From 3ea6a03cd060096fd67841759008bb2efc215371 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 15:25:43 +0000 Subject: [PATCH] chore(deps): bump the go-minor-patch group with 3 updates (#4524) * chore(deps): bump the go-minor-patch group with 3 updates Bumps the go-minor-patch group with 3 updates: [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema). Updates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0) Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4) Updates `github.com/invopop/jsonschema` from 0.7.0 to 0.13.0 - [Commits](https://github.com/invopop/jsonschema/compare/v0.7.0...v0.13.0) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/invopop/jsonschema dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch ... Signed-off-by: dependabot[bot] * port breaking jsonschema lib changes Signed-off-by: Alex Goodman * regenerate the existing json schema with new generation code Signed-off-by: Alex Goodman --------- Signed-off-by: dependabot[bot] Signed-off-by: Alex Goodman Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alex Goodman --- .gitignore | 1 + go.mod | 11 +- go.sum | 23 ++-- .../internal/load_capabilities.go | 3 + internal/jsonschema/comments.go | 9 +- internal/jsonschema/comments_test.go | 6 +- internal/jsonschema/main.go | 12 +- schema/json/schema-16.1.2.json | 117 +++++++----------- schema/json/schema-latest.json | 117 +++++++----------- 9 files changed, 127 insertions(+), 172 deletions(-) diff --git a/.gitignore b/.gitignore index 24cb7b770..b6c7119f6 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ bin/ /.task /generate /specs +mise.toml # changelog generation CHANGELOG.md diff --git a/go.mod b/go.mod index 18fcab5df..16a112f9c 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/anchore/syft go 1.24.6 require ( - github.com/BurntSushi/toml v1.5.0 + github.com/BurntSushi/toml v1.6.0 github.com/CycloneDX/cyclonedx-go v0.9.3 github.com/Masterminds/semver/v3 v3.4.0 github.com/Masterminds/sprig/v3 v3.3.0 @@ -42,7 +42,7 @@ require ( github.com/github/go-spdx/v2 v2.3.5 github.com/gkampitakis/go-snaps v0.5.19 github.com/go-git/go-billy/v5 v5.7.0 - github.com/go-git/go-git/v5 v5.16.3 + github.com/go-git/go-git/v5 v5.16.4 github.com/go-test/deep v1.1.1 github.com/go-viper/mapstructure/v2 v2.4.0 github.com/gohugoio/hashstructure v0.6.0 @@ -56,7 +56,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/hcl/v2 v2.24.0 github.com/iancoleman/strcase v0.3.0 - github.com/invopop/jsonschema v0.7.0 + github.com/invopop/jsonschema v0.13.0 github.com/jedib0t/go-pretty/v6 v6.7.8 github.com/jinzhu/copier v0.4.0 github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 @@ -174,7 +174,6 @@ require ( github.com/hashicorp/go-version v1.8.0 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect github.com/huandu/xstrings v1.5.0 // indirect - github.com/iancoleman/orderedmap v0.3.0 github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect @@ -282,6 +281,7 @@ require ( require ( github.com/cespare/xxhash/v2 v2.3.0 github.com/gpustack/gguf-parser-go v0.22.1 + github.com/wk8/go-ordered-map/v2 v2.1.8 ) require ( @@ -310,6 +310,8 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect github.com/aws/smithy-go v1.24.0 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect + github.com/buger/jsonparser v1.1.1 // indirect github.com/clipperhouse/displaywidth v0.6.0 // indirect github.com/clipperhouse/stringish v0.1.1 // indirect github.com/clipperhouse/uax29/v2 v2.3.0 // indirect @@ -320,6 +322,7 @@ require ( github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.70 // indirect github.com/henvic/httpretty v0.1.4 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/nwaples/rardecode/v2 v2.2.0 // indirect diff --git a/go.sum b/go.sum index 56836a5d6..6daf6a7e6 100644 --- a/go.sum +++ b/go.sum @@ -80,8 +80,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.9.3 h1:Pyk/lwavPz7AaZNvugKFkdWOm93MzaIyWmBwmBo3aUI= github.com/CycloneDX/cyclonedx-go v0.9.3/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg= @@ -219,6 +219,8 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiE github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8= github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA= github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -241,6 +243,8 @@ github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4= github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -434,8 +438,8 @@ github.com/go-git/go-billy/v5 v5.7.0 h1:83lBUJhGWhYp0ngzCMSgllhUSuoHP1iEWYjsPl9n github.com/go-git/go-billy/v5 v5.7.0/go.mod h1:/1IUejTKH8xipsAcdfcSAlUlo2J7lkYV8GTKxAT/L3E= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8= -github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= +github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y= +github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -625,9 +629,6 @@ github.com/henvic/httpretty v0.1.4 h1:Jo7uwIRWVFxkqOnErcoYfH90o3ddQyVrSANeS4cxYm github.com/henvic/httpretty v0.1.4/go.mod h1:Dn60sQTZfbt2dYsdUSNsCljyF4AfdqnuJFDLJA1I4AM= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= -github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc= -github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -638,8 +639,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1: github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/invopop/jsonschema v0.7.0 h1:2vgQcBz1n256N+FpX3Jq7Y17AjYt46Ig3zIWyy770So= -github.com/invopop/jsonschema v0.7.0/go.mod h1:O9uiLokuu0+MGFlyiaqtWxwqJm41/+8Nj0lD7A36YH0= +github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E= +github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc8sr5o= @@ -690,6 +691,7 @@ github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc8 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE= github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= @@ -927,7 +929,6 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v0.0.0-20161117074351-18a02ba4a312/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -972,6 +973,8 @@ github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 h1:jIVmlAFIq github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651/go.mod h1:b26F2tHLqaoRQf8DywqzVaV1MQ9yvjb0OMcNl7Nxu20= github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 h1:0KGbf+0SMg+UFy4e1A/CPVvXn21f1qtWdeJwxZFoQG8= github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= diff --git a/internal/capabilities/internal/load_capabilities.go b/internal/capabilities/internal/load_capabilities.go index 583e49165..43c12be27 100644 --- a/internal/capabilities/internal/load_capabilities.go +++ b/internal/capabilities/internal/load_capabilities.go @@ -45,6 +45,9 @@ func LoadCapabilities(catalogerDir, repoRoot string) (*capabilities.Document, ma Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"` } if err := yaml.Unmarshal(data, &doc); err != nil { + fmt.Printf("\n=== DEBUG: YAML Parse Error in %s ===\n", file) + fmt.Printf("Error: %v\n\n", err) + fmt.Printf("=== FULL FILE CONTENT ===\n%s\n=== END FILE ===\n", string(data)) return nil, nil, fmt.Errorf("failed to parse %s into struct: %w", file, err) } diff --git a/internal/jsonschema/comments.go b/internal/jsonschema/comments.go index 0a2b08df6..ebb78a1c3 100644 --- a/internal/jsonschema/comments.go +++ b/internal/jsonschema/comments.go @@ -110,12 +110,9 @@ func warnMissingDescriptions(schema *jsonschema.Schema, metadataNames []string) // check if fields have descriptions if def.Properties != nil { - for _, fieldName := range def.Properties.Keys() { - fieldSchemaRaw, _ := def.Properties.Get(fieldName) - fieldSchema, ok := fieldSchemaRaw.(*jsonschema.Schema) - if !ok { - continue - } + for pair := def.Properties.Newest(); pair != nil; pair = pair.Prev() { + fieldName := pair.Key + fieldSchema := pair.Value // skip if field has a description if fieldSchema.Description != "" { diff --git a/internal/jsonschema/comments_test.go b/internal/jsonschema/comments_test.go index 2d0f4fa2c..b489fbde4 100644 --- a/internal/jsonschema/comments_test.go +++ b/internal/jsonschema/comments_test.go @@ -5,10 +5,10 @@ import ( "path/filepath" "testing" - "github.com/iancoleman/orderedmap" "github.com/invopop/jsonschema" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + orderedmap "github.com/wk8/go-ordered-map/v2" ) // TestCopyAliasFieldComments verifies that field comments from source types are correctly copied to alias types. @@ -373,8 +373,8 @@ func TestWarnMissingDescriptions(t *testing.T) { } // helper to create an ordered map from a regular map -func newOrderedMap(m map[string]*jsonschema.Schema) *orderedmap.OrderedMap { - om := orderedmap.New() +func newOrderedMap(m map[string]*jsonschema.Schema) *orderedmap.OrderedMap[string, *jsonschema.Schema] { + om := orderedmap.New[string, *jsonschema.Schema]() for k, v := range m { om.Set(k, v) } diff --git a/internal/jsonschema/main.go b/internal/jsonschema/main.go index 9f3f19d35..62a100410 100644 --- a/internal/jsonschema/main.go +++ b/internal/jsonschema/main.go @@ -158,20 +158,18 @@ func build() *jsonschema.Schema { // ensure the generated list of names is stable between runs sort.Strings(metadataNames) - metadataTypes := []map[string]string{ + metadataTypes := []*jsonschema.Schema{ // allow for no metadata to be provided - {"type": "null"}, + {Type: "null"}, } for _, name := range metadataNames { - metadataTypes = append(metadataTypes, map[string]string{ - "$ref": fmt.Sprintf("#/$defs/%s", name), + metadataTypes = append(metadataTypes, &jsonschema.Schema{ + Ref: fmt.Sprintf("#/$defs/%s", name), }) } // set the "anyOf" field for Package.Metadata to be a conjunction of several types - documentSchema.Definitions["Package"].Properties.Set("metadata", map[string][]map[string]string{ - "anyOf": metadataTypes, - }) + documentSchema.Definitions["Package"].Properties.Set("metadata", &jsonschema.Schema{AnyOf: metadataTypes}) // warn about missing descriptions warnMissingDescriptions(documentSchema, metadataNames) diff --git a/schema/json/schema-16.1.2.json b/schema/json/schema-16.1.2.json index ed2ebee78..7f49453fd 100644 --- a/schema/json/schema-16.1.2.json +++ b/schema/json/schema-16.1.2.json @@ -793,7 +793,8 @@ "items": { "$ref": "#/$defs/Package" }, - "type": "array" + "type": "array", + "description": "Artifacts is the list of packages discovered and placed into the catalog" }, "artifactRelationships": { "items": { @@ -805,19 +806,24 @@ "items": { "$ref": "#/$defs/File" }, - "type": "array" + "type": "array", + "description": "note: must have omitempty" }, "source": { - "$ref": "#/$defs/Source" + "$ref": "#/$defs/Source", + "description": "Source represents the original object that was cataloged" }, "distro": { - "$ref": "#/$defs/LinuxRelease" + "$ref": "#/$defs/LinuxRelease", + "description": "Distro represents the Linux distribution that was detected from the source" }, "descriptor": { - "$ref": "#/$defs/Descriptor" + "$ref": "#/$defs/Descriptor", + "description": "Descriptor is a block containing self-describing information about syft" }, "schema": { - "$ref": "#/$defs/Schema" + "$ref": "#/$defs/Schema", + "description": "Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape" } }, "type": "object", @@ -858,10 +864,8 @@ "description": "Type is type of entry could be package or project for internal refs" }, "executables": { - "patternProperties": { - ".*": { - "$ref": "#/$defs/DotnetPortableExecutableEntry" - } + "additionalProperties": { + "$ref": "#/$defs/DotnetPortableExecutableEntry" }, "type": "object", "description": "Executables are the map of .NET Portable Executable files within this package with their version resources" @@ -1797,10 +1801,8 @@ "description": "Scope is dependency scope determining when dependency is available (compile=default all phases, test=test compilation/execution only, runtime=runtime and test not compile, provided=expected from JDK or container)" }, "extraFields": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Extra is additional custom properties not in standard Maven coordinates" @@ -1963,10 +1965,8 @@ "description": "Integrity is Subresource Integrity hash for verification using standard SRI format (sha512-... or sha1-...). npm changed from SHA-1 to SHA-512 in newer versions. For registry sources this is the integrity from registry, for remote tarballs it's SHA-512 of the file. npm verifies tarball matches this hash before unpacking, throwing EINTEGRITY error if mismatch detected." }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their version markers, i.e. \"lodash\": \"^1.0.0\"" @@ -1987,10 +1987,8 @@ "description": "Resolution is the resolution information for the package" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their versions" @@ -2014,10 +2012,8 @@ "description": "Integrity is Subresource Integrity hash for verification (SRI format)" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their versions" @@ -2193,10 +2189,8 @@ "description": "VersionMagic is version magic string for compatibility checking (includes kernel version, SMP status, module loading capabilities like \"3.17.4-302.fc21.x86_64 SMP mod_unload modversions\"). Module will NOT load if vermagic doesn't match running kernel." }, "parameters": { - "patternProperties": { - ".*": { - "$ref": "#/$defs/LinuxKernelModuleParameter" - } + "additionalProperties": { + "$ref": "#/$defs/LinuxKernelModuleParameter" }, "type": "object", "description": "Parameters are the module parameters that can be configured at load time (user-settable values like module options)" @@ -2316,12 +2310,11 @@ "description": "AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)" }, "annotations": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, - "type": "object" + "type": "object", + "description": "Arbitrary key-value pairs that can be used to annotate a location" } }, "type": "object", @@ -2358,10 +2351,8 @@ "description": "URL is the source download URL" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies are the map of dependency names to version constraints" @@ -2856,37 +2847,29 @@ "description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code." }, "require": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)" }, "provide": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)" }, "require-dev": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)" }, "suggest": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)" @@ -2968,37 +2951,29 @@ "description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code." }, "require": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)" }, "provide": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)" }, "require-dev": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)" }, "suggest": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)" diff --git a/schema/json/schema-latest.json b/schema/json/schema-latest.json index ed2ebee78..7f49453fd 100644 --- a/schema/json/schema-latest.json +++ b/schema/json/schema-latest.json @@ -793,7 +793,8 @@ "items": { "$ref": "#/$defs/Package" }, - "type": "array" + "type": "array", + "description": "Artifacts is the list of packages discovered and placed into the catalog" }, "artifactRelationships": { "items": { @@ -805,19 +806,24 @@ "items": { "$ref": "#/$defs/File" }, - "type": "array" + "type": "array", + "description": "note: must have omitempty" }, "source": { - "$ref": "#/$defs/Source" + "$ref": "#/$defs/Source", + "description": "Source represents the original object that was cataloged" }, "distro": { - "$ref": "#/$defs/LinuxRelease" + "$ref": "#/$defs/LinuxRelease", + "description": "Distro represents the Linux distribution that was detected from the source" }, "descriptor": { - "$ref": "#/$defs/Descriptor" + "$ref": "#/$defs/Descriptor", + "description": "Descriptor is a block containing self-describing information about syft" }, "schema": { - "$ref": "#/$defs/Schema" + "$ref": "#/$defs/Schema", + "description": "Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape" } }, "type": "object", @@ -858,10 +864,8 @@ "description": "Type is type of entry could be package or project for internal refs" }, "executables": { - "patternProperties": { - ".*": { - "$ref": "#/$defs/DotnetPortableExecutableEntry" - } + "additionalProperties": { + "$ref": "#/$defs/DotnetPortableExecutableEntry" }, "type": "object", "description": "Executables are the map of .NET Portable Executable files within this package with their version resources" @@ -1797,10 +1801,8 @@ "description": "Scope is dependency scope determining when dependency is available (compile=default all phases, test=test compilation/execution only, runtime=runtime and test not compile, provided=expected from JDK or container)" }, "extraFields": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Extra is additional custom properties not in standard Maven coordinates" @@ -1963,10 +1965,8 @@ "description": "Integrity is Subresource Integrity hash for verification using standard SRI format (sha512-... or sha1-...). npm changed from SHA-1 to SHA-512 in newer versions. For registry sources this is the integrity from registry, for remote tarballs it's SHA-512 of the file. npm verifies tarball matches this hash before unpacking, throwing EINTEGRITY error if mismatch detected." }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their version markers, i.e. \"lodash\": \"^1.0.0\"" @@ -1987,10 +1987,8 @@ "description": "Resolution is the resolution information for the package" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their versions" @@ -2014,10 +2012,8 @@ "description": "Integrity is Subresource Integrity hash for verification (SRI format)" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies is a map of dependencies and their versions" @@ -2193,10 +2189,8 @@ "description": "VersionMagic is version magic string for compatibility checking (includes kernel version, SMP status, module loading capabilities like \"3.17.4-302.fc21.x86_64 SMP mod_unload modversions\"). Module will NOT load if vermagic doesn't match running kernel." }, "parameters": { - "patternProperties": { - ".*": { - "$ref": "#/$defs/LinuxKernelModuleParameter" - } + "additionalProperties": { + "$ref": "#/$defs/LinuxKernelModuleParameter" }, "type": "object", "description": "Parameters are the module parameters that can be configured at load time (user-settable values like module options)" @@ -2316,12 +2310,11 @@ "description": "AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)" }, "annotations": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, - "type": "object" + "type": "object", + "description": "Arbitrary key-value pairs that can be used to annotate a location" } }, "type": "object", @@ -2358,10 +2351,8 @@ "description": "URL is the source download URL" }, "dependencies": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Dependencies are the map of dependency names to version constraints" @@ -2856,37 +2847,29 @@ "description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code." }, "require": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)" }, "provide": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)" }, "require-dev": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)" }, "suggest": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)" @@ -2968,37 +2951,29 @@ "description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code." }, "require": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)" }, "provide": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)" }, "require-dev": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)" }, "suggest": { - "patternProperties": { - ".*": { - "type": "string" - } + "additionalProperties": { + "type": "string" }, "type": "object", "description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)"