Skip to content

[WIP] v1.7 - Cryptography WG #543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 48 commits into from
Closed

[WIP] v1.7 - Cryptography WG #543

wants to merge 48 commits into from

Conversation

n1ckl0sk0rtge
Copy link

@n1ckl0sk0rtge n1ckl0sk0rtge commented Nov 19, 2024
edited by jkowalleck
Loading

2024-10-17

  • add serial number to certificateProperties
  • add fingerPrint to certificateProperties and relatedCryptoMaterialProperties

TODO/DONE

  • JSON schema modified
  • XML schema modified
  • ProtoBuf schema modified
  • JSON examples/test data crafted
  • XML examples/test data crafted
  • ProtoBuf examples/test data crafted

@n1ckl0sk0rtge n1ckl0sk0rtge requested a review from a team as a code owner November 19, 2024 09:27
@n1ckl0sk0rtge n1ckl0sk0rtge changed the title Cryptography WG, 2024-10-17: Cryptography WG, 2024-10-17 Nov 19, 2024
@jkowalleck jkowalleck added this to the 1.7 milestone Nov 19, 2024
@jkowalleck jkowalleck requested a review from a team November 19, 2024 09:38
@jkowalleck
Copy link
Member

@n1ckl0sk0rtge I'll set this PR as "draft". please set it to "ready for review" as soon as the TODO you've added in the code is solved.

@jkowalleck jkowalleck marked this pull request as draft November 19, 2024 09:39
@n1ckl0sk0rtge n1ckl0sk0rtge changed the title Cryptography WG, 2024-10-17 Cryptography WG Nov 19, 2024
@jkowalleck jkowalleck changed the title Cryptography WG [WIP] Cryptography WG 1.7-dev Feb 5, 2025
@jkowalleck jkowalleck changed the title [WIP] Cryptography WG 1.7-dev [WIP] v1.7 - Cryptography WG Feb 5, 2025
stevespringett and others added 19 commits February 11, 2025 13:08
@stevespringett @n1ckl0sk0rtge
creating 1.7 from 1.6. Updating doc generation and templates.
8ece7fb
@jkowalleck @n1ckl0sk0rtge
carry over of latest master
a956767 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
carry over of latest master
24167b6 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: fix ProtoBuf breaking detection to be wire-only (CycloneDX#532)
8ec130d 
our spec describes how data models look in data transfers.
current protobuf breaking detection adheres this.

the protobuf breaking detection also does unnecessary detections, which
should not matter for our domain.
they are removed, here.

----


changes are based on
CycloneDX#530 (comment)

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: bump docker image from bufbuild/buf:1.30.1 to :1.46.0 (Cyc…
eae8ebd 
…loneDX#519)

see https://github.com/bufbuild/buf/releases

## TASKS
- [x] bump version
- [x] migrate config  
see https://buf.build/docs/migration-guides/migrate-v2-config-files
- [x] migrate CLI calls

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: fix BrotoBuf BCcheck on version-level (CycloneDX#536)
3c44100 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: fix BrotoBuf test reports (CycloneDX#537)
bff02b3 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
fix(ProtoBuf): add ExternalReterence Type `EXTERNAL_REFERENCE_TYPE_RE…
a28884d 
…LEASE_NOTES` (CycloneDX#531)

fixes CycloneDX#266

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @andreas-hilti @n1ckl0sk0rtge
fix(ProtoBuf,XML): component data repeatable (CycloneDX#530)
c9893f7 
fixes <CycloneDX#518>

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Co-authored-by: andreas-hilti <69210561+andreas-hilti@users.noreply.github.com>
@jkowalleck @n1ckl0sk0rtge
fix(ProtoBuf): Component.evidence optional (CycloneDX#534)
949528a 
fixes CycloneDX#422 
by reverting the unreleased
CycloneDX@19a1530
&
CycloneDX@acc5f3a
as discussed here:
CycloneDX#422 (comment)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
fix(ProtoBuf): add LicenseExpression.bom_ref (CycloneDX#529)
2b6213e 
fixes CycloneDX#515

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: transfer specdocs to ProtoBuf 1.6 (CycloneDX#539)
d8fa000 
fixes CycloneDX#538 

texts were taken from the human-readable Spec CycloneDX 1.6.0

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: transfer specdocs to XML 1.6 (CycloneDX#540)
d1a6fd8 
texts were taken from human-readable spec

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@hakandilek @jkowalleck @n1ckl0sk0rtge
fix(xml): requirement descriptions should be unbounded (CycloneDX#533)
149bcd2 
fixes CycloneDX#528 

where occurrences of `definitions.standards.requirements.descriptions`
should be unbounded

---------

Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck @n1ckl0sk0rtge
chore: prep v1.6.1 (CycloneDX#535)
e10e5f9 
final change of milestone 1.6.1 -- see
https://github.com/CycloneDX/specification/milestone/11

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@dependabot @n1ckl0sk0rtge
chore(deps): bump org.apache.commons:commons-lang3 from 3.16.0 to 3.1…
d34559f 
…7.0 in /tools (CycloneDX#509)

Bumps org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-lang3&package-manager=maven&previous-version=3.16.0&new-version=3.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@jkowalleck @n1ckl0sk0rtge
carry over from master: XML,JSON,PB
5d8b070 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@dependabot @n1ckl0sk0rtge
chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from…
3ad4a67 
… 3.4.0 to 3.5.1 in /tools (CycloneDX#527)

Bumps
[org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire)
from 3.4.0 to 3.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apache/maven-surefire/releases">org.apache.maven.plugins:maven-surefire-plugin's
releases</a>.</em></p>
<blockquote>
<h2>3.5.1</h2>
<!-- raw HTML omitted -->
<h2>🚀 New features and improvements</h2>
<ul>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2270">[SUREFIRE-2270]</a>
- Use JUnit5 in surefire-shadefire (<a
href="https://redirect.github.com/apache/maven-surefire/pull/783">#783</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2266">[SUREFIRE-2266]</a>
- Execute ITs in parallel (<a
href="https://redirect.github.com/apache/maven-surefire/pull/781">#781</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2264">[SUREFIRE-2264]</a>
- Limit usage of commons-io from surefire-shared-utils (<a
href="https://redirect.github.com/apache/maven-surefire/pull/777">#777</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2267">[SUREFIRE-2267]</a>
- Packages for commons-codec should be relocated in
surefire-shared-utils (<a
href="https://redirect.github.com/apache/maven-surefire/pull/782">#782</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-1737">[SUREFIRE-1737]</a>
- Fix disable in statelessTestsetReporter (<a
href="https://redirect.github.com/apache/maven-surefire/pull/780">#780</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2257">[SUREFIRE-2257]</a>
- [REGRESSION] NPEx: Cannot invoke &quot;Object.toString()&quot; … (<a
href="https://redirect.github.com/apache/maven-surefire/pull/774">#774</a>)
<a href="https://github.com/michael-o"><code>@​michael-o</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2273">[SUREFIRE-2273]</a>
- Bump org.hamcrest:hamcrest from 2.2 to 3.0 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/784">#784</a>)
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2272">[SUREFIRE-2272]</a>
- Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.3.0 - JDK 23
support (<a
href="https://redirect.github.com/apache/maven-surefire/pull/786">#786</a>)
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2226">[SUREFIRE-2226]</a>
- Upgrade to Maven Verifier 2.0.0-M1 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/706">#706</a>)
<a href="https://github.com/michael-o"><code>@​michael-o</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2265">[SUREFIRE-2265]</a>
- Bump commons-io:commons-io from 2.16.1 to 2.17.0 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/779">#779</a>)
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2263">[SUREFIRE-2263]</a>
- Use the latest version of surefire for self build (<a
href="https://redirect.github.com/apache/maven-surefire/pull/776">#776</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2262">[SUREFIRE-2262]</a>
- Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/775">#775</a>)
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2>👻 Maintenance</h2>
<ul>
<li><a
href="https://issues.apache.org/jira/browse/SUREFIRE-2269">[SUREFIRE-2269]</a>
- Allow fail during clean in surefire-its (<a
href="https://redirect.github.com/apache/maven-surefire/pull/785">#785</a>)
<a
href="https://github.com/slawekjaranowski"><code>@​slawekjaranowski</code></a></li>
</ul>
<h2>3.5.0</h2>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/apache/maven-surefire/commit/a69b0f87309c5b8111b73687db56b62055d7626c"><code>a69b0f8</code></a>
[maven-release-plugin] prepare release surefire-3.5.1</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/ccc54d093afe361dfbce802461947148281a2ee2"><code>ccc54d0</code></a>
[SUREFIRE-2273] Bump org.hamcrest:hamcrest from 2.2 to 3.0 (<a
href="https://redirect.github.com/apache/maven-surefire/issues/784">#784</a>)</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/ab77c35c7fc788ae1aab5af525721afc881cc8ed"><code>ab77c35</code></a>
[SUREFIRE-2272] Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.3.0
- JD...</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/93317ff07a4709bb1b0bd7690459fa81630fa3d4"><code>93317ff</code></a>
[SUREFIRE-2269] Allow fail during clean in surefire-its</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/d7f4dbb7cc99a08a911066afbab3e01273dbbdc0"><code>d7f4dbb</code></a>
[SUREFIRE-2270] Use JUnit5 in surefire-shadefire</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/7a98850b99b8f00c3928904992188e2fa3eceab3"><code>7a98850</code></a>
Drop comment from jira integration</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/b2aa8a6c93d201bf90e5199274750c1ea3e9091c"><code>b2aa8a6</code></a>
[SUREFIRE-2267] Packages for commons-codec should be relocated in
surefire-sh...</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/a9282552d2086299a400a27781509e2b942a743d"><code>a928255</code></a>
[SUREFIRE-1737] Fix disable in statelessTestsetReporter</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/4584ebbff97a383ddbd6d1d8ce6122e7f7d0d6b0"><code>4584ebb</code></a>
[SUREFIRE-2226] Upgrade to Maven Verifier 2.0.0-M1</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/5aa3515c77075dd5b316ef5d6cc96f679aa2ccf4"><code>5aa3515</code></a>
[SUREFIRE-2266] Execute ITs in parallel</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/maven-surefire/compare/surefire-3.4.0...surefire-3.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.4.0&new-version=3.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @n1ckl0sk0rtge
chore(deps): bump commons-io:commons-io from 2.16.1 to 2.17.0 in /too…
cb54c0c 
…ls (CycloneDX#523)

Bumps commons-io:commons-io from 2.16.1 to 2.17.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.16.1&new-version=2.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
stevespringett and others added 21 commits February 11, 2025 13:08
@stevespringett @n1ckl0sk0rtge
Committing current changes
cebf845 
Signed-off-by: Steve Springett <steve@springett.us>
@jkowalleck @n1ckl0sk0rtge
remove unused config file (CycloneDX#558)
787ee04 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@dependabot @n1ckl0sk0rtge
chore(deps): update opis/json-schema requirement from 2.3 to 2.4.1 in…
7dd94a1 
… /tools/src/test/php (CycloneDX#560)

Updates the requirements on
[opis/json-schema](https://github.com/opis/json-schema) to permit the
latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opis/json-schema/releases">opis/json-schema's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.1</h2>
<p>Fixes</p>
<ul>
<li>minor fixes to <code>Helper::isMultipleOf()</code> (<a
href="https://redirect.github.com/opis/json-schema/issues/126">#126</a>)</li>
</ul>
<p>Also see <a
href="https://github.com/opis/json-schema/releases/tag/2.4.0">changes in
2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/opis/json-schema/commit/712827751c62b465daae6e725bf0cf5ffbf965e1"><code>7128277</code></a>
Updated isMultipleOf helper</li>
<li><a
href="https://github.com/opis/json-schema/commit/a3be216465647f62f11a1e22d955daafa90959c5"><code>a3be216</code></a>
Updated readme</li>
<li><a
href="https://github.com/opis/json-schema/commit/ddf937c77e40409fa53e4c795b3c1943e47e71f7"><code>ddf937c</code></a>
StopAtFirstError (<a
href="https://redirect.github.com/opis/json-schema/issues/147">#147</a>)</li>
<li><a
href="https://github.com/opis/json-schema/commit/d1389724c96f31335045c799207c79621268f177"><code>d138972</code></a>
Fixed error message</li>
<li><a
href="https://github.com/opis/json-schema/commit/955ec444d6b813a3b0a72286859548a3e03cf2c3"><code>955ec44</code></a>
Merge pull request <a
href="https://redirect.github.com/opis/json-schema/issues/111">#111</a>
from jsawo/patch-1</li>
<li><a
href="https://github.com/opis/json-schema/commit/5346c2e198b0ceb7fcc44e03d108c67864139581"><code>5346c2e</code></a>
Merge pull request <a
href="https://redirect.github.com/opis/json-schema/issues/109">#109</a>
from dontub/patch-1</li>
<li><a
href="https://github.com/opis/json-schema/commit/7edd7818493077308cb917ec523f4c7606ed8b63"><code>7edd781</code></a>
Fixed maxLength 0 bug</li>
<li><a
href="https://github.com/opis/json-schema/commit/c09b18d1bfddec20dc92fd4e93096b655efc331a"><code>c09b18d</code></a>
Added php 8.3 to tests</li>
<li><a
href="https://github.com/opis/json-schema/commit/91a967595a91c78b0d2ad80e6e9bfa514fc074e0"><code>91a9675</code></a>
Merge pull request <a
href="https://redirect.github.com/opis/json-schema/issues/130">#130</a>
from andrewmy/add-php-8.2</li>
<li><a
href="https://github.com/opis/json-schema/commit/61c06b8295373203711e593121d95d7a4b6f29c7"><code>61c06b8</code></a>
Add PHP 8.2 to tests</li>
<li>Additional commits viewable in <a
href="https://github.com/opis/json-schema/compare/2.3.0...2.4.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@stevespringett @n1ckl0sk0rtge
Updating version
611ff64 
Signed-off-by: Steve Springett <steve@springett.us>
@jkowalleck @n1ckl0sk0rtge
docs: align media types in table (CycloneDX#561)
fd99b05 
to mimic style from website
https://cyclonedx.org/specification/overview/

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck @n1ckl0sk0rtge
docs: Recognized file patterns (CycloneDX#562)
e62e441 
mimic https://cyclonedx.org/specification/overview/

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck @n1ckl0sk0rtge
docs: docsgen resture output for website (CycloneDX#570)
ed3136f 
fixes CycloneDX#568

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: docgen proto with protoc-gen-doc (CycloneDX#557)
bc631aa 
fixes CycloneDX#555

utilizes https://github.com/pseudomuto/protoc-gen-doc
to generate the needed docs ready to upload to the homepage.

> [!NOTE]
> did not setup a proper template, yet. used the default one for now, so
we can track template-related changes in future PRs
> But the template has been foreseen, it is expected to go into the
folder `docgen/proto/template`.
> See template docs here:
<https://github.com/pseudomuto/protoc-gen-doc/wiki/Custom-Templates>

CI run:
https://github.com/CycloneDX/specification/actions/runs/12536710058/job/34960006706

CI result:
https://github.com/CycloneDX/specification/actions/runs/12536710058/artifacts/2369477602

structure: 
```text
docgen/proto/docs
├── 1.3
│   └── index.html
├── 1.4
│   └── index.html
├── 1.5
│   └── index.html
└── 1.6
    └── index.html
```

----

might rework the resutling structure in regards to
CycloneDX#568

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: fix docsgen proto chown
1c34746 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: docsgen theme and linkd for proto (CycloneDX#571)
d0fb871 
theme for CycloneDX#557

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: docsgen prep for 1.7
b246f57 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: docsge fix title in <meta> elements (CycloneDX#572)
90307f0 
current docsgen result in broken metatags:
```html
    <meta name="twitter:title" content=""CycloneDX v1.6 Protobuf Reference""/>
    <meta name="twitter:image" content="https://cyclonedx.org/images/CycloneDX-Social-Card.png"/>
    <meta name="twitter:description" content=""CycloneDX v1.6 Protobuf Reference""/>
    <meta name="description" content=""CycloneDX v1.6 Protobuf Reference""/>
    <meta property="og:description" content=""CycloneDX v1.6 Protobuf Reference""/>
    <meta property="og:title" content=""CycloneDX v1.6 Protobuf Reference""/>
```

this PR fixes this

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
chore: introduce PR template (CycloneDX#579)
b3e41f8 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck @n1ckl0sk0rtge
pull_request_template tell about rules (CycloneDX#580)
7ed08e9 
improve pull request template
- add info regarding processes
- add example regarding typo/spelling/grammar fix.

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck @n1ckl0sk0rtge
tests: enable tests for 1.7
0f6e8f1 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: copy tests from 1.6
fcc7a44 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: rename tests for 1.7
3f4e31b 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
tests: migrate tests for 1.7
3bf8464 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck @n1ckl0sk0rtge
docs: docsgen latest first
377d3d5 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@n1ckl0sk0rtge
add certificate extensions, rename certificateExtensions to certifica…
7bb67fa 
…teFileExtentsions

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>
@n1ckl0sk0rtge
fix relatedCryptographicAssets, add reason for certificate lifecycle …
8c6bb28 
…state, update spelling

Signed-off-by: Nicklas Körtge <nicklas.koertge1@ibm.com>
stevespringett
stevespringett reviewed Feb 20, 2025
View reviewed changes
schema/bom-1.7.schema.json
@@ -5512,7 +5522,7 @@
"name": {
"type": "string",
"title": "name",
"description": "Extention name",
"description": "The name if the extention.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change 'if' to 'of'

stevespringett
stevespringett reviewed Feb 20, 2025
View reviewed changes
schema/bom-1.7.schema.json
},
"value": {
"type": "string",
"title": "Value",
"description": ""
"description": "The description of the custom certificate extension."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this "description" correct? Should this be "value" instead?

stevespringett
stevespringett reviewed Feb 20, 2025
View reviewed changes
schema/bom-1.7.schema.json
@@ -5568,7 +5578,7 @@
"relatedCryptographicAssets": {
"$ref": "#/definitions/relatedCryptographicAssets",
"title": "Related Cryptographic Assets",
"description": "A list of bom-refs to cryptographic assets related to this protocol.",
"description": "A list of cryptographic assets related to this component.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add bom-ref to the description if that's the requirement?

stevespringett
stevespringett reviewed Feb 20, 2025
View reviewed changes
schema/bom-1.7.schema.json
@@ -5703,7 +5713,7 @@
"relatedCryptographicAssets": {
"$ref": "#/definitions/relatedCryptographicAssets",
"title": "Related Cryptographic Assets",
"description": "A list of bom-refs to cryptographic assets related to this protocol.",
"description": "A list of cryptographic assets related to this component.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

stevespringett
stevespringett reviewed Feb 20, 2025
View reviewed changes
schema/bom-1.7.schema.json
@@ -5804,7 +5814,7 @@
"relatedCryptographicAssets": {
"$ref": "#/definitions/relatedCryptographicAssets",
"title": "Related Cryptographic Assets",
"description": "A list of bom-refs to cryptographic assets related to this protocol.",
"description": "A list of cryptographic assets related to this component.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

@n1ckl0sk0rtge n1ckl0sk0rtge deleted the 1.7-dev-cryptography branch March 20, 2025 12:56
@jkowalleck jkowalleck mentioned this pull request Mar 21, 2025
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevespringett stevespringett stevespringett left review comments

Assignees
No one assigned
Labels
proposed core enhancement
Projects
None yet
Milestone
1.7
Development

Successfully merging this pull request may close these issues.
6 participants
@n1ckl0sk0rtge @jkowalleck @stevespringett @hakandilek @andreas-hilti @weaversa