[ValidationError] invalid characters in URL: `[` `]`

[mLuca]

To Reproduce

Steps to reproduce the behavior:

1. How was @cyclonedx/webpack-plugin called? See attached webpack.config.js. Was called as described in the official npm package site.

2. What kind of evidence was processed? See attached package.json i.e. package-lock.json

3. Error report:

   
   ### Output Start ###
   npm run build

getk@0.1.0 build node scripts/build.js

Creating an optimized production build... Failed to compile.

Failed to generate valid BOM "bom/bom.xml" Please report the issue and provide the npm lock file of the current project to: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/new?template=ValidationError-report.md&labels=ValidationError&title=%5BValidationError%5D

Output End

5. Expected result:
See attached bom-folder. 
Created by adding "validateResults: false" to the options.

## Environment

- _@cyclonedx/webpack-plugin_ version: v3.8.2
- webpack version: webpack@5.77.0
- Node version: v18.17.0
- OS: debian 11

## Additional context

Add any other context about the problem here.
[artifacts.zip](https://github.com/CycloneDX/cyclonedx-webpack-plugin/files/13504060/artifacts.zip)

[jkowalleck]

thanks for the report. i will have a look.

[jkowalleck]

sorry, but the information in your artifacts.zip are not sufficient to completely reproduce.

Anyway, i was able to run a test on the provided bom.xml

// test.mjs

import CDX from '@cyclonedx/cyclonedx-library'
import {readFileSync} from 'fs'

const serializedXML = readFileSync('bom.xml', 'utf8')

const xmlValidator = new CDX.Validation.XmlValidator(CDX.Spec.Spec1dot4.version)
const validationErrors = await xmlValidator.validate(serializedXML)
if (validationErrors === null) {
    console.info('XML valid')
} else {
    throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
}

output:

Error: XML ValidationError:
[{"domain":17,"code":1824,"level":2,"column":0,"line":1081,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-camel-case]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1107,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-default-unit]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1133,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-global]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1159,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-nested]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1185,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-props-sort]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1211,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-rule-value-function]"},{"domain":17,"code":1824,"level":2,"column":0,"line":1237,"str1":"https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-vendor-prefixer]"}]

[jkowalleck]

as of https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/1239#issuecomment-1836447296 the issue is caused by jss-plugin-camel-case -- https://github.com/cssinjs/jss/tree/master/packages/jss-plugin-camel-case

the "bug URL" https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-camel-case] is actually invalid. characters [] are invalid characters to URL standards. they must be url encoded %5B%5D.

possible fix can be done in https://github.com/CycloneDX/cyclonedx-javascript-library would not be the first time to fix this ... see https://github.com/search?q=repo%3ACycloneDX%2Fcyclonedx-php-library+%255B&type=code --> caused https://github.com/CycloneDX/cyclonedx-javascript-library/issues/992

[jkowalleck]

closed, since the underlying https://github.com/CycloneDX/cyclonedx-javascript-library/issues/992 was closed and a fix was published.