Skip to content

fix: lossless flattening of dependency graph during JSON serialization #993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jkowalleck merged 31 commits into from
Jun 11, 2026
Merged

fix: lossless flattening of dependency graph during JSON serialization #993

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
6ee1f23
Add test example for issue 941
stefan6419846 Mar 5, 2026
ca1946f
Merge branch 'main' into issue941-test
jkowalleck Jun 4, 2026
0993a4c
Merge branch 'main' into issue941-test
jkowalleck Jun 8, 2026
a26899c
wip: deps flatten
jkowalleck Jun 8, 2026
e1b4ab9
fix: json flatten dep graph
jkowalleck Jun 8, 2026
3af721b
refactor
jkowalleck Jun 8, 2026
de53cf8
refactor
jkowalleck Jun 8, 2026
70327bc
fix: json flatten and merge dep graph
jkowalleck Jun 8, 2026
293bd75
tests
jkowalleck Jun 8, 2026
bda96aa
wip
jkowalleck Jun 9, 2026
ab738f1
wip
jkowalleck Jun 9, 2026
6b3894d
wip
jkowalleck Jun 10, 2026
24a06b7
wip
jkowalleck Jun 10, 2026
6223670
wip
jkowalleck Jun 10, 2026
6da7563
docs
jkowalleck Jun 10, 2026
265c4d8
tests
jkowalleck Jun 10, 2026
811127c
tests
jkowalleck Jun 10, 2026
c6ff130
tests
jkowalleck Jun 10, 2026
7180274
tests
jkowalleck Jun 10, 2026
649e265
wip
jkowalleck Jun 10, 2026
dadcd0b
wip
jkowalleck Jun 10, 2026
a208fec
wip
jkowalleck Jun 10, 2026
1afafac
tidy
jkowalleck Jun 10, 2026
fd89a41
Merge remote-tracking branch 'origin/main' into fix/dependencygraph-f…
jkowalleck Jun 11, 2026
b3e3e62
docs
jkowalleck Jun 11, 2026
3441d97
docs
jkowalleck Jun 11, 2026
896771e
wip
jkowalleck Jun 11, 2026
4663019
docs
jkowalleck Jun 11, 2026
5eb3397
Merge remote-tracking branch 'origin/main' into fix/dependencygraph-f…
jkowalleck Jun 11, 2026
1e9b399
Merge remote-tracking branch 'origin/main' into fix/dependencygraph-f…
jkowalleck Jun 11, 2026
76f1830
Merge remote-tracking branch 'origin/main' into fix/dependencygraph-f…
jkowalleck Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions cyclonedx/output/json.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
from json import dumps as json_dumps, loads as json_loads
from typing import TYPE_CHECKING, Any, Literal, Optional, Union

from ..contrib.bom.utils import BomRefDiscriminator
from ..contrib.bom.utils import BomDependencyGraphFlatMerger, BomRefDiscriminator
from ..exception.output import FormatNotSupportedException
from ..schema import OutputFormat, SchemaVersion
from ..schema.schema import (
Expand Down Expand Up @@ -72,9 +72,10 @@ def generate(self, force_regeneration: bool = False) -> None:
bom = self.get_bom()
bom.validate()
with BomRefDiscriminator.from_bom(bom):
bom_json: dict[str, Any] = json_loads(
bom.as_json( # type:ignore[attr-defined]
view_=_view))
with BomDependencyGraphFlatMerger(bom):
bom_json: dict[str, Any] = json_loads(
bom.as_json( # type:ignore[attr-defined]
view_=_view))
Comment thread
jkowalleck marked this conversation as resolved.
bom_json.update(_json_core)
self._bom_json = bom_json
self.generated = True
Expand Down
72 changes: 72 additions & 0 deletions tests/_data/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1589,6 +1589,78 @@ def get_bom_for_issue540_duplicate_components() -> Bom:
bom.register_dependency(component1, [component3])
return bom


def get_bom_for_issue941_nested_dependencies_irreversible_migrate() -> Bom:
bom = _make_bom()
bom.metadata.component = root_component = Component(
name='myApp',
type=ComponentType.APPLICATION,
bom_ref='myApp'
)

component1 = Component(
type=ComponentType.LIBRARY,
name='some-library',
bom_ref='some-library1'
)
bom.components.add(component1)

component2 = Component(
type=ComponentType.LIBRARY,
name='some-library',
bom_ref='some-library2'
)
bom.components.add(component2)

component3 = Component(
type=ComponentType.LIBRARY,
name='some-other-library',
bom_ref='some-library3'
)
bom.components.add(component3)

component4 = Component(
type=ComponentType.LIBRARY,
name='some-other-library',
bom_ref='some-library4'
)
bom.components.add(component4)

bom.dependencies.add(
Dependency(
root_component.bom_ref,
dependencies=[
Dependency(
component1.bom_ref,
dependencies=[
Dependency(
component2.bom_ref,
dependencies=[
Dependency(component3.bom_ref),
]
),
]
),
Dependency(
component2.bom_ref,
dependencies=[
Dependency(component4.bom_ref),
]
),
]
)
)
bom.dependencies.add(
Dependency(
component3.bom_ref,
dependencies=[
Dependency(component4.bom_ref),
]
)
)

return bom

# ---


Expand Down
25 changes: 25 additions & 0 deletions ..._data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.0.xml.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
<components>
<component type="library">
<name>some-library</name>
<version/>
<modified>false</modified>
</component>
<component type="library">
<name>some-library</name>
<version/>
<modified>false</modified>
</component>
<component type="library">
<name>some-other-library</name>
<version/>
<modified>false</modified>
</component>
<component type="library">
<name>some-other-library</name>
<version/>
<modified>false</modified>
</component>
</components>
</bom>
21 changes: 21 additions & 0 deletions ..._data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.1.xml.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
<components>
<component type="library" bom-ref="some-library1">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library2">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library3">
<name>some-other-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library4">
<name>some-other-library</name>
<version/>
</component>
</components>
</bom>
73 changes: 73 additions & 0 deletions ...data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.2.json.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"components": [
{
"bom-ref": "some-library1",
"name": "some-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library2",
"name": "some-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library3",
"name": "some-other-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library4",
"name": "some-other-library",
"type": "library",
"version": ""
}
],
"dependencies": [
{
"dependsOn": [
"some-library1",
"some-library2"
],
"ref": "myApp"
},
{
"dependsOn": [
"some-library2"
],
"ref": "some-library1"
},
{
"dependsOn": [
"some-library3",
"some-library4"
],
"ref": "some-library2"
},
{
"dependsOn": [
"some-library4"
],
"ref": "some-library3"
},
{
"ref": "some-library4"
}
],
"metadata": {
"component": {
"bom-ref": "myApp",
"name": "myApp",
"type": "application",
"version": ""
},
"timestamp": "2023-01-07T13:44:32.312678+00:00"
},
"serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
"version": 1,
"$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.2"
}
46 changes: 46 additions & 0 deletions ..._data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.2.xml.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.2" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
<metadata>
<timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
<component type="application" bom-ref="myApp">
<name>myApp</name>
<version/>
</component>
</metadata>
<components>
<component type="library" bom-ref="some-library1">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library2">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library3">
<name>some-other-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library4">
<name>some-other-library</name>
<version/>
</component>
</components>
<dependencies>
<dependency ref="myApp">
<dependency ref="some-library1">
<dependency ref="some-library2">
<dependency ref="some-library3"/>
</dependency>
</dependency>
<dependency ref="some-library2">
<dependency ref="some-library4"/>
</dependency>
</dependency>
<dependency ref="some-library1"/>
<dependency ref="some-library2"/>
<dependency ref="some-library3">
<dependency ref="some-library4"/>
</dependency>
<dependency ref="some-library4"/>
</dependencies>
</bom>
73 changes: 73 additions & 0 deletions ...data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.3.json.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"components": [
{
"bom-ref": "some-library1",
"name": "some-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library2",
"name": "some-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library3",
"name": "some-other-library",
"type": "library",
"version": ""
},
{
"bom-ref": "some-library4",
"name": "some-other-library",
"type": "library",
"version": ""
}
],
"dependencies": [
{
"dependsOn": [
"some-library1",
"some-library2"
],
"ref": "myApp"
},
{
"dependsOn": [
"some-library2"
],
"ref": "some-library1"
},
{
"dependsOn": [
"some-library3",
"some-library4"
],
"ref": "some-library2"
},
{
"dependsOn": [
"some-library4"
],
"ref": "some-library3"
},
{
"ref": "some-library4"
}
],
"metadata": {
"component": {
"bom-ref": "myApp",
"name": "myApp",
"type": "application",
"version": ""
},
"timestamp": "2023-01-07T13:44:32.312678+00:00"
},
"serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
"version": 1,
"$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.3"
}
46 changes: 46 additions & 0 deletions ..._data/snapshots/get_bom_for_issue941_nested_dependencies_irreversible_migrate-1.3.xml.bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.3" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
<metadata>
<timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
<component type="application" bom-ref="myApp">
<name>myApp</name>
<version/>
</component>
</metadata>
<components>
<component type="library" bom-ref="some-library1">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library2">
<name>some-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library3">
<name>some-other-library</name>
<version/>
</component>
<component type="library" bom-ref="some-library4">
<name>some-other-library</name>
<version/>
</component>
</components>
<dependencies>
<dependency ref="myApp">
<dependency ref="some-library1">
<dependency ref="some-library2">
<dependency ref="some-library3"/>
</dependency>
</dependency>
<dependency ref="some-library2">
<dependency ref="some-library4"/>
</dependency>
</dependency>
<dependency ref="some-library1"/>
<dependency ref="some-library2"/>
<dependency ref="some-library3">
<dependency ref="some-library4"/>
</dependency>
<dependency ref="some-library4"/>
</dependencies>
</bom>
Loading
Loading