diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index 475848080a5f..2f7198215f93 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -16,6 +16,8 @@ on: env: NX_SKIP_NX_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-cache') && 'true' || 'false' }} + CYCLONEDX_CLI_VERSION: 0.32.0 + CYCLONEDX_CLI_LINUX_X64_SHA256: 454879e6a4a405c8a13bff49b8982adcb0596f3019b26b0811c66e4d7f0783e1 jobs: build: @@ -69,7 +71,35 @@ jobs: pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; pnpm nx build sbom; - - name: Upload SBOM artifacts + - name: Install CycloneDX CLI + if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} + shell: bash + run: | + tool_dir="$RUNNER_TEMP/cyclonedx-cli" + mkdir -p "$tool_dir" + curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" + echo "${{ env.CYCLONEDX_CLI_LINUX_X64_SHA256 }} $tool_dir/cyclonedx" | sha256sum -c - + chmod +x "$tool_dir/cyclonedx" + echo "$tool_dir" >> "$GITHUB_PATH" + + - name: Validate SBOMs + if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} + shell: bash + run: | + shopt -s nullglob + sbom_files=(packages/sbom/dist/*.sbom.json) + + if [ ${#sbom_files[@]} -eq 0 ]; then + echo "No SBOM files found in packages/sbom/dist" + exit 1 + fi + + for file in "${sbom_files[@]}"; do + echo "Validating $file" + cyclonedx validate --input-file "$file" --input-format json --fail-on-errors + done + + - name: Upload SBOMs if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} uses: actions/upload-artifact@v7 with: diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 9ace56ff8f43..6c87112b7824 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -20,6 +20,7 @@ env: NX_SKIP_NX_CACHE: true FILTER: ${{ github.event_name == 'workflow_dispatch' && inputs.filter || '' }} SET_TIMESTAMP_VERSION: ${{ inputs.tag == 'daily' }} + SBOM_PACKAGE_NAMES: devextreme,devextreme-angular,devextreme-react,devextreme-vue,devextreme-themebuilder jobs: build: @@ -52,27 +53,83 @@ jobs: BUILD_INTERNAL_PACKAGE: true run: pnpm run all:build + # Builds the dx-make-sbom package argument list from known package names and the tgz files produced in artifacts/npm. + # Produces SBOM_PACKAGES for the packages/sbom build-hashed target. + - name: Prepare SBOM package inputs + shell: bash + run: | + package_version=$(node -p "require('./package.json').version") + IFS=',' read -ra package_names <<< "$SBOM_PACKAGE_NAMES" + sbom_packages=() + + for package_name in "${package_names[@]}"; do + tgz_path="artifacts/npm/$package_name-$package_version.tgz" + + if [ ! -f "$tgz_path" ]; then + echo "Expected package tarball not found: $tgz_path" + exit 1 + fi + + sbom_packages+=("$package_name(../../$tgz_path)") + done + + sbom_packages_value=$(IFS=,; echo "${sbom_packages[*]}") + echo "SBOM_PACKAGES=$sbom_packages_value" >> "$GITHUB_ENV" + echo "$sbom_packages_value" + + # Generates CycloneDX SBOM JSON files for the selected packages using the just-built tgz files. + # Produces packages/sbom/dist/*.cdx.json. - name: Build SBOMs env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; - pnpm nx build sbom; + pnpm nx build-hashed sbom; + + # Collects concrete SBOM file paths for validation because the shared action expects explicit file names. + # Produces the sbomFiles.outputs.files multiline output. + - name: Collect SBOM files + id: sbomFiles + shell: bash + run: | + shopt -s nullglob + sbom_files=(packages/sbom/dist/*.cdx.json) + + if [ ${#sbom_files[@]} -eq 0 ]; then + echo "No SBOM files found in packages/sbom/dist" + exit 1 + fi + + { + echo "files<> "$GITHUB_OUTPUT" + + # Validates every generated CycloneDX SBOM file with the shared validation action. + # Produces no artifact; fails the workflow if any SBOM is invalid. + - name: Validate SBOMs + uses: DevExpress/github-actions/validate-sbom@5034a6d5e0fd18fc2826ed20a5140f9c83b8994f + with: + input-format: json + input-files: ${{ steps.sbomFiles.outputs.files }} - name: Build artifacts package run: pnpm run make-artifacts-package - - name: Upload SBOM artifact + # Saves generated SBOM files for the publish job. + # Produces the sbom-packages workflow artifact. + - name: Upload SBOMs uses: actions/upload-artifact@v7 with: - name: sbom + name: sbom-packages path: packages/sbom/dist retention-days: 7 - name: Upload packages uses: actions/upload-artifact@v7 with: - name: packages + name: npm-packages path: artifacts/npm/*.tgz retention-days: 2 @@ -94,10 +151,19 @@ jobs: - name: Get sources uses: actions/checkout@v6 - - name: Download artifacts + - name: Download packages uses: actions/download-artifact@v8 with: - name: packages + name: npm-packages + path: npm-packages + + # Restores generated SBOM files from the build job. + # Produces the local sbom-packages directory for matrix publishing. + - name: Download SBOMs + uses: actions/download-artifact@v8 + with: + name: sbom-packages + path: sbom-packages - name: Use Node.js uses: actions/setup-node@v6 @@ -117,13 +183,50 @@ jobs: PACKAGE: ${{ matrix.package }} run: | SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); - PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz $PACKAGE.tgz --scope $SCOPE) + PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz npm-packages/$PACKAGE.tgz --scope $SCOPE) echo "packageDir=$PACKAGE_DIR" >> "$GITHUB_OUTPUT"; cd $PACKAGE_DIR; pnpm pkg get name | tr -d '"' | sed -r 's/(.*)/name=\1/' >> "$GITHUB_OUTPUT"; pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; + # Wraps the matching SBOM JSON file into a minimal scoped npm package when the matrix package has an SBOM. + # Produces scopedSbomPackage outputs used by the publish step. + - name: Build SBOM package + id: scopedSbomPackage + env: + PACKAGE_NAME: ${{ steps.scopedPackage.outputs.name }} + PACKAGE_VERSION: ${{ steps.scopedPackage.outputs.version }} + run: | + UNSCOPED_PACKAGE_NAME=$(echo "$PACKAGE_NAME" | sed -r 's#^@[^/]+/##'); + SBOM_FILE="sbom-packages/$UNSCOPED_PACKAGE_NAME.cdx.json"; + + if [[ ",$SBOM_PACKAGE_NAMES," != *",$UNSCOPED_PACKAGE_NAME,"* ]]; then + echo "SBOM publishing is not configured for $UNSCOPED_PACKAGE_NAME" + echo "hasSbom=false" >> "$GITHUB_OUTPUT"; + exit 0; + fi + + if [ ! -f "$SBOM_FILE" ]; then + echo "No SBOM found for $UNSCOPED_PACKAGE_NAME" + echo "hasSbom=false" >> "$GITHUB_OUTPUT"; + exit 0; + fi + + SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); + SBOM_PACKAGE_NAME="@$SCOPE/$UNSCOPED_PACKAGE_NAME-sbom"; + SBOM_PACKAGE_DIR="sbom-package/$SBOM_PACKAGE_NAME"; + + mkdir -p "$SBOM_PACKAGE_DIR"; + cp "$SBOM_FILE" "$SBOM_PACKAGE_DIR/"; + cd "$SBOM_PACKAGE_DIR"; + node -e "const fs = require('fs'); const [name, version] = process.argv.slice(1); fs.writeFileSync('package.json', JSON.stringify({ name, version }, null, 2));" "$SBOM_PACKAGE_NAME" "$PACKAGE_VERSION"; + echo "hasSbom=true" >> "$GITHUB_OUTPUT"; + echo "packageDir=$PWD" >> "$GITHUB_OUTPUT"; + pnpm pkg get name | tr -d '"' | sed -r 's/(.*)/name=\1/' >> "$GITHUB_OUTPUT"; + pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; + pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; + # --ignore-scripts is required for publishing devextreme-angular which fails with error: # 'Trying to publish a package that has been compiled by Ivy in full compilation mode.' # Should be removed. @@ -139,6 +242,22 @@ jobs: pnpm publish --no-git-checks --quiet --ignore-scripts --tag $PACKAGE_VERSION_MAJOR-${{ inputs.tag }} --registry https://npm.pkg.github.com; pnpm dist-tag add $PACKAGE_NAME@$PACKAGE_VERSION latest --registry=https://npm.pkg.github.com; + # --ignore-scripts - like above, should be removed, check if could be removed everywhere + # Publishes the generated scoped SBOM npm package to GitHub Packages. + # Produces @/-sbom in the npm.pkg.github.com feed. + - name: Publish SBOM to npm.pkg.github.com + if: ${{ steps.scopedSbomPackage.outputs.hasSbom == 'true' }} + working-directory: ${{ steps.scopedSbomPackage.outputs.packageDir }} + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PACKAGE_NAME: ${{ steps.scopedSbomPackage.outputs.name }} + PACKAGE_VERSION: ${{ steps.scopedSbomPackage.outputs.version }} + PACKAGE_VERSION_MAJOR: ${{ steps.scopedSbomPackage.outputs.majorVersion }} + run: | + pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; + pnpm publish --no-git-checks --quiet --ignore-scripts --tag $PACKAGE_VERSION_MAJOR-${{ inputs.tag }} --registry https://npm.pkg.github.com; + pnpm dist-tag add $PACKAGE_NAME@$PACKAGE_VERSION latest --registry=https://npm.pkg.github.com; + notify: runs-on: devextreme-shr2 name: Send notifications diff --git a/packages/sbom/pnpm-lock.yaml b/packages/sbom/pnpm-lock.yaml index c7bb6af659c9..6df372c35dd0 100644 --- a/packages/sbom/pnpm-lock.yaml +++ b/packages/sbom/pnpm-lock.yaml @@ -31,24 +31,24 @@ packages: resolution: {integrity: sha512-mTaD3YA1pJeEom8oyKjQ7wmfR+kDBZss15+aBIZ83gYkWFlgT9rWSM1cMsAcBJLTR9vcHIQ/bCo/JZewXkHN5Q==} engines: {node: '>=20'} - '@babel/code-frame@7.29.0': - resolution: {integrity: sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==} + '@babel/code-frame@7.29.7': + resolution: {integrity: sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==} engines: {node: '>=6.9.0'} - '@babel/generator@7.29.1': - resolution: {integrity: sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==} + '@babel/generator@7.29.7': + resolution: {integrity: sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==} engines: {node: '>=6.9.0'} - '@babel/helper-globals@7.28.0': - resolution: {integrity: sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==} + '@babel/helper-globals@7.29.7': + resolution: {integrity: sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==} engines: {node: '>=6.9.0'} - '@babel/helper-string-parser@7.27.1': - resolution: {integrity: sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==} + '@babel/helper-string-parser@7.29.7': + resolution: {integrity: sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==} engines: {node: '>=6.9.0'} - '@babel/helper-validator-identifier@7.28.5': - resolution: {integrity: sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==} + '@babel/helper-validator-identifier@7.29.7': + resolution: {integrity: sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==} engines: {node: '>=6.9.0'} '@babel/parser@7.29.3': @@ -56,16 +56,21 @@ packages: engines: {node: '>=6.0.0'} hasBin: true - '@babel/template@7.28.6': - resolution: {integrity: sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==} + '@babel/parser@7.29.7': + resolution: {integrity: sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==} + engines: {node: '>=6.0.0'} + hasBin: true + + '@babel/template@7.29.7': + resolution: {integrity: sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==} engines: {node: '>=6.9.0'} '@babel/traverse@7.29.0': resolution: {integrity: sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==} engines: {node: '>=6.9.0'} - '@babel/types@7.29.0': - resolution: {integrity: sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==} + '@babel/types@7.29.7': + resolution: {integrity: sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==} engines: {node: '>=6.9.0'} '@bufbuild/protobuf@2.12.0': @@ -259,8 +264,8 @@ packages: resolution: {integrity: sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==} engines: {node: '>=14.16'} - cacheable-request@13.0.18: - resolution: {integrity: sha512-rFWadDRKJs3s2eYdXlGggnBZKG7MTblkFBB0YllFds+UYnfogDp2wcR6JN97FhRkHTvq59n2vhNoHNZn29dh/Q==} + cacheable-request@13.0.19: + resolution: {integrity: sha512-SVXGH037+Mo1aIMO5B2UcleR43FGjFdN+M8JObSyEoQ2Mn4CODRWx28gN5jiTF0n5ItsgtIZfyargMNs8GX4kg==} engines: {node: '>=18'} call-bind-apply-helpers@1.0.2: @@ -309,6 +314,10 @@ packages: resolution: {integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==} engines: {node: '>= 0.6'} + content-type@2.0.0: + resolution: {integrity: sha512-j/O/d7GcZCyNl7/hwZAb606rzqkyvaDctLmckbxLzHvFBzTJHuGEdodATcP3yIRoDrLHkIATJuvzbFlp/ki2cQ==} + engines: {node: '>=18'} + css-select@5.2.2: resolution: {integrity: sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==} @@ -395,8 +404,8 @@ packages: resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==} engines: {node: '>= 0.4'} - es-object-atoms@1.1.1: - resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==} + es-object-atoms@1.1.2: + resolution: {integrity: sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==} engines: {node: '>= 0.4'} escalade@3.2.0: @@ -427,8 +436,8 @@ packages: resolution: {integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==} engines: {node: 6.* || 8.* || >= 10.*} - get-east-asian-width@1.5.0: - resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==} + get-east-asian-width@1.6.0: + resolution: {integrity: sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==} engines: {node: '>=18'} get-intrinsic@1.3.0: @@ -459,8 +468,8 @@ packages: resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==} engines: {node: '>= 0.4'} - hasown@2.0.3: - resolution: {integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==} + hasown@2.0.4: + resolution: {integrity: sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==} engines: {node: '>= 0.4'} hermes-estree@0.36.1: @@ -469,8 +478,8 @@ packages: hermes-parser@0.36.1: resolution: {integrity: sha512-GApNk4zLHi2UWoWZZkx7LNCOSzLSc5lB55pZ/PhK7ycFeg7u5LcF88p/WbpIi1XUDtE0MpHE3uRR3u3KB7TjSQ==} - hosted-git-info@9.0.2: - resolution: {integrity: sha512-M422h7o/BR3rmCQ8UHi7cyyMqKltdP9Uo+J2fXK+RSAY+wTcKOIRyhTuKv4qn+DJf3g+PL890AzId5KZpX+CBg==} + hosted-git-info@9.0.3: + resolution: {integrity: sha512-Hc+ghLoSt6QaYZUv0WBiIvmMDZuZZ7oaDvdH8MbfOO4lOsxdXLEvuC6ePoGs9H1X9oCLyq6+NVN0MKqD+ydxyg==} engines: {node: ^20.17.0 || >=22.9.0} htmlparser2@10.1.0: @@ -545,8 +554,8 @@ packages: resolution: {integrity: sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==} engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} - lru-cache@11.3.5: - resolution: {integrity: sha512-NxVFwLAnrd9i7KUBxC4DrUhmgjzOs+1Qm50D3oF1/oL+r1NpZ4gA7xvG0/zJ8evR7zIKn4vLf7qTNduWFtCrRw==} + lru-cache@11.5.1: + resolution: {integrity: sha512-RPimw/7aMdv2oqRrxKwvZXcPfwBrn/JZ2xYcY9Hus/6LaS3VOAKVWKWgNLCFSiOm1ESXinjsDlidVU7JlnCN2A==} engines: {node: 20 || >=22} math-intrinsics@1.1.0: @@ -739,8 +748,8 @@ packages: resolution: {integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==} engines: {node: '>= 0.4'} - side-channel@1.1.0: - resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==} + side-channel@1.1.1: + resolution: {integrity: sha512-6x6dK6zJdpTzF4sQeNYxwtvBzf6Eg4GtlesS94HOvTudUeyK2WXAaIfmDgsyslYrRBeFIlsi54AYsFGUuhmvrQ==} engines: {node: '>= 0.4'} signal-exit@4.1.0: @@ -792,17 +801,17 @@ packages: resolution: {integrity: sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==} engines: {node: '>=16'} - type-is@2.0.1: - resolution: {integrity: sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==} - engines: {node: '>= 0.6'} + type-is@2.1.0: + resolution: {integrity: sha512-faYHw0anBbc/kWF3zFTEnxSFOAGUX9GFbOBthvDdLsIlEoWOFOtS0zgCiQYwIskL9iGXZL3kAXD8OoZ4GmMATA==} + engines: {node: '>= 18'} typescript@6.0.3: resolution: {integrity: sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==} engines: {node: '>=14.17'} hasBin: true - undici@7.25.0: - resolution: {integrity: sha512-xXnp4kTyor2Zq+J1FfPI6Eq3ew5h6Vl0F/8d9XU5zZQf1tX9s2Su1/3PiMmUANFULpmksxkClamIZcaUqryHsQ==} + undici@7.28.0: + resolution: {integrity: sha512-cRZYrTDwWznlnRiPjggAGxZXanty6M8RV1ff8Wm4LWXBp7/IG8v5DnOm74DtUBp9OONpK75YlPnIjQqX0dBDtA==} engines: {node: '>=20.18.1'} unpipe@1.0.0: @@ -903,52 +912,56 @@ snapshots: '@bufbuild/protobuf': 2.12.0 optional: true - '@babel/code-frame@7.29.0': + '@babel/code-frame@7.29.7': dependencies: - '@babel/helper-validator-identifier': 7.28.5 + '@babel/helper-validator-identifier': 7.29.7 js-tokens: 4.0.0 picocolors: 1.1.1 - '@babel/generator@7.29.1': + '@babel/generator@7.29.7': dependencies: - '@babel/parser': 7.29.3 - '@babel/types': 7.29.0 + '@babel/parser': 7.29.7 + '@babel/types': 7.29.7 '@jridgewell/gen-mapping': 0.3.13 '@jridgewell/trace-mapping': 0.3.31 jsesc: 3.1.0 - '@babel/helper-globals@7.28.0': {} + '@babel/helper-globals@7.29.7': {} - '@babel/helper-string-parser@7.27.1': {} + '@babel/helper-string-parser@7.29.7': {} - '@babel/helper-validator-identifier@7.28.5': {} + '@babel/helper-validator-identifier@7.29.7': {} '@babel/parser@7.29.3': dependencies: - '@babel/types': 7.29.0 + '@babel/types': 7.29.7 - '@babel/template@7.28.6': + '@babel/parser@7.29.7': dependencies: - '@babel/code-frame': 7.29.0 - '@babel/parser': 7.29.3 - '@babel/types': 7.29.0 + '@babel/types': 7.29.7 + + '@babel/template@7.29.7': + dependencies: + '@babel/code-frame': 7.29.7 + '@babel/parser': 7.29.7 + '@babel/types': 7.29.7 '@babel/traverse@7.29.0': dependencies: - '@babel/code-frame': 7.29.0 - '@babel/generator': 7.29.1 - '@babel/helper-globals': 7.28.0 + '@babel/code-frame': 7.29.7 + '@babel/generator': 7.29.7 + '@babel/helper-globals': 7.29.7 '@babel/parser': 7.29.3 - '@babel/template': 7.28.6 - '@babel/types': 7.29.0 + '@babel/template': 7.29.7 + '@babel/types': 7.29.7 debug: 4.4.3 transitivePeerDependencies: - supports-color - '@babel/types@7.29.0': + '@babel/types@7.29.7': dependencies: - '@babel/helper-string-parser': 7.27.1 - '@babel/helper-validator-identifier': 7.28.5 + '@babel/helper-string-parser': 7.29.7 + '@babel/helper-validator-identifier': 7.29.7 '@bufbuild/protobuf@2.12.0': optional: true @@ -1098,7 +1111,7 @@ snapshots: '@gar/promise-retry': 1.0.3 '@npmcli/promise-spawn': 9.0.1 ini: 6.0.0 - lru-cache: 11.3.5 + lru-cache: 11.5.1 npm-pick-manifest: 11.0.3 proc-log: 6.1.0 semver: 7.8.1 @@ -1117,7 +1130,7 @@ snapshots: dependencies: '@npmcli/git': 7.0.2 glob: 13.0.6 - hosted-git-info: 9.0.2 + hosted-git-info: 9.0.3 json-parse-even-better-errors: 5.0.0 proc-log: 6.1.0 semver: 7.8.1 @@ -1168,7 +1181,7 @@ snapshots: on-finished: 2.4.1 qs: 6.15.2 raw-body: 3.0.2 - type-is: 2.0.1 + type-is: 2.1.0 transitivePeerDependencies: - supports-color optional: true @@ -1186,7 +1199,7 @@ snapshots: cacheable-lookup@7.0.0: {} - cacheable-request@13.0.18: + cacheable-request@13.0.19: dependencies: '@types/http-cache-semantics': 4.2.0 get-stream: 9.0.1 @@ -1228,7 +1241,7 @@ snapshots: parse5: 7.3.0 parse5-htmlparser2-tree-adapter: 7.1.0 parse5-parser-stream: 7.1.2 - undici: 7.25.0 + undici: 7.28.0 whatwg-mimetype: 4.0.0 chownr@3.0.0: {} @@ -1274,6 +1287,9 @@ snapshots: content-type@1.0.5: optional: true + content-type@2.0.0: + optional: true + css-select@5.2.2: dependencies: boolbase: 1.0.0 @@ -1352,7 +1368,7 @@ snapshots: es-errors@1.3.0: optional: true - es-object-atoms@1.1.1: + es-object-atoms@1.1.2: dependencies: es-errors: 1.3.0 optional: true @@ -1386,26 +1402,26 @@ snapshots: get-caller-file@2.0.5: {} - get-east-asian-width@1.5.0: {} + get-east-asian-width@1.6.0: {} get-intrinsic@1.3.0: dependencies: call-bind-apply-helpers: 1.0.2 es-define-property: 1.0.1 es-errors: 1.3.0 - es-object-atoms: 1.1.1 + es-object-atoms: 1.1.2 function-bind: 1.1.2 get-proto: 1.0.1 gopd: 1.2.0 has-symbols: 1.1.0 - hasown: 2.0.3 + hasown: 2.0.4 math-intrinsics: 1.1.0 optional: true get-proto@1.0.1: dependencies: dunder-proto: 1.0.1 - es-object-atoms: 1.1.1 + es-object-atoms: 1.1.2 optional: true get-stream@9.0.1: @@ -1427,7 +1443,7 @@ snapshots: '@sindresorhus/is': 7.2.0 byte-counter: 0.1.0 cacheable-lookup: 7.0.0 - cacheable-request: 13.0.18 + cacheable-request: 13.0.19 decompress-response: 10.0.0 form-data-encoder: 4.1.0 http2-wrapper: 2.2.1 @@ -1440,7 +1456,7 @@ snapshots: has-symbols@1.1.0: optional: true - hasown@2.0.3: + hasown@2.0.4: dependencies: function-bind: 1.1.2 optional: true @@ -1453,9 +1469,9 @@ snapshots: hermes-estree: 0.36.1 optional: true - hosted-git-info@9.0.2: + hosted-git-info@9.0.3: dependencies: - lru-cache: 11.3.5 + lru-cache: 11.5.1 htmlparser2@10.1.0: dependencies: @@ -1520,7 +1536,7 @@ snapshots: lowercase-keys@3.0.0: {} - lru-cache@11.3.5: {} + lru-cache@11.5.1: {} math-intrinsics@1.1.0: optional: true @@ -1570,7 +1586,7 @@ snapshots: npm-package-arg@13.0.2: dependencies: - hosted-git-info: 9.0.2 + hosted-git-info: 9.0.3 proc-log: 6.1.0 semver: 7.8.1 validate-npm-package-name: 7.0.2 @@ -1630,7 +1646,7 @@ snapshots: path-scurry@2.0.2: dependencies: - lru-cache: 11.3.5 + lru-cache: 11.5.1 minipass: 7.1.3 picocolors@1.1.1: {} @@ -1646,7 +1662,7 @@ snapshots: qs@6.15.2: dependencies: - side-channel: 1.1.0 + side-channel: 1.1.1 optional: true quick-lru@5.1.1: {} @@ -1709,7 +1725,7 @@ snapshots: side-channel-map: 1.0.1 optional: true - side-channel@1.1.0: + side-channel@1.1.1: dependencies: es-errors: 1.3.0 object-inspect: 1.13.4 @@ -1742,7 +1758,7 @@ snapshots: string-width@7.2.0: dependencies: emoji-regex: 10.6.0 - get-east-asian-width: 1.5.0 + get-east-asian-width: 1.6.0 strip-ansi: 7.2.0 strip-ansi@7.2.0: @@ -1764,9 +1780,9 @@ snapshots: type-fest@4.41.0: {} - type-is@2.0.1: + type-is@2.1.0: dependencies: - content-type: 1.0.5 + content-type: 2.0.0 media-typer: 1.1.0 mime-types: 3.0.2 optional: true @@ -1774,7 +1790,7 @@ snapshots: typescript@6.0.3: optional: true - undici@7.25.0: {} + undici@7.28.0: {} unpipe@1.0.0: optional: true diff --git a/packages/sbom/project.json b/packages/sbom/project.json index 4d9389597869..470ae9c74375 100644 --- a/packages/sbom/project.json +++ b/packages/sbom/project.json @@ -22,6 +22,19 @@ ] } }, + "build-hashed": { + "executor": "nx:run-commands", + "dependsOn": ["install-dependencies"], + "options": { + "cwd": "{projectRoot}", + "parallel": false, + "commands": [ + "rm -rf dist/", + "pnpm dx-make-sbom ../../ dist/ \"$SBOM_PACKAGES\"", + "cp dist/devextreme.cdx.json dist/devextreme-dist.cdx.json" + ] + } + }, "make": { "executor": "nx:run-commands", "dependsOn": ["install-dependencies"],