root.go

2 months ago

feat(renovate-to-sbom)!: ignore dependencies without a `CurrentVersion` · c3c412f8

Jamie Tanna authored 2 months ago and

Hao Hu committed 2 months ago

When using the SBOM exported by `renovate-to-sbom` with other tools,
some pieces of data are not useful when they are i.e. a range of
versions.

Instead of this, we can - by default - ignore anything that doesn't have
a resolved `CurrentVersion` as it's likely that the exact version will
not be present.

This is a breaking change as we change the behaviour of the command.

We can introduce a flag to re-enable the functionality, as well as
document the fact that this may cause false positives.

As this is not a breaking change in dependency-management-data itself,
we will not bump `compatible_since`.

c3c412f8

History

feat(renovate-to-sbom)!: ignore dependencies without a `CurrentVersion`

Jamie Tanna authored 2 months ago and

Hao Hu committed 2 months ago

When using the SBOM exported by `renovate-to-sbom` with other tools,
some pieces of data are not useful when they are i.e. a range of
versions.

Instead of this, we can - by default - ignore anything that doesn't have
a resolved `CurrentVersion` as it's likely that the exact version will
not be present.

This is a breaking change as we change the behaviour of the command.

We can introduce a flag to re-enable the functionality, as well as
document the fact that this may cause false positives.

As this is not a breaking change in dependency-management-data itself,
we will not bump `compatible_since`.

Code owners

Assign users and groups as approvers for specific file changes. Learn more.