diff --git a/examples/crane/flake.nix b/examples/crane/flake.nix index a04a8ce..25838ec 100644 --- a/examples/crane/flake.nix +++ b/examples/crane/flake.nix @@ -15,8 +15,17 @@ bombon.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, crane, flake-utils, bombon, ... }: - flake-utils.lib.eachDefaultSystem (system: + outputs = + { + self, + nixpkgs, + crane, + flake-utils, + bombon, + ... + }: + flake-utils.lib.eachDefaultSystem ( + system: let pkgs = nixpkgs.legacyPackages.${system}; @@ -33,11 +42,12 @@ ]; }; - my-crate = bombon.lib.${system}.passthruVendoredSbom.rust - (craneLib.buildPackage (commonArgs // { + my-crate = bombon.lib.${system}.passthruVendoredSbom.rust (craneLib.buildPackage ( + commonArgs + // { cargoArtifacts = craneLib.buildDepsOnly commonArgs; - })) - { inherit pkgs; }; + } + )) { inherit pkgs; }; in { checks = { @@ -55,5 +65,6 @@ # Inherit inputs from checks. checks = self.checks.${system}; }; - }); + } + ); } diff --git a/examples/flakes/flake.nix b/examples/flakes/flake.nix index cb18e05..38b3e62 100644 --- a/examples/flakes/flake.nix +++ b/examples/flakes/flake.nix @@ -5,7 +5,12 @@ bombon.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, bombon }: + outputs = + { + self, + nixpkgs, + bombon, + }: let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; diff --git a/flake.lock b/flake.lock index 31d4725..3744bb2 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -36,26 +36,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": [ - "systems" - ] - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -119,11 +99,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { @@ -135,7 +115,6 @@ "root": { "inputs": { "flake-parts": "flake-parts", - "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "systems": "systems" diff --git a/flake.nix b/flake.nix index 690d360..3b6c388 100644 --- a/flake.nix +++ b/flake.nix @@ -7,11 +7,6 @@ systems.url = "github:nix-systems/default"; - flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; - flake-parts = { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; @@ -26,99 +21,123 @@ }; - outputs = inputs@{ self, flake-parts, systems, ... }: flake-parts.lib.mkFlake { inherit inputs; } { - systems = import systems; - - imports = - let - # This is effectively just boilerplate to allow us to keep the `lib` - # output. - libOutputModule = { lib, ... }: flake-parts.lib.mkTransposedPerSystemModule { - name = "lib"; - option = lib.mkOption { - type = lib.types.lazyAttrsOf lib.types.anything; - default = { }; - }; - file = ""; + outputs = + inputs@{ + self, + flake-parts, + systems, + ... + }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = import systems; + + imports = + let + # This is effectively just boilerplate to allow us to keep the `lib` + # output. + libOutputModule = + { lib, ... }: + flake-parts.lib.mkTransposedPerSystemModule { + name = "lib"; + option = lib.mkOption { + type = lib.types.lazyAttrsOf lib.types.anything; + default = { }; + }; + file = ""; + }; + in + [ + inputs.pre-commit-hooks-nix.flakeModule + libOutputModule + ]; + + flake = { + templates.default = { + path = builtins.filterSource (path: type: baseNameOf path == "flake.nix") ./examples/flakes; + description = "Build a Bom for GNU hello"; }; - in - [ - inputs.pre-commit-hooks-nix.flakeModule - libOutputModule - ]; - - flake = { - templates.default = { - path = builtins.filterSource (path: type: baseNameOf path == "flake.nix") - ./examples/flakes; - description = "Build a Bom for GNU hello"; }; - }; - perSystem = { config, system, pkgs, lib, ... }: - let - bombon = import ./. { inherit pkgs; }; - inherit (bombon) transformer buildBom passthruVendoredSbom; - in - { - lib = { inherit buildBom passthruVendoredSbom; }; - - packages = { - # This is mostly here for development - inherit transformer; - default = transformer; - sbom = buildBom transformer { }; - }; + perSystem = + { + config, + system, + pkgs, + lib, + ... + }: + let + bombon = import ./. { inherit pkgs; }; + inherit (bombon) transformer buildBom passthruVendoredSbom; + in + { + lib = { + inherit buildBom passthruVendoredSbom; + }; - checks = { - clippy = transformer.overrideAttrs (_: previousAttrs: { - pname = previousAttrs.pname + "-clippy"; - nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.clippy ]; - checkPhase = "cargo clippy"; - }); - rustfmt = transformer.overrideAttrs (_: previousAttrs: { - pname = previousAttrs.pname + "-rustfmt"; - nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.rustfmt ]; - checkPhase = "cargo fmt --check"; - }); - } // import ./nix/tests { inherit pkgs buildBom passthruVendoredSbom; }; - - pre-commit = { - check.enable = true; - - settings = { - hooks = { - nixpkgs-fmt.enable = true; - typos.enable = true; - statix = { - enable = true; - settings.ignore = [ "sources.nix" ]; + packages = { + # This is mostly here for development + inherit transformer; + default = transformer; + sbom = buildBom transformer { }; + }; + + checks = { + clippy = transformer.overrideAttrs ( + _: previousAttrs: { + pname = previousAttrs.pname + "-clippy"; + nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.clippy ]; + checkPhase = "cargo clippy"; + } + ); + rustfmt = transformer.overrideAttrs ( + _: previousAttrs: { + pname = previousAttrs.pname + "-rustfmt"; + nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.rustfmt ]; + checkPhase = "cargo fmt --check"; + } + ); + } // import ./nix/tests { inherit pkgs buildBom passthruVendoredSbom; }; + + pre-commit = { + check.enable = true; + + settings = { + hooks = { + nixfmt-rfc-style = { + enable = true; + excludes = [ "sources.nix" ]; + }; + typos.enable = true; + statix = { + enable = true; + settings.ignore = [ "sources.nix" ]; + }; }; }; }; - }; - devShells.default = pkgs.mkShell { - shellHook = '' - ${config.pre-commit.installationScript} - ''; - - packages = [ - pkgs.niv - pkgs.clippy - pkgs.rustfmt - pkgs.cargo-machete - pkgs.cargo-edit - pkgs.cargo-bloat - pkgs.cargo-deny - pkgs.cargo-cyclonedx - ]; - - inputsFrom = [ transformer ]; - - RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; - }; + devShells.default = pkgs.mkShell { + shellHook = '' + ${config.pre-commit.installationScript} + ''; + + packages = [ + pkgs.niv + pkgs.clippy + pkgs.rustfmt + pkgs.cargo-machete + pkgs.cargo-edit + pkgs.cargo-bloat + pkgs.cargo-deny + pkgs.cargo-cyclonedx + ]; + + inputsFrom = [ transformer ]; + + RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; + }; - }; - }; + }; + }; } diff --git a/nix/build-bom.nix b/nix/build-bom.nix index 31ff36d..93f2da4 100644 --- a/nix/build-bom.nix +++ b/nix/build-bom.nix @@ -1,13 +1,16 @@ -{ lib -, runCommand -, transformer -, buildtimeDependencies -, runtimeDependencies +{ + lib, + runCommand, + transformer, + buildtimeDependencies, + runtimeDependencies, }: -drv: { extraPaths ? [ ] - , includeBuildtimeDependencies ? false - }: +drv: +{ + extraPaths ? [ ], + includeBuildtimeDependencies ? false, +}: let flags = lib.optionals includeBuildtimeDependencies [ @@ -21,4 +24,3 @@ runCommand "${drv.name}.cdx.json" { nativeBuildInputs = [ transformer ]; } '' ${runtimeDependencies drv extraPaths} \ $out '' - diff --git a/nix/buildtime-dependencies.nix b/nix/buildtime-dependencies.nix index 3e92a8c..00d33ce 100644 --- a/nix/buildtime-dependencies.nix +++ b/nix/buildtime-dependencies.nix @@ -1,7 +1,8 @@ -{ lib -, writeText -, runCommand -, jq +{ + lib, + writeText, + runCommand, + jq, }: let @@ -10,25 +11,28 @@ let # # Returns a list of all derivations that correspond to an output of the input # derivation. - drvOutputs = drv: - if builtins.hasAttr "outputs" drv - then map (output: drv.${output}) drv.outputs - else [ drv ]; + drvOutputs = + drv: if builtins.hasAttr "outputs" drv then map (output: drv.${output}) drv.outputs else [ drv ]; # Find the dependencies of a derivation via it's `drvAttrs`. # # Returns a list of all dependencies. - drvDeps = drv: lib.mapAttrsToList - (k: v: + drvDeps = + drv: + lib.mapAttrsToList ( + k: v: if lib.isDerivation v then (drvOutputs v) else if lib.isList v then lib.concatMap drvOutputs (lib.filter lib.isDerivation v) - else [ ] - ) - drv.drvAttrs; + else + [ ] + ) drv.drvAttrs; - wrap = drv: { key = drv.outPath; inherit drv; }; + wrap = drv: { + key = drv.outPath; + inherit drv; + }; # Walk through the whole DAG of dependencies, using the `outPath` as an # index for the elements. @@ -40,29 +44,42 @@ let # - drv: the actual derivation object. # # All outputs are included because they have different outPaths - buildtimeDerivations = drv0: builtins.genericClosure { - startSet = map wrap (drvOutputs drv0); - operator = item: map wrap (lib.concatLists (drvDeps item.drv)); - }; + buildtimeDerivations = + drv0: + builtins.genericClosure { + startSet = map wrap (drvOutputs drv0); + operator = item: map wrap (lib.concatLists (drvDeps item.drv)); + }; # Like lib.getAttrs but omit attrs that do not exist. - optionalGetAttrs = names: attrs: - lib.genAttrs (builtins.filter (x: lib.hasAttr x attrs) names) (name: attrs.${name}); + optionalGetAttrs = + names: attrs: lib.genAttrs (builtins.filter (x: lib.hasAttr x attrs) names) (name: attrs.${name}); # Retrieve only the required fields from a derivation. # # Also renames outPath so that builtins.toJSON actually emits JSON and not # only the nix store path. - fields = drv: - (optionalGetAttrs [ "name" "pname" "version" "meta" ] drv) // { + fields = + drv: + (optionalGetAttrs [ + "name" + "pname" + "version" + "meta" + ] drv) + // { path = drv.outPath; - } // lib.optionalAttrs (drv ? src && drv.src ? url) { - src = { - inherit (drv.src) url; - } // lib.optionalAttrs (drv.src ? outputHash) { - hash = drv.src.outputHash; - }; - } // lib.optionalAttrs (drv ? bombonVendoredSbom) { + } + // lib.optionalAttrs (drv ? src && drv.src ? url) { + src = + { + inherit (drv.src) url; + } + // lib.optionalAttrs (drv.src ? outputHash) { + hash = drv.src.outputHash; + }; + } + // lib.optionalAttrs (drv ? bombonVendoredSbom) { vendored_sbom = drv.bombonVendoredSbom.outPath; }; @@ -76,11 +93,9 @@ let allBuildtimeDerivations = lib.flatten (map buildtimeDerivations allDrvs); - unformattedJson = writeText - "${drv.name}-unformatted-buildtime-dependencies.json" - (builtins.toJSON - (map (item: (fields item.drv)) allBuildtimeDerivations) - ); + unformattedJson = writeText "${drv.name}-unformatted-buildtime-dependencies.json" ( + builtins.toJSON (map (item: (fields item.drv)) allBuildtimeDerivations) + ); in diff --git a/nix/packages/transformer.nix b/nix/packages/transformer.nix index e6b9605..843de2c 100644 --- a/nix/packages/transformer.nix +++ b/nix/packages/transformer.nix @@ -1,5 +1,6 @@ -{ lib -, rustPlatform +{ + lib, + rustPlatform, }: let @@ -9,7 +10,11 @@ rustPlatform.buildRustPackage { pname = cargoToml.package.name; inherit (cargoToml.package) version; - src = lib.sourceFilesBySuffices ../../rust/transformer [ ".rs" ".toml" ".lock" ]; + src = lib.sourceFilesBySuffices ../../rust/transformer [ + ".rs" + ".toml" + ".lock" + ]; cargoLock = { lockFile = ../../rust/transformer/Cargo.lock; diff --git a/nix/passthru-vendored.nix b/nix/passthru-vendored.nix index c792683..a9dc31a 100644 --- a/nix/passthru-vendored.nix +++ b/nix/passthru-vendored.nix @@ -6,26 +6,39 @@ # This could be done much more elegantly if `buildRustPackage` supported # finalAttrs. When https://github.com/NixOS/nixpkgs/pull/194475 lands, we can # most likely get rid of this. - rust = package: { pkgs, includeBuildtimeDependencies ? false }: package.overrideAttrs - (previousAttrs: { + rust = + package: + { + pkgs, + includeBuildtimeDependencies ? false, + }: + package.overrideAttrs (previousAttrs: { passthru = (previousAttrs.passthru or { }) // { bombonVendoredSbom = package.overrideAttrs (previousAttrs: { pname = previousAttrs.pname + "-bombon-vendored-sbom"; - nativeBuildInputs = (previousAttrs.nativeBuildInputs or [ ]) ++ [ pkgs.buildPackages.cargo-cyclonedx ]; + nativeBuildInputs = (previousAttrs.nativeBuildInputs or [ ]) ++ [ + pkgs.buildPackages.cargo-cyclonedx + ]; outputs = [ "out" ]; - phases = [ "unpackPhase" "patchPhase" "configurePhase" "buildPhase" "installPhase" ]; - - buildPhase = '' - cargo cyclonedx --spec-version 1.4 --format json --describe binaries --target ${pkgs.stdenv.hostPlatform.rust.rustcTarget} \ - '' - + pkgs.lib.optionalString - (builtins.hasAttr "buildNoDefaultFeatures" previousAttrs && previousAttrs.buildNoDefaultFeatures) - " --no-default-features" - + pkgs.lib.optionalString - (builtins.hasAttr "buildFeatures" previousAttrs && builtins.length previousAttrs.buildFeatures > 0) - (" --features " + builtins.concatStringsSep "," previousAttrs.buildFeatures) - + pkgs.lib.optionalString (!includeBuildtimeDependencies) " --no-build-deps" - ; + phases = [ + "unpackPhase" + "patchPhase" + "configurePhase" + "buildPhase" + "installPhase" + ]; + + buildPhase = + '' + cargo cyclonedx --spec-version 1.4 --format json --describe binaries --target ${pkgs.stdenv.hostPlatform.rust.rustcTarget} \ + '' + + pkgs.lib.optionalString ( + builtins.hasAttr "buildNoDefaultFeatures" previousAttrs && previousAttrs.buildNoDefaultFeatures + ) " --no-default-features" + + pkgs.lib.optionalString ( + builtins.hasAttr "buildFeatures" previousAttrs && builtins.length previousAttrs.buildFeatures > 0 + ) (" --features " + builtins.concatStringsSep "," previousAttrs.buildFeatures) + + pkgs.lib.optionalString (!includeBuildtimeDependencies) " --no-build-deps"; installPhase = '' mkdir -p $out diff --git a/nix/runtime-dependencies.nix b/nix/runtime-dependencies.nix index 4e132ea..8e65af8 100644 --- a/nix/runtime-dependencies.nix +++ b/nix/runtime-dependencies.nix @@ -1,7 +1,8 @@ # This is a wrapper around nixpkgs' closureInfo. It returns a newline # separated list of the store paths of drv's runtime dependencies. -{ runCommand -, closureInfo +{ + runCommand, + closureInfo, }: drv: extraPaths: diff --git a/nix/tests/default.nix b/nix/tests/default.nix index b1ca000..46c91d9 100644 --- a/nix/tests/default.nix +++ b/nix/tests/default.nix @@ -1,35 +1,90 @@ -{ pkgs -, buildBom -, passthruVendoredSbom +{ + pkgs, + buildBom, + passthruVendoredSbom, }: let rustPassthru = pkg: passthruVendoredSbom.rust pkg { inherit pkgs; }; - buildtimeOptions = { includeBuildtimeDependencies = true; }; + buildtimeOptions = { + includeBuildtimeDependencies = true; + }; # This list cannot grow indefinitely because building a Bom requires all # builtime dependencies to be downloaded or built. A lot of time is spent # evaluating, downloading, and building. testDerivations = with pkgs; [ - { name = "hello"; drv = hello; options = { }; } - { name = "hello-buildtime"; drv = hello; options = buildtimeOptions; } + { + name = "hello"; + drv = hello; + options = { }; + } + { + name = "hello-buildtime"; + drv = hello; + options = buildtimeOptions; + } - { name = "python3"; drv = python3; options = { }; } - { name = "python3-buildtime"; drv = python3; options = buildtimeOptions; } + { + name = "python3"; + drv = python3; + options = { }; + } + { + name = "python3-buildtime"; + drv = python3; + options = buildtimeOptions; + } # weird string license in buildtimeDependencies - { name = "poetry"; drv = poetry; options = { }; } - { name = "poetry-buildtime"; drv = poetry; options = buildtimeOptions; } + { + name = "poetry"; + drv = poetry; + options = { }; + } + { + name = "poetry-buildtime"; + drv = poetry; + options = buildtimeOptions; + } - { name = "git"; drv = git; options = { }; } - { name = "git-buildtime"; drv = git; options = buildtimeOptions; } + { + name = "git"; + drv = git; + options = { }; + } + { + name = "git-buildtime"; + drv = git; + options = buildtimeOptions; + } - { name = "git-extra-paths"; drv = git; options = { extraPaths = [ poetry ]; }; } - { name = "git-extra-paths-buildtime"; drv = git; options = buildtimeOptions // { extraPaths = [ poetry ]; }; } + { + name = "git-extra-paths"; + drv = git; + options = { + extraPaths = [ poetry ]; + }; + } + { + name = "git-extra-paths-buildtime"; + drv = git; + options = buildtimeOptions // { + extraPaths = [ poetry ]; + }; + } - { name = "cloud-hypervisor"; drv = rustPassthru cloud-hypervisor; options = { }; } - { name = "cloud-hypervisor"; drv = rustPassthru cloud-hypervisor; options = buildtimeOptions; } + { + name = "cloud-hypervisor"; + drv = rustPassthru cloud-hypervisor; + options = { }; + } + { + name = "cloud-hypervisor"; + drv = rustPassthru cloud-hypervisor; + options = buildtimeOptions; + } ]; cycloneDxSpec = pkgs.fetchFromGitHub { @@ -39,7 +94,8 @@ let sha256 = "sha256-N9aEK2oYk3SoCczrRMt5ycdgXCPA5SHTKsS2CffFY14="; }; - buildBomAndValidate = drv: options: + buildBomAndValidate = + drv: options: pkgs.runCommand "${drv.name}-bom-validation" { nativeBuildInputs = [ pkgs.check-jsonschema ]; } '' check-jsonschema \ --schemafile "${cycloneDxSpec}/schema/bom-1.4.schema.json" \ @@ -48,7 +104,7 @@ let touch $out ''; - genAttrsFromDrvs = drvs: f: - builtins.listToAttrs (map (d: pkgs.lib.nameValuePair d.name (f d.drv d.options)) drvs); + genAttrsFromDrvs = + drvs: f: builtins.listToAttrs (map (d: pkgs.lib.nameValuePair d.name (f d.drv d.options)) drvs); in genAttrsFromDrvs testDerivations buildBomAndValidate diff --git a/rust/transformer/Cargo.lock b/rust/transformer/Cargo.lock index 518c09e..dfbff7f 100644 --- a/rust/transformer/Cargo.lock +++ b/rust/transformer/Cargo.lock @@ -79,9 +79,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clap" -version = "4.5.13" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" dependencies = [ "clap_builder", "clap_derive", @@ -89,9 +89,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" dependencies = [ "anstyle", "clap_lex", @@ -117,9 +117,9 @@ checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -250,9 +250,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "indexmap" -version = "2.2.6" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5" dependencies = [ "equivalent", "hashbrown", @@ -275,9 +275,9 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "memchr" @@ -308,9 +308,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "ordered-float" -version = "4.2.1" +version = "4.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19ff2cf528c6c03d9ed653d6c4ce1dc0582dc4af309790ad92f07c1cd551b0be" +checksum = "4a91171844676f8c7990ce64959210cd2eaef32c2612c50f9fae9f8aaa6065a6" dependencies = [ "num-traits", ] @@ -349,18 +349,18 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] [[package]] name = "regex" -version = "1.10.5" +version = "1.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" dependencies = [ "aho-corasick", "memchr", @@ -399,18 +399,18 @@ checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", @@ -419,9 +419,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.121" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ab380d7d9f22ef3f21ad3e6c1ebe8e4fc7a2000ccba2e4d71fc96f15b2cb609" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -479,9 +479,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -574,6 +574,6 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "xml-rs" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791978798f0597cfc70478424c2b4fdc2b7a8024aaff78497ef00f24ef674193" +checksum = "539a77ee7c0de333dcc6da69b177380a0b81e0dacfa4f7344c465a36871ee601" diff --git a/rust/transformer/Cargo.toml b/rust/transformer/Cargo.toml index c5c5079..c22a21b 100644 --- a/rust/transformer/Cargo.toml +++ b/rust/transformer/Cargo.toml @@ -5,11 +5,11 @@ edition = "2021" [dependencies] anyhow = "1.0.86" -clap = { version = "4.5.9", default-features = false, features = ["std", "derive"] } +clap = { version = "4.5.17", default-features = false, features = ["std", "derive"] } cyclonedx-bom = "0.7.0" itertools = "0.13.0" -serde = { version = "1.0.204", features = [ "derive" ] } -serde_json = "1.0.120" +serde = { version = "1.0.209", features = [ "derive" ] } +serde_json = "1.0.128" sha2 = "0.10.8" uuid = "1.10.0" base64 = "0.22.1"