Open andreas-hilti opened 1 week ago
Thanks for reporting. Looks like a defect in the XML Schema. The correct fix should be to make maxOccurs unbounded.
changing the current ProtoBuff item from optional
to repeated
would be a breaking change in the implementation
changing the current ProtoBuff item from
optional
torepeated
would be a breaking change in the implementation
Why is this? Is proto2 supported as well?
For proto3: https://protobuf.dev/programming-guides/proto3/#updating
For string, bytes, and message fields, optional is compatible with repeated. Given serialized data of a repeated field as input, clients that expect this field to be optional will take the last input value if it’s a primitive type field or merge all input elements if it’s a message type field.
Unless I'm mistaken, all messages that contained only a single "data" would continue to work, and this is the kind of compatibility that you are looking for, isn't it?
Describe the defect
In JSON, the data member of a (data) component is an array: https://cyclonedx.org/docs/1.6/json/#components_items_data In protobuf, it is not repeated: https://github.com/CycloneDX/specification/blob/bfb6f8baf77bbf98a4c0a54392508ba3ccf2e22e/schema/bom-1.6.proto#L142-L143
Also in xml it is not repeated: https://github.com/CycloneDX/specification/blob/bfb6f8baf77bbf98a4c0a54392508ba3ccf2e22e/schema/bom-1.6.xsd#L701-L706
for instance this is not valid:
Additional context