Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BREAKING] Add datatype for Component.bom_ref /Service.bom_ref #170

Closed
jkowalleck opened this issue Feb 16, 2022 · 2 comments
Closed

[BREAKING] Add datatype for Component.bom_ref /Service.bom_ref #170

jkowalleck opened this issue Feb 16, 2022 · 2 comments
Assignees
@madpah
Labels
breaking change
Milestone
2.0.0

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Feb 16, 2022
edited by madpah
Loading

From @jkowalleck

The ref/bom-ref properties in CycloneDX are a special kind of string. They are intended to link elements together.
(in Spec 1.4 the ref/bom-ref became an own element-definition, to make this more clear.)
-> refs/bom-refs are used, instead of the actual linked elements.
Having special data types makes it easy to tell elements apart by the reference. and linking elements without memory-leaks is easy.

proposal:
have a data class BomRef. BomRef has a property value of type Optional[str].

  • Components, Services have a property _bom_ref: BomRef and have the the setter for bom_ref removed - as it is a read-only property.property.
  • all usages of ref/bom-ref adopt the use of new data type BomRef instead of str

The above will become critical when we look to implement #7 and doing this now will lower the risk of introducing another breaking change release at that point.
@jkowalleck jkowalleck mentioned this issue Feb 16, 2022
Merged
@jkowalleck
Copy link
Member Author

is caused by #148 (comment)

@madpah madpah changed the title own datatype for Component.bom_ref /Service.bom_ref [BREAKING] Add datatype for Component.bom_ref /Service.bom_ref Feb 17, 2022
@madpah madpah self-assigned this Feb 17, 2022
@madpah madpah added this to the 2.0.0 milestone Feb 17, 2022
@madpah madpah mentioned this issue Feb 17, 2022
Merged
madpah added a commit that referenced this issue Feb 17, 2022
@madpah
Continuation of #170 - missed updating Vulnerability to use BomRef (#…
0d82c01 
…175)

* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references

Signed-off-by: Paul Horton <[email protected]>

* updated Vulnerability to also use new `BomRef` model

Signed-off-by: Paul Horton <[email protected]>
@madpah
Copy link
Collaborator

madpah commented Feb 21, 2022

https://pypi.org/project/cyclonedx-python-lib/2.0.0/ released

@madpah madpah closed this as completed Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@madpah madpah

Labels
breaking change
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
2 participants
@jkowalleck @madpah