Comments (12)
I know you were waiting for this for a long time, @llaville :D I will publish a stable RC this weekend. Then you could test it and see it if is any worth .
Yes, and of course I'll test it, but I'm not sure to have time this week-end.
I'll gave you my feedback at least on monday or later.
from cyclonedx-php-library.
I know you were waiting for this for a long time, @llaville :D
I will publish a stable RC this weekend. Then you could test it and see it if is any worth .
from cyclonedx-php-library.
released preview: v2.0.0-RC1
from cyclonedx-php-library.
released preview: v2.0.0-RC1
👁️🗨️ I'll have a quick try with migration on my project tomorrow morning !
from cyclonedx-php-library.
❤️
Hope you have static code analysis in place, to helps you find positions where you need to change your code. Or you have good test coverage.
Otherwise, the API change log is pretty detailed. Let me know if I forgot to document something.
from cyclonedx-php-library.
@jkowalleck I've just finished to migrate code from v1 to v2, and here are my first feedbacks.
Even, if my code (see my migration with commit llaville/box-manifest@e4a4058) is not so complex (I hope ;-)), it took me half an hour between change code from old format to newer, and test it to see if there are some regressions.
I think you should write a migration guide that will make the developers task more easy !
If you've time to check my commit and tell me if I'm wrong or not in my code migration.
I've tested spec 1.3 because I've a base results to compare, but spec 1.4 is pretty for me now to implement on my application (but I've no base to compare), so no feeback for this results.
from cyclonedx-php-library.
@jkowalleck I've just tested spec 1.4 in my application (code of box-manifest) will be pushed to GitHub tomorrow (I'll be busy this afternoon and won't be online for hours), and see no regression with spec 1.3 ! Good news :)
Last but not least: results I produced (using spec 1.3 or spec 1.4) can be validate with https://github.com/CycloneDX/cyclonedx-cli#validate-command
from cyclonedx-php-library.
Thanks for testing.
I think you should write a migration guide that will make the developers task more easy !
Well, I might write a migration instruction for v2.0, then.
What kind of document could have helped you? Did you read the detailed change log that was mentioned in the release notes?
I see you have phpstan
as a static code analysis. This should have found all breaking code changes. Breaking behavior is described in the mentioned change log, right?
[...] results I produced (using spec 1.3 or spec 1.4) can be validate [...]
I had no doubt on the quality of my library, as I have more than 3400 tests to assert the correctness of the models and normalization/serialization, and I have a working validator as part of the implementation as well ;-)
from cyclonedx-php-library.
Well, I might write a migration instruction for v2.0, then. What kind of document could have helped you? Did you read the detailed change log that was mentioned in the release notes?
Mea Culpa, I didn't read the release notes, and I think it's enough. Perharps you may add a link on the project README page to learn more about how to migrate (to this release notes).
BTW, thanks for your review on my code. I appreciate a lot !!!
from cyclonedx-php-library.
@jkowalleck By implementing support of all sbom spec version with my commit llaville/box-manifest@0ac39af on box-manifest app, I've used twice the tip provided at https://www.php.net/manual/en/language.enumerations.static-methods.php#126866
Does it make sense for you to implement such new method values
in your enum Version ?
That will allow me to reduce my code :
- once when I display spec available when ask for
--help
application :
-s, --sbom-spec=SBOM-SPEC SBOM specification version: 1.1, 1.2, 1.3, 1.4 [default: "1.4"]
see at https://github.com/llaville/box-manifest/blob/0ac39af25c81b29daef99c5cfa29d4403d975ee0/src/Console/Command/Manifest.php#L85 - twice when I the DomainException : see at https://github.com/llaville/box-manifest/blob/0ac39af25c81b29daef99c5cfa29d4403d975ee0/src/Composer/ManifestFactory.php#L167
that display such error :Unsupported spec version "1.7" for SBOM format. Expected one of these values: 1.1, 1.2, 1.3, 1.4
Goal : support as much as possible future spec version without to change the base code
from cyclonedx-php-library.
Does it make sense for you to implement such new method values in you
I do not see a reason for this.
If native PHP has no method for this, then it is probably for a good reason.
I like the way you solved it via array_column()
.
PS: do not want to add `values(). Who knows, this might be added natively in the next version of PHP language level support for ENUMs.
So i do not want tho shadow it.
from cyclonedx-php-library.
closed by #266
release to be triggered soon.
from cyclonedx-php-library.
Related Issues (20)
- Add support for `License.text`
- chore: rename `Assert` -> `Filter` or `Predicate`
- [IDEA] DOM normalizer: element names are injectable
- License: simplify models & optimize Factory & fix Expression validator
- BC: rename `BOM` HOT 2
- BC: UpperCamelCase enum names
- add pslam shepherd
- upload test results to codacy
- slacken `Bom.serialNumber` in data models HOT 2
- [v2.1.1] `specVersion` attribute available on same way on both normalizers HOT 2
- [v2.1.1] `metadata` -> `properties` not correctly supported with DOM serializer HOT 1
- Normalizer MUST assert LicenseExpression xor DisjunctiveLicense*
- `XmlSerializer` configurable amount of spaces when `$prettyPrint=true` HOT 6
- make `XmlSerializer`'s properties accessable HOT 2
- chore: fix depricates from PHPUnit10 HOT 2
- Psalm warning on release 2.2.0 HOT 6
- support `metadata.lifecycles`
- BC: make `CycloneDX\Core\Spec\Spec` internal
- QA: integration test of validators with official test data
- support CycloneDX 1.6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-php-library.