Gary O'Neall
Gary O'Neall
@maxhbr - pls review and if OK, we can merge
I'll attempt to answer some of the questions, but I may not be completely understanding the scenario and context: > This is really not an issue specific to this tool...
I'm having difficulty understanding your complete scenario and tool constraints, so I may not be much help beyond my previous comments. Perhaps this is something we could discuss real-time in...
@flemminglau you are correct, this library has not been updated for later CDX libraries or versions after 1.4. In addition updating the libraries, we'll also need to re-look at any...
Thanks @jlplenio for your interest - Just a quick update, I'm still working on the SPDX 3.0 libraries - taking longer than expected. Once that is done, I'll update this...
Kate and I discussed this and it probably won't get resolved for 3.0 - moving to 3.1.
In looking at the error message and the JSON file, there is a `bom-ref` `pkg:npm/%40alloc/[email protected]?package-id=b305d29f2afda9d2` with an `externalReferences` url value of `sindresorhus/quick-lru`. The SPDX validator validates any URL reference to...
> Would it make sense to check the purl to find the package manager or what would be a good strategy? Makes sense. We should follow the conventions of the...
It is 11+. I should update the POM file to specify the correct min JDK. Everything works for 8 except for the RDF libraries - there was a security vulnerability...
Let's leave this open to remind me to update the POM file.