GeekMasher
commented
3 weeks ago Thanks for raising this @stevehipwell, I have seen this issue when updating the packages and I thought I had fixed this myself.
Let me see what I can do to fix this
Closed stevehipwell closed 3 weeks ago
GeekMasher
commented
3 weeks ago Thanks for raising this @stevehipwell, I have seen this issue when updating the packages and I thought I had fixed this myself.
Let me see what I can do to fix this
GeekMasher
commented
3 weeks ago @stevehipwell I've created this PR #42 that should help fix the issue. If there are issues with the PURL, it will show them as warnings + I've added better testing support.
You can try out this PR before I merge by using the following (once merged it will go)
- name: SBOM upload
uses: advanced-security/spdx-dependency-submission-action@hotfix-purlI'm not 100% sure why its failing to parse the PURL but at least now it will upload + tell you which PURL caused the errors.
GeekMasher
commented
3 weeks ago @stevehipwell Please me me know if you have any other issues
I'm seeing the
Invalid purl: version must be percent-encodederror usingv0.1.0in workflows which were working correctly onv0.0.1. This is likely due to thepackageurl-jsdependency (via@github/dependency-submission-toolkit). See example workflow.FYI I think https://github.com/package-url/packageurl-js/pull/61 may possibly fix this.