Closed stevehipwell closed 3 weeks ago
Thanks for raising this @stevehipwell, I have seen this issue when updating the packages and I thought I had fixed this myself.
Let me see what I can do to fix this
@stevehipwell I've created this PR #42 that should help fix the issue. If there are issues with the PURL, it will show them as warnings + I've added better testing support.
You can try out this PR before I merge by using the following (once merged it will go)
- name: SBOM upload
uses: advanced-security/spdx-dependency-submission-action@hotfix-purl
I'm not 100% sure why its failing to parse the PURL but at least now it will upload + tell you which PURL caused the errors.
@stevehipwell Please me me know if you have any other issues
I'm seeing the
Invalid purl: version must be percent-encoded
error usingv0.1.0
in workflows which were working correctly onv0.0.1
. This is likely due to thepackageurl-js
dependency (via@github/dependency-submission-toolkit
). See example workflow.FYI I think https://github.com/package-url/packageurl-js/pull/61 may possibly fix this.