From 37f45d7d40a03dbe09aaeb7f8fcc6b759c4b4136 Mon Sep 17 00:00:00 2001 From: Kit Plummer Date: Sat, 12 Nov 2022 17:56:11 -0500 Subject: [PATCH 1/3] update: sbom at bom.xml --- bom.xml | 6 +++--- mix.exs | 7 ++++--- mix.lock | 1 + 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/bom.xml b/bom.xml index 64f2e4d..930300c 100644 --- a/bom.xml +++ b/bom.xml @@ -1,4 +1,4 @@ -An Elixir module to easily create and use temporary files and directories.2c78482cc2294020a4bc0c95950b907ff386523367d4e63308a252feffbea9f2MITtemppkg:hex/temp@0.4.70.4.7Earmark AST the parser and AST Generator for +2022-11-12T22:29:55.432068ZSBoM Mix task for ElixirEarmark AST the parser and AST Generator for Dave Thomas' Earmark. The parser generates @@ -6,5 +6,5 @@ an Abstract Syntax Tree from Markdown. The original Earmark will still provide the HTML Transformation and the CLI, however its Scanner, Parser and AST Renderer have been -extracted into this library.0c98163e7d04a15feb62000e1a891489feb29f3d10cb57d4f845c405852bbef8Apache-2.0earmark_parserpkg:hex/earmark_parser@1.4.131.4.13Parse transform library16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8Apache-2.0parse_transpkg:hex/parse_trans@3.3.13.3.1A simple interface to Git CLIa5422f9b95c99483385b976f5d43f7e8233283a47cda13533d7c16131cb14df5MITgit_clipkg:hex/git_cli@0.3.00.3.0Library to handle mimetypes67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3MITmimerlpkg:hex/mimerl@1.2.01.2.0A file system change watcher wrapper based on [fs](https://github.com/synrc/fs)fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162dWTFPLfile_systempkg:hex/file_system@0.2.100.2.10A simple and fast library for text-based parser combinators32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263Apache-2.0nimble_parsecpkg:hex/nimble_parsec@0.6.00.6.0A simple yarn.lock parserd6dc27ad8816aefb9142cddca5413021c79eb957553b4464ed007a15a02d4ba8MITyarn_parserpkg:hex/yarn_parser@0.3.00.3.0Syntax highlighter for source code in the style of Pygments.d5a830bc42c9800ce07dd97fa94669dfb93d3bf5fcf6ea7a0c67b2e0e4a7f26cBSDmakeuppkg:hex/makeup@1.0.51.0.5A generic interface to different metrics systems in Erlang.25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486BSDmetricspkg:hex/metrics@1.0.11.0.1256 color ANSI coloring in the terminal951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38MITbuntpkg:hex/bunt@0.2.00.2.0unicode_util compatibility library for Erlang < 20bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78Apache-2.0unicode_util_compatpkg:hex/unicode_util_compat@0.7.00.7.0A pure Erlang IDNA implementation8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8dMITidnapkg:hex/idna@6.1.16.1.1An incredibly fast, pure Elixir JSON librarybcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709aeCC0-1.0poisonpkg:hex/poison@4.0.14.0.1A blazing fast JSON parser and generator in pure Elixir.ba43e3f2709fd1aa1dce90aaabfd039d000469c05c56f0b8e31978e03fa39052Apache-2.0jasonpkg:hex/jason@1.2.21.2.2SSL verification functions for Erlangcf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0MITssl_verify_funpkg:hex/ssl_verify_fun@1.1.61.1.6CA bundle adapted from Mozilla by https://certifi.iodbab8e5e155a0763eea978c913ca280a6b544bfa115633fa20249c3d396d9493BSDcertifipkg:hex/certifi@2.6.12.6.1simple HTTP client99da4674592504d3fb0cfef0db84c3ba02b4508bae2dff8c0108baa0d6e0977cApache-2.0hackneypkg:hex/hackney@1.17.41.17.4Yet Another HTTP client for Elixir powered by hackney6b85dea15820b7804ef607ff78406ab449dd78bed923a49c7160e1886e987a3dMIThttpoisonpkg:hex/httpoison@1.8.01.8.0Automatic configurable sleep/retry for HTTPoison requests2f2cf49ecac6d1a73d0730b76673890dfd3df35123e83d521e0af7dff6db0cfbMIThttpoison_retrypkg:hex/httpoison_retry@1.1.01.1.0A static code analysis tool with a focus on code consistency and teaching.e8f422026f553bc3bebb81c8e8bf1932f498ca03339856c7fec63d3faac8424bMITcredopkg:hex/credo@1.5.51.5.5Elixir lexer for the Makeup syntax highlighter.4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfbBSDmakeup_elixirpkg:hex/makeup_elixir@0.14.10.14.1UUID generator and utilities for Elixir.e22fc04499de0de3ed1116b770c7737779f226ceefa0badb3592e64d5cfb4eb9Apache-2.0uuidpkg:hex/uuid@1.1.81.1.8A library to convert strings, atoms and map keys between `camelCase`, -`snake_case` and `kebab-case`.5a98b74ab8f7ddbad670e5c7bb39ff280e60699aa3b25c7062ceccf48137433cMITconv_casepkg:hex/conv_case@0.2.20.2.2A schema validator inspired by JSON Schema.f7ed52ec6600c2c30d7f452b0c331d3c77c4b6a3b72e6cf2877e986d6a386465MITxemapkg:hex/xema@0.13.80.13.8A JSON Schema validator for draft-04, -06, and -07.e76a0138030b13369151691b1ff0f6f3eabc9926f1e734356c0305302a5b7a65MITjson_xemapkg:hex/json_xema@0.6.00.6.0Erlang lexer for the Makeup syntax highlighter.3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65fBSDmakeup_erlangpkg:hex/makeup_erlang@0.1.10.1.1ExDoc is a documentation generation tool for Elixire4c26603830c1a2286dae45f4412a4d1980e1e89dc779fcd0181ed1d5a05c8d9Apache-2.0ex_docpkg:hex/ex_doc@0.24.20.24.2 \ No newline at end of file +extracted into this library.149d50dcb3a93d9f3d6f3ecf18c918fb5a2d3c001b5d3305c926cddfbd33355bApache-2.0earmark_parserpkg:hex/earmark_parser@1.4.291.4.29A file system change watcher wrapper based on [fs](https://github.com/synrc/fs)fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162dWTFPLfile_systempkg:hex/file_system@0.2.100.2.10An Elixir module to easily create and use temporary files and directories.2c78482cc2294020a4bc0c95950b907ff386523367d4e63308a252feffbea9f2MITtemppkg:hex/temp@0.4.70.4.7A simple interface to Git CLIa5422f9b95c99483385b976f5d43f7e8233283a47cda13533d7c16131cb14df5MITgit_clipkg:hex/git_cli@0.3.00.3.0A simple and fast library for text-based parser combinators32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263Apache-2.0nimble_parsecpkg:hex/nimble_parsec@0.6.00.6.0256 color ANSI coloring in the terminale2d4792f7bc0ced7583ab54922808919518d0e57ee162901a16a1b6664ef3b14MITbuntpkg:hex/bunt@0.2.10.2.1unicode_util compatibility library for Erlang < 20bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78Apache-2.0unicode_util_compatpkg:hex/unicode_util_compat@0.7.00.7.0A pure Erlang IDNA implementation8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8dMITidnapkg:hex/idna@6.1.16.1.1An incredibly fast, pure Elixir JSON librarybcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709aeCC0-1.0poisonpkg:hex/poison@4.0.14.0.1A blazing fast JSON parser and generator in pure Elixir.e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6Apache-2.0jasonpkg:hex/jason@1.4.01.4.0A simple yarn.lock parser73cef283a040f2188a1d8aa0821c88f0e494ee939bf766bd3a8ec69d483aa15fMITyarn_parserpkg:hex/yarn_parser@0.3.10.3.1Library to handle mimetypes67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3MITmimerlpkg:hex/mimerl@1.2.01.2.0SSL verification functions for Erlangcf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0MITssl_verify_funpkg:hex/ssl_verify_fun@1.1.61.1.6CA bundle adapted from Mozilla by https://certifi.io6f2a475689dd47f19fb74334859d460a2dc4e3252a3324bd2111b8f0429e7e21BSDcertifipkg:hex/certifi@2.9.02.9.0A static code analysis tool with a focus on code consistency and teaching.323f5734350fd23a456f2688b9430e7d517afb313fbd38671b8a4449798a7854MITcredopkg:hex/credo@1.6.71.6.7Syntax highlighter for source code in the style of Pygments.d5a830bc42c9800ce07dd97fa94669dfb93d3bf5fcf6ea7a0c67b2e0e4a7f26cBSDmakeuppkg:hex/makeup@1.0.51.0.5Elixir lexer for the Makeup syntax highlighter.4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfbBSDmakeup_elixirpkg:hex/makeup_elixir@0.14.10.14.1Erlang lexer for the Makeup syntax highlighter.3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65fBSDmakeup_erlangpkg:hex/makeup_erlang@0.1.10.1.1ExDoc is a documentation generation tool for Elixir4a1cb903ce746aceef9c1f9ae8a6c12b742a5461e6959b9d3b24d813ffbea146Apache-2.0ex_docpkg:hex/ex_doc@0.29.00.29.0Parse transform library16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8Apache-2.0parse_transpkg:hex/parse_trans@3.3.13.3.1A generic interface to different metrics systems in Erlang.25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486BSDmetricspkg:hex/metrics@1.0.11.0.1simple HTTP clientf48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6Apache-2.0hackneypkg:hex/hackney@1.18.11.18.1cpe:2.3:a:kbrw:sweet_xml:0.7.3:*:*:*:*:*:*:*A sweet wrapper of :xmerl to help query XML docsdebb256781c75ff6a8c5cbf7981146312b66f044a2898f453709a53e5031b45bMITsweet_xmlpkg:hex/sweet_xml@0.7.30.7.3Yet Another HTTP client for Elixir powered by hackney9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290MIThttpoisonpkg:hex/httpoison@1.8.21.8.2Automatic configurable sleep/retry for HTTPoison requests2f2cf49ecac6d1a73d0730b76673890dfd3df35123e83d521e0af7dff6db0cfbMIThttpoison_retrypkg:hex/httpoison_retry@1.1.01.1.0UUID generator and utilities for Elixir.e22fc04499de0de3ed1116b770c7737779f226ceefa0badb3592e64d5cfb4eb9Apache-2.0uuidpkg:hex/uuid@1.1.81.1.8A library to convert strings, atoms and map keys between `camelCase`, +`snake_case` and `kebab-case`.c1455c27d3c1ffcdd5f17f1e91f40b8a0bc0a337805a6e8302f441af17118ed8MITconv_casepkg:hex/conv_case@0.2.30.2.3A schema validator inspired by JSON Schema.982e397ce0af55cdf1c6bf9c5ee6e20c5ea4a24e58e5266339cfff0dadbfa01eMITxemapkg:hex/xema@0.17.00.17.0A JSON Schema validator for draft-04, -06, and -07.3681272f0c0332b1ac43165d6617143b418cb4e0ccde42ac5ec3681c0d426802MITjson_xemapkg:hex/json_xema@0.6.10.6.1 \ No newline at end of file diff --git a/mix.exs b/mix.exs index 9f61334..a8ea227 100644 --- a/mix.exs +++ b/mix.exs @@ -9,7 +9,7 @@ defmodule GithubModule.MixProject do [ app: :lowendinsight, description: description(), - version: "0.7.0", + version: "0.7.1", elixir: "~> 1.12", start_permanent: Mix.env() == :prod, deps: deps(), @@ -45,7 +45,8 @@ defmodule GithubModule.MixProject do {:temp, "~> 0.4"}, {:excoveralls, "~> 0.14", only: :test}, {:yarn_parser, "~> 0.3"}, - {:sweet_xml, "~> 0.7.1"} + {:sweet_xml, "~> 0.7.1"}, + {:sbom, "~> 0.6", only: :dev, runtime: false} ] end @@ -59,7 +60,7 @@ defmodule GithubModule.MixProject do defp package() do [ - licenses: ["BSD-3"], + licenses: ["BSD-3-Clause"], links: links() ] end diff --git a/mix.lock b/mix.lock index b726b63..5817187 100644 --- a/mix.lock +++ b/mix.lock @@ -23,6 +23,7 @@ "nimble_parsec": {:hex, :nimble_parsec, "0.6.0", "32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263", [:mix], [], "hexpm", "27eac315a94909d4dc68bc07a4a83e06c8379237c5ea528a9acff4ca1c873c52"}, "parse_trans": {:hex, :parse_trans, "3.3.1", "16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8", [:rebar3], [], "hexpm", "07cd9577885f56362d414e8c4c4e6bdf10d43a8767abb92d24cbe8b24c54888b"}, "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"}, + "sbom": {:hex, :sbom, "0.6.2", "bddb622a2590a01830e4e0b581fa3139ee7f06a9ef55e84a08eb3059b970b3de", [:mix], [], "hexpm", "c14c44d43895cf46a3ebe8236b755273bd2aa1ba1b84feb5403e20e6b53cfe40"}, "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"}, "sweet_xml": {:hex, :sweet_xml, "0.7.3", "debb256781c75ff6a8c5cbf7981146312b66f044a2898f453709a53e5031b45b", [:mix], [], "hexpm", "e110c867a1b3fe74bfc7dd9893aa851f0eed5518d0d7cad76d7baafd30e4f5ba"}, "temp": {:hex, :temp, "0.4.7", "2c78482cc2294020a4bc0c95950b907ff386523367d4e63308a252feffbea9f2", [:mix], [], "hexpm", "6af19e7d6a85a427478be1021574d1ae2a1e1b90882586f06bde76c63cd03e0d"}, From bee56704c868c1bf1c232b54ec35eb946bfc85b3 Mon Sep 17 00:00:00 2001 From: Kit Plummer Date: Sat, 12 Nov 2022 18:34:08 -0500 Subject: [PATCH 2/3] update: Dockerfile for 1.14.1 and Alpine 3.16 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 500aaba..3a3131e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -ARG ALPINE_VERSION=3.10 +ARG ALPINE_VERSION=3.16 -FROM elixir:1.9.4-alpine AS builder +FROM elixir:1.14.1-alpine AS builder ARG MIX_ENV=gha From ef6aa850731a48e248128070b829534adf53674e Mon Sep 17 00:00:00 2001 From: Kit Plummer Date: Sun, 13 Nov 2022 10:09:41 -0500 Subject: [PATCH 3/3] update: tests to match reality --- config/config.exs | 2 +- test/mix_scan_test.exs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/config.exs b/config/config.exs index 629a0d7..79c3dda 100644 --- a/config/config.exs +++ b/config/config.exs @@ -4,5 +4,5 @@ import Config -config :logger, :console, format: "kp: $time $metadata[$level] $message\n" +config :logger, :console, format: "lei: $time $metadata[$level] $message\n" import_config "#{Mix.env()}.exs" diff --git a/test/mix_scan_test.exs b/test/mix_scan_test.exs index cacf188..9f17db5 100644 --- a/test/mix_scan_test.exs +++ b/test/mix_scan_test.exs @@ -15,8 +15,8 @@ defmodule Mix.Tasks.ScanTest do assert_received {:mix_shell, :info, [report]} report_data = Poison.decode!(report) - assert 33 == report_data["metadata"]["repo_count"] - assert 13 == report_data["metadata"]["dependency_count"] + assert 34 == report_data["metadata"]["repo_count"] + assert 14 == report_data["metadata"]["dependency_count"] end end