Comments (3)
Shnatsel
commented on September 21, 2024
There is a downside to exposing packageurl::PackageUrl in the public API: every time packageurl makes a semver-breaking release, we would have to make one too. Switching to another PURL crate would also be semver-breaking.
For now we've instead exposed FromStr implementations for Purl in #381 to make it writable, but without actually transitioning to a foreign type.
from cyclonedx-rust-cargo.
alilleybrinker
commented on September 21, 2024
Alright, seems like a good enough solution. Do you think documentation could be added to more clearly indicate this is the recommended way to interoperate with the packageurl crate?
from cyclonedx-rust-cargo.
Shnatsel
commented on September 21, 2024
There are several package URL crates in use already. I don't think it makes sense to enumerate every one in the documentation.
I'd be happy to accept a PR adding a code example that uses the FromStr impl, and a note that other package URL types should be converted to an &str first.
from cyclonedx-rust-cargo.
Related Issues (20)
- `cyclonedx-bom` is unsuitable for `cargo auditable` use case
- Hashes for packages from registries with parameters in the URL may not be recorded
- `cargo cyclonedx`: make CycloneDX version configurable HOT 1
- `--output-pattern` flag is confusing HOT 1
- Switch from `packageurl` to `purl` crate
- Support spec version 1.5 HOT 4
- The type of external references shouldn't be "open"
- Refactor `.new_unchecked()` on enums into `impl From<&str>`
- Do round trip tests
- Split `specs` module for XML and JSON
- Avoid null fields
- `cyclonedx_bom::models::tool::Tool` misses `external_references` introduced in v1.4 HOT 1
- 0.5.2: lock file is not updated HOT 2
- `models::tool::Tools::Object` should have `Option<>` fields HOT 2
- XML de/serialization of `normalizedstring` fields is incorrect
- XML deserialization of empty tags is incorrect HOT 3
- cyclonedx_bom: make Cpe constructable HOT 2
- Move JSON schema validation into `#[test]` scope
- `cargo cyclonedx` tests fail after upgrading to `purl` 0.1.3
- Support Cargo resolver v2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-rust-cargo.