Merge pull request #397 from DependencyTrack/bump-cyclonedx-core-java

Cyclonedx-core-java library version bump
DependencyTrack · Oct 26, 2023 · b422f16 · b422f16
2 parents 614213a + a8665aa
commit b422f16
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 10 deletions.
diff --git a/pom.xml b/pom.xml
@@ -89,7 +89,7 @@
         <lib.cpe-parser.version>2.0.2</lib.cpe-parser.version>
         <lib.cvss-calculator.version>1.4.2</lib.cvss-calculator.version>
         <lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
-        <lib.cyclonedx-java.version>7.3.0</lib.cyclonedx-java.version>
+        <lib.cyclonedx-java.version>8.0.3</lib.cyclonedx-java.version>
         <lib.jackson.version>2.15.2</lib.jackson.version>
         <lib.jackson-databind.version>2.15.2</lib.jackson-databind.version>
         <lib.jaxb.runtime.version>2.3.6</lib.jaxb.runtime.version>

diff --git a/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java
@@ -178,7 +178,7 @@ public void exportProjectAsCycloneDxInventoryTest() {
                 .isEqualTo(json("""
                         {
                             "bomFormat": "CycloneDX",
-                            "specVersion": "1.4",
+                            "specVersion": "1.5",
                             "serialNumber": "${json-unit.ignore}",
                             "version": 1,
                             "metadata": {
@@ -327,7 +327,7 @@ public void exportProjectAsCycloneDxInventoryWithVulnerabilitiesTest() {
                 .isEqualTo(json("""
                 {
                     "bomFormat": "CycloneDX",
-                    "specVersion": "1.4",
+                    "specVersion": "1.5",
                     "serialNumber": "${json-unit.ignore}",
                     "version": 1,
                     "metadata": {
@@ -520,7 +520,7 @@ public void exportProjectAsCycloneDxVdrTest() {
                 .isEqualTo(json("""
                 {
                     "bomFormat": "CycloneDX",
-                    "specVersion": "1.4",
+                    "specVersion": "1.5",
                     "serialNumber": "${json-unit.ignore}",
                     "version": 1,
                     "metadata": {
@@ -750,7 +750,7 @@ public void uploadInvalidCycloneDxBomTest() {
                 .header(X_API_KEY, apiKey)
                 .put(Entity.entity(request, MediaType.APPLICATION_JSON));
         Assert.assertEquals(400, response.getStatus(), 0);
-        Assert.assertEquals("The uploaded CycloneDX BOM is invalid: $.version: is missing but it is required; $.components[0].type: is missing but it is required; $.components[0].name: is missing but it is required", getPlainTextBody(response));
+        Assert.assertEquals("The uploaded CycloneDX BOM is invalid: $.components[0].type: is missing but it is required; $.components[0].name: is missing but it is required", getPlainTextBody(response));
     }
 
     @Test

diff --git a/src/test/java/org/dependencytrack/resources/v1/VexResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/VexResourceTest.java
@@ -131,7 +131,7 @@ public void exportProjectAsCycloneDxTest() {
                 .isEqualTo("""
                         {
                           "bomFormat": "CycloneDX",
-                          "specVersion": "1.4",
+                          "specVersion": "1.5",
                           "serialNumber": "${json-unit.any-string}",
                           "version": 1,
                           "metadata": {

diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
@@ -110,7 +110,7 @@ public void informTest() throws Exception {
         qm.getPersistenceManager().refresh(project);
         assertThat(project.getClassifier()).isEqualTo(Classifier.APPLICATION);
         assertThat(project.getLastBomImport()).isNotNull();
-        assertThat(project.getLastBomImportFormat()).isEqualTo("CycloneDX 1.4");
+        assertThat(project.getLastBomImportFormat()).isEqualTo("CycloneDX 1.5");
         assertThat(project.getExternalReferences()).isNotNull();
         assertThat(project.getExternalReferences()).hasSize(4);
 
@@ -202,7 +202,7 @@ public void informTestWithComponentAlreadyExistsForIntegrityCheck() throws Excep
         qm.getPersistenceManager().refresh(project);
         assertThat(project.getClassifier()).isEqualTo(Classifier.APPLICATION);
         assertThat(project.getLastBomImport()).isNotNull();
-        assertThat(project.getLastBomImportFormat()).isEqualTo("CycloneDX 1.4");
+        assertThat(project.getLastBomImportFormat()).isEqualTo("CycloneDX 1.5");
         assertThat(project.getExternalReferences()).isNotNull();
         assertThat(project.getExternalReferences()).hasSize(4);
 

diff --git a/src/test/resources/unit/bom-1.xml b/src/test/resources/unit/bom-1.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.5" version="1">
     <metadata>
         <component type="application" bom-ref="acme">
             <publisher>DependencyTrack</publisher>

diff --git a/src/test/resources/unit/bom-issue2519.xml b/src/test/resources/unit/bom-issue2519.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" serialNumber="urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832" version="1" xmlns="http://cyclonedx.org/schema/bom/1.4">
+<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" serialNumber="urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
   <metadata>
     <tools>
       <tool>