Skip to content

Sync with original repository #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AlfredoEspinosa merged 175 commits into from
Jun 25, 2025
Merged

Sync with original repository #1

AlfredoEspinosa merged 175 commits into from
Jun 25, 2025

Conversation

@AlfredoEspinosa
Copy link
Owner

@AlfredoEspinosa AlfredoEspinosa commented Jun 25, 2025

Sync with original repository

goneall and others added 30 commits April 20, 2022 14:03
@goneall
Generation missing required properties for arrays
8cd4914 
Resolves issue #57

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Make list required property names plural
e591354 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Fix documentation for license text
71b6c1b 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #58 from spdx/issue57
07832f0 
Generation missing required properties for arrays
@goneall
Update library dependencies for version 2.3 of the SPDX spec
05b6389 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Add version 2.3 test files
9407ee8 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Update dependencies and bump version
d8d844f 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Fix JSON test file
f8c960c 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #63 from spdx/v23
f2e7d6e 
Update ToolsJava to support spec version 2.3
@goneall
Bump version
001d921 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
updated README to reflect the new file names and structures
9db8992 
Signed-off-by: Armin Tänzer <armintaenzer@tngtech.com>
updated CompareDocs method name in README
b45b6de 
Signed-off-by: Armin Tänzer <armintaenzer@tngtech.com>
@goneall
Merge pull request #66 from armintaenzertng/updateReadme
ad521ac 
updated README to reflect the new file names and structures
@goneall
Verify JSON against version specific schema files
9e3bfa2 
Resolves issue #74

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #75 from spdx/issue74
c7b1a33 
Verify JSON against version specific schema files
@goneall
Resolve compare issues (#70)
92e1c5d 
* Fix compare spreadsheet name normalization

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

* Additional checks for compares

- Check creator comment differences
- Check to make sure there are no duplicate document namespaces

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

* Remove temp file

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

* Update POM file with the latest library dependencies

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

* Use unique document URI's for all test files

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Update JSON schema
505f3dd 
Allows for both dashes and underscores in enumeration values

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #76 from spdx/updateschema
f0fd8a3 
Update JSON schema
@goneall
Add dependency-check util to POM file
5340b02 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #77 from spdx/depcheck
05a9993 
Add dependency-check util to POM file
@goneall
Update library version
dd5f55e 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #78 from spdx/updatelibs
0c5e8b5 
Update library version
@goneall
Bump version
b70bbeb 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Update schema generator for required fields
2ad0e8b 
See spdx/spdx-spec#795 for context on
documentDescribes

See spdx/spdx-spec#792 for context on enum
underscores

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #79 from spdx/jsonschema
196659a 
Update schema generator for required fields
@goneall
Add support for RDF Turtle format
b7164e7 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Correct output type for TTL format
a8b459a 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #82 from spdx/addturtle
3f57bb0 
Add support for RDF Turtle format
@goneall
Add extra checks for NPE on getUri()
a37779d 
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Merge pull request #85 from spdx/extrachecks
eec03f1 
Add extra checks for NPE on getUri()
bact and others added 29 commits February 26, 2025 18:08
@bact @goneall
Add back copyright notice text
7e236df 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Add back copyright notice text
6c4c574 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Add back copyright notice text
dacfdb6 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Add back copyright notice text
4d39d77 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Add Javadoc comments
bdfee20 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Update GitHub Actions
c341e9e 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Fix 'build.plugins.plugin.version' is missing warning
46081d6 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Add JSON schema latest version check
204b52f 
Check content of local schema file with the remote location.

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Update spdx-schema-v3.0.1.json
abdae87 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact
Use URI.created().toURL() instead of new URL()
ea9cd8c 
- URI.created().toURL() is available since Java 1.4
- new URL() (constructor) is deprecated in Java 20

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Update SPDX libraries version in POM
72f640d 
- java-spdx-library to 2.0.0
- spdx-rdf-store to 2.0.0
- spdx-jackson-store to 2.0.0
- spdx-spreadsheet-store to 2.0.0
- spdx-tagvalue-store to 2.0.0
- spdx-v3jsonld-store to 1.0.0

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Update com.networknt:json-schema-validator
c3ccecd 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Only update dep to latest patch version
eb64359 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact @goneall
Update org.apache.poi/poi to 5.4.1
e40d75e 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact
Merge branch 'spdx:master' into add-schema-ver-check
cbfbb0d
@bact
Merge pull request #197 from bact/add-schema-ver-check
c391d5c 
Use URI.create().toURL() instead of the deprecated URL() constructor
@goneall
Normalize whitespace in schema compare unit test
da2c3b9 
Fixes an issue where the compare fails if run on a windows environment
where CRLF is used instead of LF
@goneall
[maven-release-plugin] prepare release v2.0.0
334392f
@goneall
[maven-release-plugin] prepare for next development iteration
870a115
@bact @goneall
spdx-maven-plugin == 1.0.0
2bc50e8 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@goneall
Fix Shade plugin version to 3.2.4
2910e35 
Fixes #201

Later versions of the shade plugin strip out the dependencies in the POM
file.
@bact @goneall
Update JAR name in command line examples to 2.0.0
742af94 
- Update JAR name in command line examples to version 2.0.0
- Fix few Markdown issues
- Add Javadoc link
@goneall
Bump version of SPDX Jackson Store
bf0c79d
@goneall
[maven-release-plugin] prepare release v2.0.1
cccac76
@goneall
[maven-release-plugin] prepare for next development iteration
4cc1d53
@goneall
Update README examples with new release versions
c352934
@bact
Merge pull request #205 from spdx/goneall-patch-2
a1468b3 
Update README examples with new release versions
@bact @goneall
Update spdx-maven-plugin and spdx-jackson-store
3117fa4 
Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@xnox @goneall
spdx-schema-v2.3.json: fix OPERATING-SYSTEM package intent
3b3d587 
For Wolfi container at cgr.dev/chainguard/wolfi-base, trivy for spdx json SBOM generates

```json
    {
      "name": "wolfi",
      "SPDXID": "SPDXRef-OperatingSystem-2bccf727fe0bc7f8",
      "versionInfo": "20230201",
      "downloadLocation": "NONE",
      "filesAnalyzed": false,
      "primaryPackagePurpose": "OPERATING-SYSTEM",
      "annotations": [
        {
          "annotator": "Tool: trivy-0.62.1",
          "annotationDate": "2025-05-28T17:07:25Z",
          "annotationType": "OTHER",
          "comment": "Class: os-pkgs"
        },
        {
          "annotator": "Tool: trivy-0.62.1",
          "annotationDate": "2025-05-28T17:07:25Z",
          "annotationType": "OTHER",
          "comment": "Type: wolfi"
        }
      ]
    }
```

Which fails validating with tools-java because "OPERATING-SYSTEM" value is with a dash, which matches the spec at https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field

Given tools in wild follow the spec, imho it is relatively safe to update the schema here.

Note we have PACKAGE_MANAGER PACKAGE-MANAGER saga before, so do help
me validating any other tools that might be impacted, so far I see
this schema file being the only one out of line.
@AlfredoEspinosa AlfredoEspinosa merged commit b6ec62f into AlfredoEspinosa:master Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@AlfredoEspinosa @goneall @TimothyGillespie @heliocastro @vargenau @HirumalPriyashan @vanrenter @bact @xnox