CycloneDX/cdxgen

Generates BOM with duplicate dependencies.dependsOn

Closed this issue · 0 comments

marob commented

Similar to #1419, there is sometimes duplication in dependencies.dependsOn.
Here is an example of error that I encountered:

[
  {
    instancePath: '/dependencies/1302/dependsOn',
    schemaPath: '#/properties/dependsOn/uniqueItems',
    keyword: 'uniqueItems',
    params: { i: 106, j: 103 },
    message: 'must NOT have duplicate items (items ## 103 and 106 are identical)',
    schema: true,
    parentSchema: {
      type: 'array',
      uniqueItems: true,
      items: [Object],
      title: 'Depends On',
      description: 'The bom-ref identifiers of the components or services that are dependencies of this dependency object.'
    },
    data: [
      ...,
      "pkg:composer/psr/log@3.0.2",
      "pkg:composer/symfony/dom-crawler@v6.4.12",
      "pkg:composer/symfony/dotenv@v6.4.3",
      "pkg:composer/webmozart/assert@1.11.0",
      "pkg:composer/symfony/dom-crawler@v6.4.12"
    ]
  }
]

Indeed, we can see pkg:composer/symfony/dom-crawler@v6.4.12 twice.