-
Notifications
You must be signed in to change notification settings - Fork 314
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(reporter): Fix the creation of first level dependency relationships
As of [1] the SPDX reporter intends to associate any first level dependency with all root projects it corresponds to. The implementation introduced by [1] has the following issues: 1. Relationships to excluded packages are added, even though excluded packages are not contained in the report. For proof see [2] which adds such relationship. 2. Dependencies which are direct depdendencies of a sub-project, but not of any root project are not considered a first level dependency. Such dependencies may not be linked into the dependency tree of resulting SPDX document at all. Rewrite the algorithm in order to fix both of the above mentioned issues. Fixes #7487. [1] b471544 [2] b471544#diff-6de35dd2aff1f92b7f5ea558d3f77e02d0d596dd4ce2a8199056cfb31b47fcabR181-R184 Signed-off-by: Frank Viernau <[email protected]>
- Loading branch information
Showing
3 changed files
with
30 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters