": [
-          "(junit|xmlunit|testng|chai|mocha|jest|test4j|xunit|coverlet|Test\\.Sdk)"
+          "(junit|xmlunit|testng|mocha|jest|test4j|xunit|coverlet|Test\\.Sdk)",
+          "^(chai)$"
         ]
       },
       {
@@ -244,7 +245,9 @@
       { "parse": ["(parser)"] },
       { "transform": ["(transformer)"] },
       { "telemetry": ["(OpenTelemetry)"] },
-      { "logging": ["(Microsoft\\.Extensions\\.Logging|Log4net)"] }
+      { "logging": ["(Microsoft\\.Extensions\\.Logging|Log4net)"] },
+      { "ml": ["^(llama|langchain|openai)", "(generativeai)"] },
+      { "devel": ["^(types-|typing-|virtualenv|ruff|poetry)"] }
     ],
     "obom": [
       {

diff --git a/data/frameworks-list.json b/data/frameworks-list.json
@@ -60,6 +60,9 @@
     "pkg:pypi/botocore",
     "pkg:pypi/boto3",
     "pkg:pypi/azure",
+    "pkg:pypi/langchain",
+    "pkg:pypi/llama",
+    "pkg:pypi/sqlalchemy",
     "vibora",
     "koa",
     "-sdk",

diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.0.2",
+  "version": "11.0.3",
   "exports": "./lib/cli/index.js",
   "compilerOptions": {
     "lib": ["deno.window"],
@@ -82,6 +82,7 @@
     "body-parser": "npm:body-parser@^2.0.1",
     "compression": "npm:compression@^1.7.5",
     "connect": "npm:connect@^3.7.0",
-    "jsonata": "npm:jsonata@^2.0.5"
+    "jsonata": "npm:jsonata@^2.0.5",
+    "@iarna/toml": "npm:@iarna/[email protected]"
   }
 }
diff --git a/jsr.json b/jsr.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.0.2",
+  "version": "11.0.3",
   "exports": "./lib/cli/index.js",
   "include": ["*.js", "lib/**", "bin/**", "data/**", "types/**"],
   "exclude": [

diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -26,6 +26,7 @@ import path, {
 } from "node:path";
 import process from "node:process";
 import { URL, fileURLToPath } from "node:url";
+import toml from "@iarna/toml";
 import Arborist from "@npmcli/arborist";
 import { load } from "cheerio";
 import { parseEDNString } from "edn-data";
@@ -45,7 +46,6 @@ import {
   satisfies,
   valid,
 } from "semver";
-import toml from "toml";
 import { IriValidationStrategy, validateIri } from "validate-iri";
 import { xml2js } from "xml-js";
 import { getTreeWithPlugin } from "../managers/piptree.js";
@@ -4081,7 +4081,14 @@ export async function parsePoetrylockData(lockData, lockFile, pyProjectFile) {
     pyProjectFile = lockFile.replace("poetry.lock", "pyproject.toml");
     if (existsSync(pyProjectFile)) {
       const pyprojTomlFile = readFileSync(pyProjectFile, { encoding: "utf-8" });
-      const tomlData = toml.parse(pyprojTomlFile);
+      let tomlData;
+      try {
+        tomlData = toml.parse(pyprojTomlFile);
+      } catch (err) {
+        console.log(
+          `Error while parsing the file ${pyprojTomlFile}. Dependency tree information might be incorrect.`,
+        );
+      }
       if (tomlData?.tool?.poetry) {
         for (const adep of Object.keys(tomlData?.tool?.poetry?.dependencies)) {
           if (

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.0.2",
+  "version": "11.0.3",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <[email protected]>",
@@ -65,7 +65,7 @@
   "bugs": {
     "url": "https://github.com/cyclonedx/cdxgen/issues"
   },
-  "packageManager": "pnpm@9.13.2",
+  "packageManager": "pnpm@9.14.2",
   "lint-staged": {
     "*": "biome check --fix --no-errors-on-unmatched"
   },
@@ -92,11 +92,11 @@
     "ssri": "^12.0.0",
     "table": "^6.8.2",
     "tar": "^7.4.3",
-    "toml": "^3.0.0",
     "uuid": "^11.0.2",
     "validate-iri": "^1.0.1",
     "xml-js": "^1.6.11",
-    "yargs": "^17.7.2"
+    "yargs": "^17.7.2",
+    "@iarna/toml": "2.2.5"
   },
   "optionalDependencies": {
     "@appthreat/atom": "2.0.25",