From ac34e9837c14ba8369bc42f7dac423ab35b19ba9 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:14:15 +0200 Subject: [PATCH 01/36] Set BlockLocation for all packages in gradle-lock extractor Add line counter to bufio.Scanner loop and set BlockLocation with line number and column range for each parsed package. Column.Start is 1 (start of line), Column.End is the raw line length + 1 (before TrimSpace, preserving original positions). Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/java/parse-gradle-lock.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/lockfile/java/parse-gradle-lock.go b/pkg/lockfile/java/parse-gradle-lock.go index 9647b914..91d2be15 100644 --- a/pkg/lockfile/java/parse-gradle-lock.go +++ b/pkg/lockfile/java/parse-gradle-lock.go @@ -63,8 +63,10 @@ func (e GradleLockExtractor) PackageManager() models.PackageManager { func (e GradleLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { pkgs := make([]lockfile.PackageDetails, 0) scanner := bufio.NewScanner(f) + lineNumber := 0 for scanner.Scan() { + lineNumber++ lockLine := strings.TrimSpace(scanner.Text()) if !isGradleLockFileDepLine(lockLine) { continue @@ -75,6 +77,12 @@ func (e GradleLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCo continue } + pkg.BlockLocation = models.FilePosition{ + Line: models.Position{Start: lineNumber, End: lineNumber}, + Column: models.Position{Start: 1, End: len(scanner.Text()) + 1}, + Filename: f.Path(), + } + pkgs = append(pkgs, pkg) } From ee0ca84a84a5af4bd5cce433b4472ab76a2349fa Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:14:49 +0200 Subject: [PATCH 02/36] Add BlockLocation assertion test for gradle-lock extractor Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/java/parse-gradle-lock_test.go | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/pkg/lockfile/java/parse-gradle-lock_test.go b/pkg/lockfile/java/parse-gradle-lock_test.go index a226ef85..2f13c46f 100644 --- a/pkg/lockfile/java/parse-gradle-lock_test.go +++ b/pkg/lockfile/java/parse-gradle-lock_test.go @@ -151,6 +151,34 @@ func TestParseGradleLock_OnePackage(t *testing.T) { }) } +//nolint:paralleltest +func TestParseGradleLock_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/gradle-lockfile/one-pkg")) + packages, err := java.ParseGradleLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, + "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, + "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, + "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, + "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) + } +} + //nolint:paralleltest func TestParseGradleLock_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() From 596a20681fa8cd23a711d7ea28bcca1b26239b63 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:19:08 +0200 Subject: [PATCH 03/36] Set BlockLocation for all packages in mix-lock extractor Add line counter to bufio.Scanner loop and set BlockLocation with line number and full line column range for each parsed package. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/elixir/parse-mix-lock.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/lockfile/elixir/parse-mix-lock.go b/pkg/lockfile/elixir/parse-mix-lock.go index 75dbb274..20bcebd6 100644 --- a/pkg/lockfile/elixir/parse-mix-lock.go +++ b/pkg/lockfile/elixir/parse-mix-lock.go @@ -34,10 +34,12 @@ func (e MixLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte re := cachedregexp.MustCompile(`^ +"(\w+)": \{.+,$`) scanner := bufio.NewScanner(f) + lineNumber := 0 var packages []lockfile.PackageDetails for scanner.Scan() { + lineNumber++ line := scanner.Text() match := re.FindStringSubmatch(line) @@ -79,6 +81,11 @@ func (e MixLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte PackageManager: mixPackageManager, Ecosystem: models.EcosystemHex, Commit: commit, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: lineNumber, End: lineNumber}, + Column: models.Position{Start: 1, End: len(line) + 1}, + Filename: f.Path(), + }, }) } From 7ab8e8ccc5cef3ca60b7e3cf0b6419a3d991ad21 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:19:49 +0200 Subject: [PATCH 04/36] Add BlockLocation test and update mix-lock test expectations Add dedicated BlockLocation assertion test. Switch strict ExpectPackages to ExpectPackagesWithoutLocations for non-location tests. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/elixir/parse-mix-lock_test.go | 39 +++++++++++++++++++--- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/elixir/parse-mix-lock_test.go b/pkg/lockfile/elixir/parse-mix-lock_test.go index 2324d59a..a345031a 100644 --- a/pkg/lockfile/elixir/parse-mix-lock_test.go +++ b/pkg/lockfile/elixir/parse-mix-lock_test.go @@ -2,6 +2,8 @@ package elixir_test import ( "io/fs" + "os" + "path/filepath" "testing" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/elixir" @@ -10,6 +12,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" + + "github.com/stretchr/testify/assert" ) func TestMixLockExtractor_ShouldExtract(t *testing.T) { @@ -93,7 +97,7 @@ func TestParseMixLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "plug", Version: "1.11.1", @@ -104,6 +108,33 @@ func TestParseMixLock_OnePackage(t *testing.T) { }) } +func TestParseMixLock_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/mix/one-package.lock")) + packages, err := elixir.ParseMixLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, + "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, + "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, + "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, + "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) + } +} + func TestParseMixLock_TwoPackages(t *testing.T) { t.Parallel() @@ -113,7 +144,7 @@ func TestParseMixLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "plug", Version: "1.11.1", @@ -140,7 +171,7 @@ func TestParseMixLock_Many(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "backoff", Version: "1.1.6", @@ -300,7 +331,7 @@ func TestParseMixLock_GitPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "foe", Version: "", From 91b896cac5b69e5474e0bb8e21219cead06560bd Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:40:47 +0200 Subject: [PATCH 05/36] Set BlockLocation for all packages in gemfile-lock extractor Add line number and source file tracking to the gemfileLockfileParser state machine. Each package gets BlockLocation set with the line where it appears in the Gemfile.lock file. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/ruby/parse-gemfile-lock.go | 14 +++++++++++++- pkg/lockfile/ruby/types.go | 7 +++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/pkg/lockfile/ruby/parse-gemfile-lock.go b/pkg/lockfile/ruby/parse-gemfile-lock.go index 81828b94..bfbe0976 100644 --- a/pkg/lockfile/ruby/parse-gemfile-lock.go +++ b/pkg/lockfile/ruby/parse-gemfile-lock.go @@ -31,6 +31,12 @@ func (parser *gemfileLockfileParser) isSourceSection(line string) bool { } func (parser *gemfileLockfileParser) addDependency(name string, version string) { + blockLocation := models.FilePosition{ + Line: models.Position{Start: parser.lineNumber, End: parser.lineNumber}, + Column: models.Position{Start: 1, End: len(parser.currentLine) + 1}, + Filename: parser.sourceFile, + } + if !parser.isInDepSection { parser.dependencies = append(parser.dependencies, lockfile.PackageDetails{ Name: name, @@ -38,6 +44,7 @@ func (parser *gemfileLockfileParser) addDependency(name string, version string) PackageManager: gemfilePackageManager, Ecosystem: models.EcosystemRubyGems, Commit: parser.currentGemCommit, + BlockLocation: blockLocation, }) return @@ -63,6 +70,7 @@ func (parser *gemfileLockfileParser) addDependency(name string, version string) Ecosystem: models.EcosystemRubyGems, Commit: parser.currentGemCommit, IsDirect: true, + BlockLocation: blockLocation, }) } } @@ -184,11 +192,15 @@ func (e GemfileLockExtractor) PackageManager() models.PackageManager { func (e GemfileLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parser gemfileLockfileParser + parser.sourceFile = f.Path() scanner := bufio.NewScanner(f) for scanner.Scan() { - parser.parse(scanner.Text()) + parser.lineNumber++ + line := scanner.Text() + parser.currentLine = line + parser.parse(line) } if err := scanner.Err(); err != nil { diff --git a/pkg/lockfile/ruby/types.go b/pkg/lockfile/ruby/types.go index afec1951..34c4b435 100644 --- a/pkg/lockfile/ruby/types.go +++ b/pkg/lockfile/ruby/types.go @@ -67,6 +67,13 @@ type gemfileLockfileParser struct { // whether or not the parser is in the `DEPENDENCIES` section isInDepSection bool + + // current line number being parsed (1-indexed) + lineNumber int + // current line text being parsed + currentLine string + // absolute path of the lockfile being parsed + sourceFile string } type GemfileLockExtractor struct { From 744364a3e3c99503f736a4021546e6e84173da80 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:43:06 +0200 Subject: [PATCH 06/36] Add BlockLocation test and update gemfile-lock test expectations Add dedicated BlockLocation assertion test for gemfile-lock extractor verifying line numbers and filenames. Switch existing tests to ExpectPackagesWithoutLocations since dedicated test covers location assertions. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/ruby/parse-gemfile-lock_test.go | 70 ++++++++++++++++++-- 1 file changed, 63 insertions(+), 7 deletions(-) diff --git a/pkg/lockfile/ruby/parse-gemfile-lock_test.go b/pkg/lockfile/ruby/parse-gemfile-lock_test.go index 715b7a74..1fb0da96 100644 --- a/pkg/lockfile/ruby/parse-gemfile-lock_test.go +++ b/pkg/lockfile/ruby/parse-gemfile-lock_test.go @@ -2,8 +2,12 @@ package ruby_test import ( "io/fs" + "os" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/ruby" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -112,7 +116,7 @@ func TestParseGemfileLock_OneGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ast", Version: "2.4.2", @@ -131,7 +135,7 @@ func TestParseGemfileLock_SomeGems(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "coderay", Version: "1.1.3", @@ -162,7 +166,7 @@ func TestParseGemfileLock_MultipleGems(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "bundler-audit", Version: "0.9.0.1", @@ -213,7 +217,7 @@ func TestParseGemfileLock_Rails(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "actioncable", Version: "7.0.2.2", @@ -502,7 +506,7 @@ func TestParseGemfileLock_Rubocop(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ast", Version: "2.4.2", @@ -575,7 +579,7 @@ func TestParseGemfileLock_HasLocalGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "backbone-on-rails", Version: "1.2.0.0", @@ -768,7 +772,7 @@ func TestParseGemfileLock_HasGitGem(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "hanami-controller", Version: "2.0.0.alpha1", @@ -833,3 +837,55 @@ func TestParseGemfileLock_PlatformSpecificDependencyIsParsed(t *testing.T) { }, }) } + +func TestParseGemfileLock_SomeGems_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/bundler/some-gems.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := ruby.ParseGemfileLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // some-gems.lock has: + // line 4: " coderay (1.1.3)" + // line 5: " method_source (1.0.0)" + // line 6: " pry (0.14.1)" + assert.Equal(t, len(packages), 3, "expected 3 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific line numbers + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // coderay is at line 4: " coderay (1.1.3)" + assert.Equal(t, 4, pkgMap["coderay"].BlockLocation.Line.Start) + assert.Equal(t, 4, pkgMap["coderay"].BlockLocation.Line.End) + assert.Equal(t, 1, pkgMap["coderay"].BlockLocation.Column.Start) + + // method_source is at line 5: " method_source (1.0.0)" + assert.Equal(t, 5, pkgMap["method_source"].BlockLocation.Line.Start) + assert.Equal(t, 5, pkgMap["method_source"].BlockLocation.Line.End) + + // pry is at line 6: " pry (0.14.1)" + assert.Equal(t, 6, pkgMap["pry"].BlockLocation.Line.Start) + assert.Equal(t, 6, pkgMap["pry"].BlockLocation.Line.End) + + // Verify path is absolute (from lockfile, not relative) + assert.True(t, os.IsPathSeparator(path[0]) || filepath.IsAbs(path), + "path should be absolute") +} From f33adbd83487d1fbdad57132b4fa0599f58fe749 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:48:52 +0200 Subject: [PATCH 07/36] Set BlockLocation for all packages in cargo-lock extractor Use the InTOML utility to compute block positions for each [[package]] section in Cargo.lock. Read file content into buffer for both TOML decode and line-based position computation. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/rust/parse-cargo-lock.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/lockfile/rust/parse-cargo-lock.go b/pkg/lockfile/rust/parse-cargo-lock.go index bc00ec78..c99f4f6e 100644 --- a/pkg/lockfile/rust/parse-cargo-lock.go +++ b/pkg/lockfile/rust/parse-cargo-lock.go @@ -1,9 +1,13 @@ package rust import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (e CargoLockExtractor) PackageManager() models.PackageManager { func (e CargoLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *CargoLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -42,6 +51,19 @@ func (e CargoLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCon }) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + } + return packages, nil } From 213f7a787f2796c5e93c697c02ebc1951a3c7ae1 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 15:49:04 +0200 Subject: [PATCH 08/36] Add BlockLocation test and update cargo-lock test expectations Add dedicated BlockLocation assertion test for cargo-lock extractor verifying multi-line block positions from InTOML utility. Switch existing tests to ExpectPackagesWithoutLocations. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/rust/parse-cargo-lock_test.go | 58 ++++++++++++++++++++-- 1 file changed, 54 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/rust/parse-cargo-lock_test.go b/pkg/lockfile/rust/parse-cargo-lock_test.go index 5e7e15a9..8409e7aa 100644 --- a/pkg/lockfile/rust/parse-cargo-lock_test.go +++ b/pkg/lockfile/rust/parse-cargo-lock_test.go @@ -2,8 +2,12 @@ package rust_test import ( "io/fs" + "os" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/rust" @@ -100,7 +104,7 @@ func TestParseCargoLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -119,7 +123,7 @@ func TestParseCargoLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -144,7 +148,7 @@ func TestParseCargoLock_TwoPackagesWithLocal(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "addr2line", Version: "0.15.2", @@ -169,7 +173,7 @@ func TestParseCargoLock_PackageWithBuildString(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "wasi", Version: "0.10.2+wasi-snapshot-preview1", @@ -178,3 +182,49 @@ func TestParseCargoLock_PackageWithBuildString(t *testing.T) { }, }) } + +func TestParseCargoLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/cargo/two-packages.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := rust.ParseCargoLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.lock has: + // line 5: "[[package]]" (addr2line block, lines 5-12) + // line 14: "[[package]]" (syn block, lines 14-23) + assert.Equal(t, 2, len(packages), "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // addr2line starts at line 5 ("[[package]]"), ends before the blank line at line 13 + assert.Equal(t, 5, pkgMap["addr2line"].BlockLocation.Line.Start) + assert.Equal(t, 12, pkgMap["addr2line"].BlockLocation.Line.End) + + // syn starts at line 14 ("[[package]]"), ends at line 24 (last package includes trailing content) + assert.Equal(t, 14, pkgMap["syn"].BlockLocation.Line.Start) + assert.Equal(t, 24, pkgMap["syn"].BlockLocation.Line.End) + + // Verify path is absolute + assert.True(t, os.IsPathSeparator(path[0]) || filepath.IsAbs(path), + "path should be absolute") +} From 44f1ea1366f192ccd73e37abcdae58490ca836a8 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 16:07:50 +0200 Subject: [PATCH 09/36] Set BlockLocation for all packages in poetry-lock extractor Use the InTOML utility to compute block positions for each [[package]] section in poetry.lock. Uses [metadata] as the otherKey to properly close the last package block. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-poetry-lock.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/lockfile/python/parse-poetry-lock.go b/pkg/lockfile/python/parse-poetry-lock.go index 57ffd96f..02313028 100644 --- a/pkg/lockfile/python/parse-poetry-lock.go +++ b/pkg/lockfile/python/parse-poetry-lock.go @@ -1,9 +1,13 @@ package python import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (e PoetryLockExtractor) PackageManager() models.PackageManager { func (e PoetryLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PoetryLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -47,6 +56,19 @@ func (e PoetryLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCo packages = append(packages, pkgDetails) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "[metadata]", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + } + return packages, nil } From c74dd63751af9854731a7876dc505bdc2565ef7c Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 16:08:09 +0200 Subject: [PATCH 10/36] Add BlockLocation test and update poetry-lock test expectations Add dedicated BlockLocation assertion test for poetry-lock extractor verifying multi-line block positions from InTOML utility. Switch existing tests to ExpectPackagesWithoutLocations. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-poetry-lock_test.go | 58 ++++++++++++++++--- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/pkg/lockfile/python/parse-poetry-lock_test.go b/pkg/lockfile/python/parse-poetry-lock_test.go index 62b3b899..de74b31e 100644 --- a/pkg/lockfile/python/parse-poetry-lock_test.go +++ b/pkg/lockfile/python/parse-poetry-lock_test.go @@ -112,7 +112,7 @@ func TestParsePoetryLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -157,7 +157,7 @@ func TestParsePoetryLock_OnePackage_MatcherFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -183,7 +183,7 @@ func TestParsePoetryLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "proto-plus", Version: "1.22.0", @@ -212,7 +212,7 @@ func TestParsePoetryLock_PackageWithMetadata(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "emoji", Version: "2.0.0", @@ -235,7 +235,7 @@ func TestParsePoetryLock_PackageWithGitSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ike", Version: "0.2.0", @@ -259,7 +259,7 @@ func TestParsePoetryLock_PackageWithLegacySource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "appdirs", Version: "1.4.4", @@ -283,7 +283,7 @@ func TestParsePoetryLock_OptionalPackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "numpy", Version: "1.23.3", @@ -293,3 +293,47 @@ func TestParsePoetryLock_OptionalPackage(t *testing.T) { }, }) } + +func TestParsePoetryLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/poetry/two-packages.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParsePoetryLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.lock has: + // line 1: "[[package]]" (proto-plus block, lines 1-13) + // line 15: "[[package]]" (protobuf block, lines 15-21) + // line 23: "[metadata]" (not a package) + assert.Equal(t, 2, len(packages), "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // proto-plus starts at line 1 + assert.Equal(t, 1, pkgMap["proto-plus"].BlockLocation.Line.Start) + + // protobuf starts at line 15 + assert.Equal(t, 15, pkgMap["protobuf"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} From 00c92b991394d26181f768d6cefd0717ade1d817 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 16:31:14 +0200 Subject: [PATCH 11/36] Set BlockLocation for all packages in pdm-lock extractor Use the InTOML utility to compute block positions for each [[package]] section in pdm.lock. Buffer file content with io.ReadAll for both TOML decode and line-based position computation. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-pdm-lock.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/lockfile/python/parse-pdm-lock.go b/pkg/lockfile/python/parse-pdm-lock.go index 1d0b1402..a82d800c 100644 --- a/pkg/lockfile/python/parse-pdm-lock.go +++ b/pkg/lockfile/python/parse-pdm-lock.go @@ -1,9 +1,13 @@ package python import ( + "bytes" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -25,7 +29,12 @@ func (p PdmLockExtractor) PackageManager() models.PackageManager { func (p PdmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockFile *PdmLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockFile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockFile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -59,6 +68,19 @@ func (p PdmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanConte packages = append(packages, details) } + // Set BlockLocation for each package using the InTOML utility + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := make([]*models.FilePosition, len(packages)) + for i := range packages { + positions[i] = &packages[i].BlockLocation + } + + fileposition.InTOML("[[package]]", "", positions, lines) + + for i := range packages { + packages[i].BlockLocation.Filename = f.Path() + } + return packages, nil } From 33b602ad6c97fe1abe80c1b1506994d395dc1fc8 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 16:32:05 +0200 Subject: [PATCH 12/36] Add BlockLocation test and update pdm-lock test expectations Add dedicated BlockLocation assertion test for pdm-lock extractor verifying multi-line block positions from InTOML utility. Switch existing tests to ExpectPackagesWithoutLocations. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-pdm-lock_test.go | 57 ++++++++++++++++++++-- 1 file changed, 52 insertions(+), 5 deletions(-) diff --git a/pkg/lockfile/python/parse-pdm-lock_test.go b/pkg/lockfile/python/parse-pdm-lock_test.go index 9be5075f..227838be 100644 --- a/pkg/lockfile/python/parse-pdm-lock_test.go +++ b/pkg/lockfile/python/parse-pdm-lock_test.go @@ -2,8 +2,11 @@ package python_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/python" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -109,7 +112,7 @@ func TestParsePdmLock_SinglePackage(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/single-package.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -125,7 +128,7 @@ func TestParsePdmLock_TwoPackages(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/two-packages.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -147,7 +150,7 @@ func TestParsePdmLock_PackageWithDevDependencies(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/dev-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -177,7 +180,7 @@ func TestParsePdmLock_PackageWithOptionalDependency(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/optional-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -207,7 +210,7 @@ func TestParsePdmLock_PackageWithGitDependency(t *testing.T) { packages, err := python.ParsePdmLock("../fixtures/pdm/git-dependency.toml") expectNilErr(t, err) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "toml", Version: "0.10.2", @@ -217,3 +220,47 @@ func TestParsePdmLock_PackageWithGitDependency(t *testing.T) { }, }) } + +func TestParsePdmLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/pdm/two-packages.toml") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParsePdmLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.toml has: + // line 4: [metadata] + // line 10: [[package]] (six, lines 10-19) + // line 21: [[package]] (toml, lines 21-30) + assert.Equal(t, 2, len(packages), "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // six starts at line 10 ("[[package]]") + assert.Equal(t, 10, pkgMap["six"].BlockLocation.Line.Start) + + // toml starts at line 21 ("[[package]]") + assert.Equal(t, 21, pkgMap["toml"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} From 5dc4871aa67192b911f5fd7442881cfd2c7298f1 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 16:35:16 +0200 Subject: [PATCH 13/36] Set BlockLocation for all packages in uv-lock extractor Use the InTOML utility to compute block positions for all [[package]] sections including root, then assign positions only to non-root packages. Handles the root package skip correctly by computing positions for all TOML entries and indexing by position. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-uv-lock.go | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/pkg/lockfile/python/parse-uv-lock.go b/pkg/lockfile/python/parse-uv-lock.go index df91e611..16a469fc 100644 --- a/pkg/lockfile/python/parse-uv-lock.go +++ b/pkg/lockfile/python/parse-uv-lock.go @@ -1,11 +1,14 @@ package python import ( + "bytes" "errors" "fmt" + "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -62,7 +65,12 @@ func findRootPackage(allPackages []*UvLockPackage) (*UvLockPackage, error) { func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *UvLockFile - _, err := toml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + _, err = toml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -72,6 +80,16 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex return []lockfile.PackageDetails{}, errors.New("error getting root package") } + // Compute BlockLocation for ALL toml packages (including root) using InTOML + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + allPositions := make([]models.FilePosition, len(parsedLockfile.Packages)) + positionPtrs := make([]*models.FilePosition, len(parsedLockfile.Packages)) + for i := range allPositions { + positionPtrs[i] = &allPositions[i] + } + + fileposition.InTOML("[[package]]", "", positionPtrs, lines) + // This will hold packages we will return packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) if rootPackage != nil { @@ -84,7 +102,7 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex } } - for _, lockPackage := range parsedLockfile.Packages { + for i, lockPackage := range parsedLockfile.Packages { // Skip root package because root files describe what it depends on, but isn't itself a dependency // https://docs.astral.sh/uv/concepts/projects/layout/ if isRoot(lockPackage) { @@ -100,6 +118,9 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex depGroups = append(depGroups, "dev") } + blockLocation := allPositions[i] + blockLocation.Filename = f.Path() + pkgDetails := lockfile.PackageDetails{ Name: lockPackage.Name, Version: lockPackage.Version, @@ -107,6 +128,7 @@ func (e UvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContex PackageManager: uvPackageManager, Ecosystem: models.EcosystemPyPI, IsDirect: isDirect || isDevDependency, + BlockLocation: blockLocation, } if len(depGroups) > 0 { From 5319be0ae0408c785d92879284670dc653b9f0b7 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 17:11:40 +0200 Subject: [PATCH 14/36] Add BlockLocation test and update uv-lock test expectations Add dedicated BlockLocation assertion test for uv-lock extractor verifying that root package is skipped while non-root packages get correct positions. Switch existing tests to ExpectPackagesWithoutLocations. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-uv-lock_test.go | 57 +++++++++++++++++++++-- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/python/parse-uv-lock_test.go b/pkg/lockfile/python/parse-uv-lock_test.go index 0c423301..6d63fc8d 100644 --- a/pkg/lockfile/python/parse-uv-lock_test.go +++ b/pkg/lockfile/python/parse-uv-lock_test.go @@ -5,6 +5,8 @@ import ( "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/python" @@ -24,7 +26,7 @@ func TestParseUvLock_SinglePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "requests", Version: "2.32.3", @@ -72,7 +74,7 @@ func TestParseUvLock_NoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{}) + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{}) } func TestParseUvLock_MultiplePackage(t *testing.T) { @@ -88,7 +90,7 @@ func TestParseUvLock_MultiplePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "bottle", Version: "0.13.3", @@ -147,7 +149,7 @@ func TestParseUvLock_DevPackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "requests", Version: "2.32.3", @@ -228,3 +230,50 @@ func TestParseUvLock_DevPackage(t *testing.T) { }, }) } + +func TestParseUvLock_SinglePackage_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/uv/single-package.lock") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := python.ParseUvLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // single-package.lock has 6 [[package]] sections: + // line 5: certifi, line 14: charset-normalizer, line 36: idna, + // line 45: requests, line 60: urllib3, line 69: uv (root, skipped) + // Root package "uv" is skipped, so 5 packages returned. + assert.Equal(t, 5, len(packages), "expected 5 packages (root skipped)") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // certifi starts at line 5 + assert.Equal(t, 5, pkgMap["certifi"].BlockLocation.Line.Start) + + // idna starts at line 36 + assert.Equal(t, 36, pkgMap["idna"].BlockLocation.Line.Start) + + // requests starts at line 45 + assert.Equal(t, 45, pkgMap["requests"].BlockLocation.Line.Start) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} From 562ac20c3fd2e3f8f5e85e13fc25d27a79f7df96 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 17:15:51 +0200 Subject: [PATCH 15/36] Set BlockLocation for all packages in composer-lock extractor Add custom JSON array scanner to compute block positions for each package object in the "packages" and "packages-dev" arrays. Tracks brace depth to find start/end lines of each package block. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/php/parse-composer-lock.go | 87 +++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 5 deletions(-) diff --git a/pkg/lockfile/php/parse-composer-lock.go b/pkg/lockfile/php/parse-composer-lock.go index 238c2357..cf219c2b 100644 --- a/pkg/lockfile/php/parse-composer-lock.go +++ b/pkg/lockfile/php/parse-composer-lock.go @@ -1,10 +1,14 @@ package php import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -43,14 +47,74 @@ func (e ComposerLockExtractor) PackageManager() models.PackageManager { return composerPackageManager } +// computeComposerBlockPositions scans JSON lines to find the start/end +// positions of each object in the "packages" and "packages-dev" arrays. +// Returns positions in order: packages first, then packages-dev. +func computeComposerBlockPositions(lines []string) []models.FilePosition { + var positions []models.FilePosition + + packagesKeyRe := cachedregexp.MustCompile(`^\s*"packages(-dev)?"\s*:\s*\[`) + inArray := false + braceDepth := 0 + var currentStart int + + for i, line := range lines { + lineNum := i + 1 // 1-indexed + + if !inArray { + if packagesKeyRe.MatchString(line) { + inArray = true + braceDepth = 0 + } + + continue + } + + // Count braces on this line + for _, ch := range line { + switch ch { + case '{': + braceDepth++ + if braceDepth == 1 { + currentStart = lineNum + } + case '}': + if braceDepth == 1 { + positions = append(positions, models.FilePosition{ + Line: models.Position{Start: currentStart, End: lineNum}, + Column: models.Position{Start: strings.IndexByte(lines[currentStart-1], '{') + 1, End: strings.IndexByte(line, '}') + 2}, + }) + } + braceDepth-- + } + } + + // Check if array is closed (line has ']' at depth 0) + if braceDepth == 0 && strings.Contains(line, "]") { + inArray = false + } + } + + return positions +} + func (e ComposerLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *ComposerLock - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not read %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + // Compute block positions for all packages in both arrays + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + blockPositions := computeComposerBlockPositions(lines) + packages := make( []lockfile.PackageDetails, 0, @@ -58,25 +122,38 @@ func (e ComposerLockExtractor) Extract(f lockfile.DepFile, context lockfile.Scan uint64(len(parsedLockfile.Packages))+uint64(len(parsedLockfile.PackagesDev)), ) + posIdx := 0 for _, composerPackage := range parsedLockfile.Packages { - packages = append(packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: composerPackage.Name, Version: composerPackage.Version, Commit: composerPackage.Dist.Reference, PackageManager: composerPackageManager, Ecosystem: models.EcosystemPackagist, - }) + } + if posIdx < len(blockPositions) { + pkg.BlockLocation = blockPositions[posIdx] + pkg.BlockLocation.Filename = f.Path() + posIdx++ + } + packages = append(packages, pkg) } for _, composerPackage := range parsedLockfile.PackagesDev { - packages = append(packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: composerPackage.Name, Version: composerPackage.Version, Commit: composerPackage.Dist.Reference, PackageManager: composerPackageManager, Ecosystem: models.EcosystemPackagist, DepGroups: []string{"dev"}, - }) + } + if posIdx < len(blockPositions) { + pkg.BlockLocation = blockPositions[posIdx] + pkg.BlockLocation.Filename = f.Path() + posIdx++ + } + packages = append(packages, pkg) } return packages, nil From 385c4e2921582dbc452533fb041f8ee6b94c712a Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 17:17:26 +0200 Subject: [PATCH 16/36] Add BlockLocation test and update composer-lock test expectations Add dedicated BlockLocation assertion test for composer-lock extractor verifying JSON block positions for both packages and packages-dev arrays. Switch existing tests to ExpectPackagesWithoutLocations. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/php/parse-composer-lock_test.go | 56 ++++++++++++++++++-- 1 file changed, 52 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/php/parse-composer-lock_test.go b/pkg/lockfile/php/parse-composer-lock_test.go index 717b761d..6de4ea98 100644 --- a/pkg/lockfile/php/parse-composer-lock_test.go +++ b/pkg/lockfile/php/parse-composer-lock_test.go @@ -2,8 +2,11 @@ package php_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/php" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" @@ -99,7 +102,7 @@ func TestParseComposerLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -118,7 +121,7 @@ func TestParseComposerLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -138,7 +141,7 @@ func TestParseComposerLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -165,7 +168,7 @@ func TestParseComposerLock_TwoPackagesAlt(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "sentry/sdk", Version: "2.0.4", @@ -182,3 +185,48 @@ func TestParseComposerLock_TwoPackagesAlt(t *testing.T) { }, }) } + +func TestParseComposerLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + path, err := filepath.Abs("../fixtures/composer/two-packages.json") + if err != nil { + t.Fatalf("could not get absolute path: %v", err) + } + + packages, err := php.ParseComposerLock(path) + if err != nil { + t.Fatalf("Got unexpected error: %v", err) + } + + // two-packages.json has: + // "packages" array with sentry/sdk at lines 9-39 + // "packages-dev" array with theseer/tokenizer at lines 42-77 + assert.Equal(t, 2, len(packages), "expected 2 packages") + + for _, pkg := range packages { + assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, + "expected BlockLocation.Line.Start to be set for package %s", pkg.Name) + assert.NotEmpty(t, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to be set for package %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, + "expected BlockLocation.Filename to match the lockfile path for package %s", pkg.Name) + } + + // Verify specific positions + pkgMap := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + pkgMap[pkg.Name] = pkg + } + + // sentry/sdk starts at line 9 (opening {) and ends at line 39 (closing }) + assert.Equal(t, 9, pkgMap["sentry/sdk"].BlockLocation.Line.Start) + assert.Equal(t, 39, pkgMap["sentry/sdk"].BlockLocation.Line.End) + + // theseer/tokenizer starts at line 42 and ends at line 77 + assert.Equal(t, 42, pkgMap["theseer/tokenizer"].BlockLocation.Line.Start) + assert.Equal(t, 77, pkgMap["theseer/tokenizer"].BlockLocation.Line.End) + + // Verify path is absolute + assert.True(t, filepath.IsAbs(path), "path should be absolute") +} From bb61609b3a99bc5b09dcbf57b76adabff2f62098 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 17:59:16 +0200 Subject: [PATCH 17/36] feat(lockfile): add BlockLocation to pipenv-lock extractor Buffer content with io.ReadAll, use InJSON utility for "default" and "develop" map sections to compute block positions for each package. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-pipenv-lock.go | 44 +++++++++++++++++++++--- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/python/parse-pipenv-lock.go b/pkg/lockfile/python/parse-pipenv-lock.go index d0faa604..5fb4e9ce 100644 --- a/pkg/lockfile/python/parse-pipenv-lock.go +++ b/pkg/lockfile/python/parse-pipenv-lock.go @@ -1,11 +1,15 @@ package python import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "slices" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -27,21 +31,48 @@ func (e PipenvLockExtractor) PackageManager() models.PackageManager { func (e PipenvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PipenvLock - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + // Build position maps for InJSON + defaultPositions := make(map[string]*models.FilePosition, len(parsedLockfile.Packages)) + for name := range parsedLockfile.Packages { + defaultPositions[name] = &models.FilePosition{} + } + + developPositions := make(map[string]*models.FilePosition, len(parsedLockfile.PackagesDev)) + for name := range parsedLockfile.PackagesDev { + developPositions[name] = &models.FilePosition{} + } + + fileposition.InJSON("default", defaultPositions, lines, 0) + fileposition.InJSON("develop", developPositions, lines, 0) + details := make(map[string]lockfile.PackageDetails) - addPkgDetails(details, parsedLockfile.Packages, "") - addPkgDetails(details, parsedLockfile.PackagesDev, "dev") + addPkgDetails(details, parsedLockfile.Packages, "", defaultPositions, f.Path()) + addPkgDetails(details, parsedLockfile.PackagesDev, "dev", developPositions, f.Path()) return slices.Collect(maps.Values(details)), nil } -func addPkgDetails(details map[string]lockfile.PackageDetails, packages map[string]PipenvPackage, group string) { +func addPkgDetails( + details map[string]lockfile.PackageDetails, + packages map[string]PipenvPackage, + group string, + positions map[string]*models.FilePosition, + filePath string, +) { for name, pipenvPackage := range packages { if pipenvPackage.Version == "" { continue @@ -59,6 +90,11 @@ func addPkgDetails(details map[string]lockfile.PackageDetails, packages map[stri if group != "" { pkgDetails.DepGroups = append(pkgDetails.DepGroups, group) } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkgDetails.BlockLocation = blockLocation + } details[name+"@"+version] = pkgDetails } } From 4f77a016c2dc96cc9800a999c9dcab970a0ce565 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 18:00:51 +0200 Subject: [PATCH 18/36] test(lockfile): update pipenv-lock tests with BlockLocation assertions Switch 5 existing tests to ExpectPackagesWithoutLocations and add dedicated TestParsePipenvLock_TwoPackages_BlockLocation test verifying positions for packages in both "default" and "develop" sections. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/python/parse-pipenv-lock_test.go | 47 ++++++++++++++++--- 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/pkg/lockfile/python/parse-pipenv-lock_test.go b/pkg/lockfile/python/parse-pipenv-lock_test.go index aae00097..0f946172 100644 --- a/pkg/lockfile/python/parse-pipenv-lock_test.go +++ b/pkg/lockfile/python/parse-pipenv-lock_test.go @@ -112,7 +112,7 @@ func TestParsePipenvLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -157,7 +157,7 @@ func TestParsePipenvLock_OnePackage_MatcherFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -183,7 +183,7 @@ func TestParsePipenvLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markupsafe", Version: "2.1.1", @@ -207,7 +207,7 @@ func TestParsePipenvLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -237,7 +237,7 @@ func TestParsePipenvLock_TwoPackagesAlt(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -266,7 +266,7 @@ func TestParsePipenvLock_MultiplePackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "itsdangerous", Version: "2.1.2", @@ -295,6 +295,41 @@ func TestParsePipenvLock_MultiplePackages(t *testing.T) { }) } +func TestParsePipenvLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pipenv/two-packages.json")) + packages, err := python.ParsePipenvLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // itsdangerous is in "default" section, lines 19-26 + itsdangerous := packagesByName["itsdangerous"] + assert.Equal(t, 19, itsdangerous.BlockLocation.Line.Start) + assert.Equal(t, 26, itsdangerous.BlockLocation.Line.End) + assert.Equal(t, 7, itsdangerous.BlockLocation.Column.Start) + assert.Equal(t, 8, itsdangerous.BlockLocation.Column.End) + assert.Equal(t, path, itsdangerous.BlockLocation.Filename) + + // markupsafe is in "develop" section, lines 29-74 + markupsafe := packagesByName["markupsafe"] + assert.Equal(t, 29, markupsafe.BlockLocation.Line.Start) + assert.Equal(t, 74, markupsafe.BlockLocation.Line.End) + assert.Equal(t, 7, markupsafe.BlockLocation.Column.Start) + assert.Equal(t, 8, markupsafe.BlockLocation.Column.End) + assert.Equal(t, path, markupsafe.BlockLocation.Filename) +} + func TestParsePipenvLock_PackageWithoutVersion(t *testing.T) { t.Parallel() From 5f42fe225ff15613b68511863cb4d20776e83e3a Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 18:07:50 +0200 Subject: [PATCH 19/36] feat(lockfile): add BlockLocation to renv-lock extractor Buffer content with io.ReadAll, use InJSON utility for "Packages" map section to compute block positions for each package. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/renv/parse-renv-lock.go | 33 ++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/renv/parse-renv-lock.go b/pkg/lockfile/renv/parse-renv-lock.go index 834e242e..49857d35 100644 --- a/pkg/lockfile/renv/parse-renv-lock.go +++ b/pkg/lockfile/renv/parse-renv-lock.go @@ -1,10 +1,14 @@ package renv import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -41,26 +45,47 @@ func (e RenvLockExtractor) PackageManager() models.PackageManager { func (e RenvLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *RenvLockfile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + // Build position map for InJSON keyed by package name + positions := make(map[string]*models.FilePosition, len(parsedLockfile.Packages)) + for name := range parsedLockfile.Packages { + positions[name] = &models.FilePosition{} + } + + fileposition.InJSON("Packages", positions, lines, 0) + packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) - for _, pkg := range parsedLockfile.Packages { + for name, pkg := range parsedLockfile.Packages { // currently we only support CRAN if pkg.Repository != string(models.EcosystemCRAN) { continue } - packages = append(packages, lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: pkg.Package, Version: pkg.Version, PackageManager: renvPackageManager, Ecosystem: models.EcosystemCRAN, - }) + } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = f.Path() + pkgDetails.BlockLocation = blockLocation + } + packages = append(packages, pkgDetails) } return packages, nil From c624db4d667fbd6a65ac7da8da15d17c371083b7 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 18:08:36 +0200 Subject: [PATCH 20/36] test(lockfile): update renv-lock tests with BlockLocation assertions Switch 4 existing tests to ExpectPackagesWithoutLocations and add dedicated TestParseRenvLock_TwoPackages_BlockLocation test verifying positions for packages in the "Packages" section. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/renv/parse-renv-lock_test.go | 41 ++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/renv/parse-renv-lock_test.go b/pkg/lockfile/renv/parse-renv-lock_test.go index f73bc92c..23e4cd71 100644 --- a/pkg/lockfile/renv/parse-renv-lock_test.go +++ b/pkg/lockfile/renv/parse-renv-lock_test.go @@ -9,6 +9,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/models" + + "github.com/stretchr/testify/assert" ) func TestParseRenvLock_FileDoesNotExist(t *testing.T) { @@ -50,7 +52,7 @@ func TestParseRenvLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "morning", Version: "0.1.0", @@ -69,7 +71,7 @@ func TestParseRenvLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markdown", Version: "1.0", @@ -94,7 +96,7 @@ func TestParseRenvLock_WithMixedSources(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "markdown", Version: "1.0", @@ -114,7 +116,7 @@ func TestParseRenvLock_WithBioconductor(t *testing.T) { } // currently Bioconductor is not supported - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "BH", Version: "1.75.0-0", @@ -124,6 +126,37 @@ func TestParseRenvLock_WithBioconductor(t *testing.T) { }) } +func TestParseRenvLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := renv.ParseRenvLock("../fixtures/renv/two-packages.lock") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // markdown block: lines 12-18 in "Packages" section + markdown := packagesByName["markdown"] + assert.Equal(t, 12, markdown.BlockLocation.Line.Start) + assert.Equal(t, 18, markdown.BlockLocation.Line.End) + assert.Equal(t, 5, markdown.BlockLocation.Column.Start) + assert.Equal(t, 6, markdown.BlockLocation.Column.End) + assert.Contains(t, markdown.BlockLocation.Filename, "two-packages.lock") + + // mime block: lines 19-25 in "Packages" section + mime := packagesByName["mime"] + assert.Equal(t, 19, mime.BlockLocation.Line.Start) + assert.Equal(t, 25, mime.BlockLocation.Line.End) + assert.Equal(t, 5, mime.BlockLocation.Column.Start) + assert.Equal(t, 6, mime.BlockLocation.Column.End) + assert.Contains(t, mime.BlockLocation.Filename, "two-packages.lock") +} + func TestParseRenvLock_WithoutRepository(t *testing.T) { t.Parallel() From 2b95b158d90b04687d81838925e2014fdd0246a9 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 19:33:55 +0200 Subject: [PATCH 21/36] feat(lockfile): add BlockLocation to nuget-lock extractor Buffer content with io.ReadAll, use InJSON utility per framework target (e.g. "net6.0") to compute block positions for each package within the nested "dependencies" structure. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/dotnet/parse-nuget-lock.go | 52 +++++++++++++++++++++---- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/pkg/lockfile/dotnet/parse-nuget-lock.go b/pkg/lockfile/dotnet/parse-nuget-lock.go index 1ee32a42..18e2936c 100644 --- a/pkg/lockfile/dotnet/parse-nuget-lock.go +++ b/pkg/lockfile/dotnet/parse-nuget-lock.go @@ -1,45 +1,74 @@ package dotnet import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "slices" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" "maps" ) -func parseNuGetLockDependencies(dependencies map[string]NuGetLockPackage) map[string]lockfile.PackageDetails { +func parseNuGetLockDependencies( + dependencies map[string]NuGetLockPackage, + positions map[string]*models.FilePosition, + filePath string, +) map[string]lockfile.PackageDetails { details := map[string]lockfile.PackageDetails{} for name, dependency := range dependencies { if strings.EqualFold(dependency.Type, projectDependencyType) { continue } - details[name+"@"+dependency.Resolved] = lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: name, Version: dependency.Resolved, PackageManager: nugetPackageManager, Ecosystem: models.EcosystemNuGet, IsDirect: dependency.Type == "Direct", } + if pos, ok := positions[name]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkgDetails.BlockLocation = blockLocation + } + details[name+"@"+dependency.Resolved] = pkgDetails } return details } -func parseNuGetLock(file NuGetLockfile) ([]lockfile.PackageDetails, error) { +func parseNuGetLock( + file NuGetLockfile, + lines []string, + filePath string, +) ([]lockfile.PackageDetails, error) { details := map[string]lockfile.PackageDetails{} // go through the dependencies for each framework, e.g. `net6.0` and parse // its dependencies, there might be different or duplicate dependencies - // between frameworks - for _, dependencies := range file.Dependencies { - maps.Copy(details, parseNuGetLockDependencies(dependencies)) + // between frameworks. + // Sort framework names so that when the same package appears in multiple + // frameworks, the first framework alphabetically wins (deterministic output). + frameworkNames := slices.Sorted(maps.Keys(file.Dependencies)) + for _, frameworkName := range frameworkNames { + dependencies := file.Dependencies[frameworkName] + // Build position map for this framework's packages + positions := make(map[string]*models.FilePosition, len(dependencies)) + for name := range dependencies { + positions[name] = &models.FilePosition{} + } + + fileposition.InJSON(frameworkName, positions, lines, 0) + + maps.Copy(details, parseNuGetLockDependencies(dependencies, positions, filePath)) } return slices.Collect(maps.Values(details)), nil @@ -60,7 +89,12 @@ func (e NuGetLockExtractor) PackageManager() models.PackageManager { func (e NuGetLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *NuGetLockfile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } @@ -69,7 +103,9 @@ func (e NuGetLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCon return []lockfile.PackageDetails{}, fmt.Errorf("could not extract: unsupported lock file version %d", parsedLockfile.Version) } - return parseNuGetLock(*parsedLockfile) + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + return parseNuGetLock(*parsedLockfile, lines, f.Path()) } var NuGetExtractor = NuGetLockExtractor{ From cfbdacc38ba04f3097417575f8c781ef9203b84c Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 19:34:48 +0200 Subject: [PATCH 22/36] test(lockfile): update nuget-lock tests with BlockLocation assertions Switch 6 existing tests to ExpectPackagesWithoutLocations, update MultipleVersionsNonDeterministicOrder to expect lockfile positions for packages not matched by .csproj, and add dedicated BlockLocation test for one-framework-two-packages fixture. Co-Authored-By: Claude Sonnet 4.6 --- .../dotnet/parse-nuget-lock-v1_test.go | 59 ++++++++++++++++--- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go b/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go index 1bd11ede..5f0d02c3 100644 --- a/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go +++ b/pkg/lockfile/dotnet/parse-nuget-lock-v1_test.go @@ -55,7 +55,7 @@ func TestParseNuGetLock_v1_OneFramework_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -74,7 +74,7 @@ func TestParseNuGetLock_v1_OneFramework_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -92,6 +92,36 @@ func TestParseNuGetLock_v1_OneFramework_TwoPackages(t *testing.T) { }) } +func TestParseNuGetLock_v1_OneFramework_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := dotnet.ParseNuGetLock("../fixtures/nuget/one-framework-two-packages/packages.lock.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + // Test.Core block: lines 5-10 within "net6.0" framework + testCore := packagesByName["Test.Core"] + assert.Equal(t, 5, testCore.BlockLocation.Line.Start) + assert.Equal(t, 10, testCore.BlockLocation.Line.End) + assert.Equal(t, 7, testCore.BlockLocation.Column.Start) + assert.Equal(t, 8, testCore.BlockLocation.Column.End) + assert.Contains(t, testCore.BlockLocation.Filename, "one-framework-two-packages") + + // Test.System block: lines 11-19 within "net6.0" framework + testSystem := packagesByName["Test.System"] + assert.Equal(t, 11, testSystem.BlockLocation.Line.Start) + assert.Equal(t, 19, testSystem.BlockLocation.Line.End) + assert.Equal(t, 7, testSystem.BlockLocation.Column.Start) + assert.Equal(t, 8, testSystem.BlockLocation.Column.End) + assert.Contains(t, testSystem.BlockLocation.Filename, "one-framework-two-packages") +} + func TestParseNuGetLock_v1_TwoFrameworks_MixedPackages(t *testing.T) { t.Parallel() @@ -100,7 +130,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_MixedPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -133,7 +163,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_DifferentPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -159,7 +189,7 @@ func TestParseNuGetLock_v1_TwoFrameworks_DuplicatePackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -202,7 +232,7 @@ func TestParseNuGetLock_v1_OneFramework_OnePackage_MatchedFailed(t *testing.T) { _ = r.Close() assert.Contains(t, buffer.String(), matcherError.Error()) - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "Test.Core", Version: "6.0.5", @@ -318,6 +348,11 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + absoluteLockfilePath, err := filepath.Abs("../fixtures/nuget/multiple-versions-with-lockfile/packages.lock.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ { Name: "Newtonsoft.Json", @@ -350,7 +385,11 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { PackageManager: models.NuGet, Ecosystem: models.EcosystemNuGet, IsDirect: true, - BlockLocation: models.FilePosition{}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 13}, + Column: models.Position{Start: 7, End: 8}, + Filename: absoluteLockfilePath, + }, }, { Name: "Newtonsoft.Json", @@ -383,7 +422,11 @@ func TestMultipleVersionsNonDeterministicOrder(t *testing.T) { PackageManager: models.NuGet, Ecosystem: models.EcosystemNuGet, IsDirect: false, - BlockLocation: models.FilePosition{}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 20, End: 24}, + Column: models.Position{Start: 7, End: 8}, + Filename: absoluteLockfilePath, + }, }, }) } From b297d125cf29bf8f3b3fc57eff74c0a4578b02dc Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 20:35:26 +0200 Subject: [PATCH 23/36] Add BlockLocation to conan-lock extractor for both V1 and V2 formats V1 (nodes map): Uses InJSON with "nodes" group key to get positions for each node block, keyed by node ID. V2 (string arrays): Uses ExtractDelimitedStringPositionInBlock to find the line containing each reference string within quotes. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/cpp/parse-conan-lock.go | 67 +++++++++++++++++++++------- 1 file changed, 51 insertions(+), 16 deletions(-) diff --git a/pkg/lockfile/cpp/parse-conan-lock.go b/pkg/lockfile/cpp/parse-conan-lock.go index 541b769a..0c9a21d0 100644 --- a/pkg/lockfile/cpp/parse-conan-lock.go +++ b/pkg/lockfile/cpp/parse-conan-lock.go @@ -1,11 +1,14 @@ package cpp import ( + "bytes" "encoding/json" "fmt" + "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -103,11 +106,11 @@ func parseConanRenference(ref string) ConanReference { return reference } -func parseConanV1Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { +func parseConanV1Lock(sourceFile ConanLockFile, positions map[string]*models.FilePosition, filePath string) []lockfile.PackageDetails { var reference ConanReference packages := make([]lockfile.PackageDetails, 0, len(sourceFile.GraphLock.Nodes)) - for _, node := range sourceFile.GraphLock.Nodes { + for nodeID, node := range sourceFile.GraphLock.Nodes { if node.Path != "" { // a local "conanfile.txt", skip continue @@ -126,18 +129,27 @@ func parseConanV1Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { if reference.Name == "" { continue } - packages = append(packages, lockfile.PackageDetails{ + + pkg := lockfile.PackageDetails{ Name: reference.Name, Version: reference.Version, PackageManager: conanPackageManager, Ecosystem: models.EcosystemConanCenter, - }) + } + + if pos, ok := positions[nodeID]; ok { + blockLocation := *pos + blockLocation.Filename = filePath + pkg.BlockLocation = blockLocation + } + + packages = append(packages, pkg) } return packages } -func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, group string) { +func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, group string, lines []string, filePath string) { for _, ref := range requires { reference := parseConanRenference(ref) // skip entries with no name, they are most likely consumer's conanfiles @@ -146,36 +158,52 @@ func parseConanRequires(packages *[]lockfile.PackageDetails, requires []string, continue } - *packages = append(*packages, lockfile.PackageDetails{ + pkg := lockfile.PackageDetails{ Name: reference.Name, Version: reference.Version, PackageManager: conanPackageManager, Ecosystem: models.EcosystemConanCenter, DepGroups: []string{group}, - }) + } + + // Find the line containing this exact reference string + pos := fileposition.ExtractDelimitedStringPositionInBlock(lines, ref, 1, "\"", "\"") + if pos != nil { + pos.Filename = filePath + pkg.BlockLocation = *pos + } + + *packages = append(*packages, pkg) } } -func parseConanV2Lock(sourceFile ConanLockFile) []lockfile.PackageDetails { +func parseConanV2Lock(sourceFile ConanLockFile, lines []string, filePath string) []lockfile.PackageDetails { packages := make( []lockfile.PackageDetails, 0, uint64(len(sourceFile.Requires))+uint64(len(sourceFile.BuildRequires))+uint64(len(sourceFile.PythonRequires)), ) - parseConanRequires(&packages, sourceFile.Requires, "requires") - parseConanRequires(&packages, sourceFile.BuildRequires, "build-requires") - parseConanRequires(&packages, sourceFile.PythonRequires, "python-requires") + parseConanRequires(&packages, sourceFile.Requires, "requires", lines, filePath) + parseConanRequires(&packages, sourceFile.BuildRequires, "build-requires", lines, filePath) + parseConanRequires(&packages, sourceFile.PythonRequires, "python-requires", lines, filePath) return packages } -func parseConanLock(lockfile ConanLockFile) []lockfile.PackageDetails { +func parseConanLock(lockfile ConanLockFile, lines []string, filePath string) []lockfile.PackageDetails { if lockfile.GraphLock.Nodes != nil { - return parseConanV1Lock(lockfile) + positions := make(map[string]*models.FilePosition, len(lockfile.GraphLock.Nodes)) + for nodeID := range lockfile.GraphLock.Nodes { + positions[nodeID] = &models.FilePosition{} + } + + fileposition.InJSON("nodes", positions, lines, 0) + + return parseConanV1Lock(lockfile, positions, filePath) } - return parseConanV2Lock(lockfile) + return parseConanV2Lock(lockfile, lines, filePath) } type ConanLockExtractor struct{} @@ -195,12 +223,19 @@ func (e ConanLockExtractor) PackageManager() models.PackageManager { func (e ConanLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *ConanLockFile - err := json.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = json.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } - return parseConanLock(*parsedLockfile), nil + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + + return parseConanLock(*parsedLockfile, lines, f.Path()), nil } var _ lockfile.Extractor = ConanLockExtractor{} From e797df5f2190007b7f7699aebe2fabdf26b9eb66 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 22:07:18 +0200 Subject: [PATCH 24/36] test(lockfile): update conan-lock tests with BlockLocation assertions Switch existing v1-revisions and v2 tests from ExpectPackages to ExpectPackagesWithoutLocations, and add dedicated BlockLocation tests for both v1-revisions and v2 formats. Co-Authored-By: Claude Sonnet 4.6 --- .../cpp/parse-conan-lock-v1-revisions_test.go | 49 +++++++++++++++++-- pkg/lockfile/cpp/parse-conan-lock-v2_test.go | 45 +++++++++++++++-- 2 files changed, 84 insertions(+), 10 deletions(-) diff --git a/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go b/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go index ff47241a..f8b1862a 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v1-revisions_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v1_revisions_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -68,7 +71,7 @@ func TestParseConanLock_v1_revisions_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -87,7 +90,7 @@ func TestParseConanLock_v1_revisions_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -112,7 +115,7 @@ func TestParseConanLock_v1_revisions_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -155,7 +158,7 @@ func TestParseConanLock_v1_revisions_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -164,3 +167,39 @@ func TestParseConanLock_v1_revisions_OnePackageDev(t *testing.T) { }, }) } + +func TestParseConanLock_v1_revisions_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v1.revisions.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v1.revisions.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // Node "1": zlib, lines 14-20, column 7-8 + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 14, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 20, zlibPkg.BlockLocation.Line.End) + assert.Equal(t, 7, zlibPkg.BlockLocation.Column.Start) + assert.Equal(t, 8, zlibPkg.BlockLocation.Column.End) + + // Node "2": bzip2, lines 21-27, column 7-8 + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 21, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 27, bzip2Pkg.BlockLocation.Line.End) + assert.Equal(t, 7, bzip2Pkg.BlockLocation.Column.Start) + assert.Equal(t, 8, bzip2Pkg.BlockLocation.Column.End) +} diff --git a/pkg/lockfile/cpp/parse-conan-lock-v2_test.go b/pkg/lockfile/cpp/parse-conan-lock-v2_test.go index 49b950bc..13db01f3 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v2_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v2_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v2_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -69,7 +72,7 @@ func TestParseConanLock_v2_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -89,7 +92,7 @@ func TestParseConanLock_v2_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -116,7 +119,7 @@ func TestParseConanLock_v2_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -164,7 +167,7 @@ func TestParseConanLock_v2_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -174,3 +177,35 @@ func TestParseConanLock_v2_OnePackageDev(t *testing.T) { }, }) } + +func TestParseConanLock_v2_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v2.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v2.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // zlib on line 4: "zlib/1.2.11#ffa77daf83a57094149707928bdce823%1667396813.184" + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 4, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 4, zlibPkg.BlockLocation.Line.End) + + // bzip2 on line 5: "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008%1666580345.213" + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 5, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 5, bzip2Pkg.BlockLocation.Line.End) +} From 61bd5d8436d1ead068e00e4a812c357246ebecc1 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 22:16:30 +0200 Subject: [PATCH 25/36] feat(lockfile): add BlockLocation to gradle-verification-metadata extractor Buffer XML content and scan for elements to extract line positions. Handles duplicate group:name:version entries (multiple versions) by consuming positions sequentially. Co-Authored-By: Claude Sonnet 4.6 --- .../parse-gradle-verification-metadata.go | 83 ++++++++++++++++++- 1 file changed, 80 insertions(+), 3 deletions(-) diff --git a/pkg/lockfile/java/parse-gradle-verification-metadata.go b/pkg/lockfile/java/parse-gradle-verification-metadata.go index ac5f57cb..87818b99 100644 --- a/pkg/lockfile/java/parse-gradle-verification-metadata.go +++ b/pkg/lockfile/java/parse-gradle-verification-metadata.go @@ -1,10 +1,15 @@ package java import ( + "bytes" "encoding/xml" "fmt" + "io" "path/filepath" + "strings" + "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -21,24 +26,96 @@ func (e GradleVerificationMetadataExtractor) PackageManager() models.PackageMana return gradleVerificationPackageManager } +// componentKey builds a unique key from a component's attributes for position lookup. +func componentKey(group, name, version string) string { + return group + ":" + name + ":" + version +} + +var componentStartRe = cachedregexp.MustCompile(` blocks and returns positions keyed by group:name:version. +// When the same group:name:version appears multiple times (multiple versions scenario), +// we store positions in order and consume them sequentially. +func extractComponentPositions(lines []string) map[string][]models.FilePosition { + positions := make(map[string][]models.FilePosition) + + for i, line := range lines { + matches := componentStartRe.FindStringSubmatch(line) + if matches == nil { + continue + } + + group, name, version := matches[1], matches[2], matches[3] + key := componentKey(group, name, version) + lineNum := i + 1 // 1-indexed + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(line) + + // Find the end of this component block ( or self-closing />) + endLine := lineNum + if !strings.Contains(line, "/>") { + for j := i + 1; j < len(lines); j++ { + if strings.Contains(lines[j], "") { + endLine = j + 1 + colEnd = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[j]) + + break + } + } + } + + positions[key] = append(positions[key], models.FilePosition{ + Line: models.Position{Start: lineNum, End: endLine}, + Column: models.Position{Start: colStart, End: colEnd}, + }) + } + + return positions +} + func (e GradleVerificationMetadataExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *GradleVerificationMetadataFile - err := xml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + err = xml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + lines := fileposition.BytesToLines(content) + positions := extractComponentPositions(lines) + + // Track consumption index per key for duplicate group:name:version entries + consumed := make(map[string]int) + pkgs := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Components)) for _, component := range parsedLockfile.Components { - pkgs = append(pkgs, lockfile.PackageDetails{ + key := componentKey(component.Group, component.Name, component.Version) + + pkg := lockfile.PackageDetails{ Name: component.Group + ":" + component.Name, Version: component.Version, PackageManager: gradleVerificationPackageManager, Ecosystem: models.EcosystemMaven, - }) + } + + if posList, ok := positions[key]; ok { + idx := consumed[key] + if idx < len(posList) { + pos := posList[idx] + pos.Filename = f.Path() + pkg.BlockLocation = pos + consumed[key] = idx + 1 + } + } + + pkgs = append(pkgs, pkg) } return pkgs, nil From f1634f154eb84cd10423fbf2fa7837af8dd63608 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 22:19:56 +0200 Subject: [PATCH 26/36] test(lockfile): update gradle-verification-metadata tests with BlockLocation assertions Switch existing tests to ExpectPackagesWithoutLocations and add dedicated BlockLocation test for two-packages fixture verifying line ranges for each block. Co-Authored-By: Claude Sonnet 4.6 --- ...parse-gradle-verification-metadata_test.go | 40 +++++++++++++++++-- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/pkg/lockfile/java/parse-gradle-verification-metadata_test.go b/pkg/lockfile/java/parse-gradle-verification-metadata_test.go index 416bd01e..8c9ab99f 100644 --- a/pkg/lockfile/java/parse-gradle-verification-metadata_test.go +++ b/pkg/lockfile/java/parse-gradle-verification-metadata_test.go @@ -133,7 +133,7 @@ func TestParseGradleVerificationMetadata_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "org.apache.pdfbox:pdfbox", Version: "2.0.17", @@ -200,7 +200,7 @@ func TestParseGradleVerificationMetadata_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "org.apache.pdfbox:pdfbox", Version: "2.0.17", @@ -225,7 +225,7 @@ func TestParseGradleVerificationMetadata_MultipleVersions(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "androidx.activity:activity", Version: "1.2.1", @@ -346,7 +346,7 @@ func TestParseGradleVerificationMetadata_Complex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "com.google:google", Version: "1", @@ -745,3 +745,35 @@ func TestParseGradleVerificationMetadata_Complex(t *testing.T) { }, }) } + +func TestParseGradleVerificationMetadata_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := java.ParseGradleVerificationMetadata("../fixtures/gradle-verification-metadata/two-packages.xml") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/gradle-verification-metadata/two-packages.xml") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // pdfbox: on line 10, on line 17 + pdfboxPkg := packagesByName["org.apache.pdfbox:pdfbox"] + assert.Equal(t, absoluteLockfilePath, pdfboxPkg.BlockLocation.Filename) + assert.Equal(t, 10, pdfboxPkg.BlockLocation.Line.Start) + assert.Equal(t, 17, pdfboxPkg.BlockLocation.Line.End) + + // javaparser-core: on line 18, on line 22 + javaparserPkg := packagesByName["com.github.javaparser:javaparser-core"] + assert.Equal(t, absoluteLockfilePath, javaparserPkg.BlockLocation.Filename) + assert.Equal(t, 18, javaparserPkg.BlockLocation.Line.Start) + assert.Equal(t, 22, javaparserPkg.BlockLocation.Line.End) +} From 43528e89d3dd477763a2405d606421274afefde1 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 22:36:05 +0200 Subject: [PATCH 27/36] feat(lockfile): add BlockLocation to pubspec-lock extractor Buffer YAML content and scan for package name entries at 2-space indent under the "packages:" key. Track block boundaries from package name line to the line before the next package or end of section. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/dart/parse-pubspec-lock.go | 111 +++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/pkg/lockfile/dart/parse-pubspec-lock.go b/pkg/lockfile/dart/parse-pubspec-lock.go index 67739d0c..4f5736e8 100644 --- a/pkg/lockfile/dart/parse-pubspec-lock.go +++ b/pkg/lockfile/dart/parse-pubspec-lock.go @@ -1,12 +1,14 @@ package dart import ( + "bytes" "errors" "fmt" "io" "path/filepath" "strings" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -86,10 +88,108 @@ func (e PubspecLockExtractor) PackageManager() models.PackageManager { return pubsecPackageManager } +// extractPubspecPackagePositions scans YAML lines for package entries under "packages:". +// Package names appear at 2-space indent (e.g. " shelf:"), and their blocks extend +// until the next entry at the same or lesser indent level. +func extractPubspecPackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentName string + var startLine int + + for i, line := range lines { + lineNum := i + 1 + + // Detect the "packages:" top-level key + if strings.TrimSpace(line) == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // Check if we've left the packages section (non-indented, non-empty line) + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + // Close current package if any + if currentName != "" { + pos := positions[currentName] + pos.Line.End = i // previous line (1-indexed) + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[i-1]) + positions[currentName] = pos + currentName = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package name (e.g. " shelf:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentName != "" { + pos := positions[currentName] + pos.Line.End = i // previous line (1-indexed) + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[i-1]) + positions[currentName] = pos + } + + pkgName := strings.TrimSuffix(trimmed, ":") + currentName = pkgName + startLine = lineNum + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentName] = models.FilePosition{ + Line: models.Position{Start: startLine, End: 0}, // End will be set when block closes + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentName != "" { + pos := positions[currentName] + lastIdx := len(lines) - 1 + // Find last non-empty line + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentName] = pos + } + + return positions +} + func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PubspecLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -98,6 +198,9 @@ func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanC return []lockfile.PackageDetails{}, nil } + lines := fileposition.BytesToLines(content) + positions := extractPubspecPackagePositions(lines) + packages := make([]lockfile.PackageDetails, 0, len(parsedLockfile.Packages)) for name, pkg := range parsedLockfile.Packages { @@ -114,6 +217,12 @@ func (e PubspecLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanC break } } + + if pos, ok := positions[name]; ok { + pos.Filename = f.Path() + pkgDetails.BlockLocation = pos + } + packages = append(packages, pkgDetails) } From 5708e2e1c2994de2392daeb365b1e4c821dccd38 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Tue, 14 Apr 2026 22:38:24 +0200 Subject: [PATCH 28/36] test(lockfile): update pubspec-lock tests with BlockLocation assertions Switch existing tests to ExpectPackagesWithoutLocations and add dedicated BlockLocation test for two-packages fixture verifying line ranges for shelf and shelf_web_socket packages. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/dart/parse-pubspec-lock_test.go | 49 +++++++++++++++++--- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/pkg/lockfile/dart/parse-pubspec-lock_test.go b/pkg/lockfile/dart/parse-pubspec-lock_test.go index 1d550b40..3042a1b2 100644 --- a/pkg/lockfile/dart/parse-pubspec-lock_test.go +++ b/pkg/lockfile/dart/parse-pubspec-lock_test.go @@ -2,8 +2,11 @@ package dart_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/dart" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -112,7 +115,7 @@ func TestParsePubspecLock_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "back_button_interceptor", Version: "6.0.1", @@ -131,7 +134,7 @@ func TestParsePubspecLock_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "build_runner", Version: "2.2.1", @@ -151,7 +154,7 @@ func TestParsePubspecLock_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "shelf", Version: "1.3.2", @@ -176,7 +179,7 @@ func TestParsePubspecLock_MixedPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "back_button_interceptor", Version: "6.0.1", @@ -214,7 +217,7 @@ func TestParsePubspecLock_PackageWithGitSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "flutter_rust_bridge", Version: "1.32.0", @@ -262,7 +265,7 @@ func TestParsePubspecLock_PackageWithSdkSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "flutter_web_plugins", Version: "0.0.0", @@ -282,7 +285,7 @@ func TestParsePubspecLock_PackageWithPathSource(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "maa_core", Version: "0.0.1", @@ -292,3 +295,35 @@ func TestParsePubspecLock_PackageWithPathSource(t *testing.T) { }, }) } + +func TestParsePubspecLock_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := dart.ParsePubspecLock("../fixtures/pub/two-packages.lock") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/pub/two-packages.lock") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // shelf: lines 4-10 + shelfPkg := packagesByName["shelf"] + assert.Equal(t, absoluteLockfilePath, shelfPkg.BlockLocation.Filename) + assert.Equal(t, 4, shelfPkg.BlockLocation.Line.Start) + assert.Equal(t, 10, shelfPkg.BlockLocation.Line.End) + + // shelf_web_socket: lines 11-17 + swsPkg := packagesByName["shelf_web_socket"] + assert.Equal(t, absoluteLockfilePath, swsPkg.BlockLocation.Filename) + assert.Equal(t, 11, swsPkg.BlockLocation.Line.Start) + assert.Equal(t, 17, swsPkg.BlockLocation.Line.End) +} From 710069eb630cc386461ef3c9fde0a758d4194b5b Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 15 Apr 2026 11:50:26 +0200 Subject: [PATCH 29/36] feat(lockfile): add BlockLocation to pnpm-lock extractor Add lockfile position tracking for both pnpm v9+ and legacy ( --- pkg/lockfile/javascript/parse-pnpm-v9-lock.go | 190 ++++++++++++++++-- pkg/lockfile/javascript/pnpm-legacy-lock.go | 108 +++++++++- 2 files changed, 283 insertions(+), 15 deletions(-) diff --git a/pkg/lockfile/javascript/parse-pnpm-v9-lock.go b/pkg/lockfile/javascript/parse-pnpm-v9-lock.go index 794147f9..1040f97b 100644 --- a/pkg/lockfile/javascript/parse-pnpm-v9-lock.go +++ b/pkg/lockfile/javascript/parse-pnpm-v9-lock.go @@ -1,6 +1,7 @@ package javascript import ( + "bytes" "errors" "fmt" "io" @@ -11,6 +12,7 @@ import ( "maps" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -74,7 +76,7 @@ func addDependencyToPackageDetails(dependency lockfile.PackageDetails, packageId return deps } -func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, targetedKey string, deps map[string]lockfile.PackageDetails) map[string]lockfile.PackageDetails { +func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, targetedKey string, deps map[string]lockfile.PackageDetails, positions map[string]models.FilePosition, filePath string) map[string]lockfile.PackageDetails { // Need to look at dependencies visitedSnapshots := make(map[string]bool) snapshotQueue := make([]string, 0) @@ -96,14 +98,16 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t } for depName, depVersion := range snapshot.Dependencies { + version := getCleanedVersion(sourceFile, depName, depVersion) transitiveDep := lockfile.PackageDetails{ Name: depName, - Version: getCleanedVersion(sourceFile, depName, depVersion), + Version: version, Commit: getCommitFromVersion(depVersion), Ecosystem: models.EcosystemNPM, DepGroups: root.Pkg.DepGroups, PackageManager: models.Pnpm, IsDirect: false, + BlockLocation: lookupPnpmPosition(depName, version, depVersion, filePath, positions), } addDependencyToPackageDetails(transitiveDep, getPnpmDependencyKey(transitiveDep), deps) childKey := depName + "@" + depVersion @@ -111,14 +115,16 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t } for depName, depVersion := range snapshot.OptionalDependencies { + version := getCleanedVersion(sourceFile, depName, depVersion) transitiveDep := lockfile.PackageDetails{ Name: depName, - Version: getCleanedVersion(sourceFile, depName, depVersion), + Version: version, Commit: getCommitFromVersion(depVersion), Ecosystem: models.EcosystemNPM, DepGroups: root.Pkg.DepGroups, PackageManager: models.Pnpm, IsDirect: false, + BlockLocation: lookupPnpmPosition(depName, version, depVersion, filePath, positions), } addDependencyToPackageDetails(transitiveDep, getPnpmDependencyKey(transitiveDep), deps) childKey := depName + "@" + depVersion @@ -129,17 +135,19 @@ func extractTransitiveDeps(sourceFile PnpmLockfile, root PnpmDirectDependency, t return deps } -func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDependency, dependencies PnpmDependencies, depGroup string, workspacePath string) []PnpmDirectDependency { +func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDependency, dependencies PnpmDependencies, depGroup string, workspacePath string, positions map[string]models.FilePosition, filePath string) []PnpmDirectDependency { for dependencyName, dependency := range dependencies { var nameLocation *models.FilePosition if workspacePath != "" && workspacePath != "." { nameLocation = &models.FilePosition{Filename: workspacePath} } + version := getCleanedVersion(sourceFile, dependencyName, dependency.Version) + roots = append(roots, PnpmDirectDependency{ Pkg: lockfile.PackageDetails{ Name: dependencyName, - Version: getCleanedVersion(sourceFile, dependencyName, dependency.Version), + Version: version, Commit: getCommitFromVersion(dependency.Version), TargetVersions: []string{dependency.Specifier}, Ecosystem: models.EcosystemNPM, @@ -147,6 +155,7 @@ func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDepend PackageManager: models.Pnpm, IsDirect: true, NameLocation: nameLocation, + BlockLocation: lookupPnpmPosition(dependencyName, version, dependency.Version, filePath, positions), }, Dep: dependency, WorkspacePath: workspacePath, @@ -156,7 +165,51 @@ func extractDirectDependencies(sourceFile PnpmLockfile, roots []PnpmDirectDepend return roots } -func parsePnpmLock(sourceFile PnpmLockfile) []lockfile.PackageDetails { +// lookupPnpmPosition resolves the FilePosition for a package in the positions map. +// It tries, in order: +// 1. Exact key "name@version" (common case). +// 2. Raw version key "name@rawVersion" for git/tarball deps where the packages: section +// stores the full URL (e.g. "ansi-regex@https://codeload.github.com/...") but the +// caller has already cleaned the version to a semver. +// 3. Prefix match "name@version(" for peer-suffixed keys (e.g. "tsutils@3.21.0(typescript@4.9.5)"). +// When multiple peer variants exist for the same base version, picks the earliest by line number. +func lookupPnpmPosition(name, version, rawVersion, filePath string, positions map[string]models.FilePosition) models.FilePosition { + key := name + "@" + version + if pos, ok := positions[key]; ok { + pos.Filename = filePath + return pos + } + + // Fallback for git/tarball deps: try the raw (pre-cleaning) version. + if rawVersion != version { + rawKey := name + "@" + rawVersion + if pos, ok := positions[rawKey]; ok { + pos.Filename = filePath + return pos + } + } + + // Fallback for peer-suffixed keys (e.g. "tsutils@3.21.0(typescript@4.9.5)"). + // When multiple peer variants exist for the same base version, pick the earliest by line number. + prefix := key + "(" + var best *models.FilePosition + for k, pos := range positions { + if strings.HasPrefix(k, prefix) { + p := pos + if best == nil || p.Line.Start < best.Line.Start { + best = &p + } + } + } + if best != nil { + best.Filename = filePath + return *best + } + + return models.FilePosition{} +} + +func parsePnpmLock(sourceFile PnpmLockfile, positions map[string]models.FilePosition, filePath string) []lockfile.PackageDetails { // First create the deps tree // To do so, first look at the packages list, for each package, look into the importers // If present in the importers => its direct and we know its scope @@ -165,15 +218,15 @@ func parsePnpmLock(sourceFile PnpmLockfile) []lockfile.PackageDetails { // Going through the importers to get a direct (prod or dev), then finding the transitives in the snapshot directDependencies := make([]PnpmDirectDependency, 0) for workspacePath, importer := range sourceFile.Importers { - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.Dependencies, "prod", workspacePath) - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.OptionalDependencies, "optional", workspacePath) - directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.DevDependencies, "dev", workspacePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.Dependencies, "prod", workspacePath, positions, filePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.OptionalDependencies, "optional", workspacePath, positions, filePath) + directDependencies = extractDirectDependencies(sourceFile, directDependencies, importer.DevDependencies, "dev", workspacePath, positions, filePath) } packages := make(map[string]lockfile.PackageDetails) for _, direct := range directDependencies { packages = addDependencyToPackageDetails(direct.Pkg, getPnpmWorkspaceDependencyKey(direct), packages) - packages = extractTransitiveDeps(sourceFile, direct, direct.Pkg.Name+"@"+direct.Dep.Version, packages) + packages = extractTransitiveDeps(sourceFile, direct, direct.Pkg.Name+"@"+direct.Dep.Version, packages, positions, filePath) } return slices.Collect(maps.Values(packages)) @@ -187,10 +240,120 @@ func getPnpmDependencyKey(pkg lockfile.PackageDetails) string { return getWorkspaceDependencyKey(pkg.Name, pkg.Version, "") // this has no workspace path } +// closePnpmBlock closes a package block by finding the last non-empty line before index i. +func closePnpmBlock(positions map[string]models.FilePosition, key string, beforeIndex int, lines []string) { + pos := positions[key] + // Find last non-empty line before beforeIndex + lastNonEmpty := beforeIndex - 1 + for lastNonEmpty >= 0 && strings.TrimSpace(lines[lastNonEmpty]) == "" { + lastNonEmpty-- + } + + if lastNonEmpty >= 0 { + pos.Line.End = lastNonEmpty + 1 // 1-indexed + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastNonEmpty]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[key] = pos +} + +// extractPnpmV9PackagePositions scans YAML lines for package entries under "packages:". +// Package keys appear at 2-space indent (e.g. " acorn@8.11.3:"), and their blocks extend +// until the next entry at the same indent or end of the packages section. +func extractPnpmV9PackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentKey string + var startLine int + + for i, line := range lines { + lineNum := i + 1 + + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // Detect the "packages:" top-level key + if trimmed == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + currentKey = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package entry (e.g. " acorn@8.11.3:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + } + + // Strip trailing ":" and surrounding single quotes (YAML quotes scoped package + // names starting with "@", e.g. "'@scope/pkg@1.0.0':" → "@scope/pkg@1.0.0"). + pkgKey := strings.Trim(strings.TrimSuffix(trimmed, ":"), "'") + currentKey = pkgKey + startLine = lineNum + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: startLine, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentKey != "" { + pos := positions[currentKey] + lastIdx := len(lines) - 1 + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentKey] = pos + } + + return positions +} + func (e PnpmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var parsedLockfile *PnpmLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -213,7 +376,10 @@ func (e PnpmLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCont return e.extractLegacyPnpm(file) } - return parsePnpmLock(*parsedLockfile), nil + lines := fileposition.BytesToLines(content) + positions := extractPnpmV9PackagePositions(lines) + + return parsePnpmLock(*parsedLockfile, positions, f.Path()), nil } var PnpmExtractor = PnpmLockExtractor{ diff --git a/pkg/lockfile/javascript/pnpm-legacy-lock.go b/pkg/lockfile/javascript/pnpm-legacy-lock.go index b6e27e9f..f3f9f7cd 100644 --- a/pkg/lockfile/javascript/pnpm-legacy-lock.go +++ b/pkg/lockfile/javascript/pnpm-legacy-lock.go @@ -1,6 +1,7 @@ package javascript import ( + "bytes" "errors" "fmt" "io" @@ -9,6 +10,7 @@ import ( "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" @@ -104,7 +106,92 @@ func getVersionInfo(name string, maps ...map[string]PnpmLegacyLockDependency) (s return "", "", false } -func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetails { +// extractPnpmLegacyPackagePositions scans YAML lines for package entries under "packages:". +// Legacy pnpm package keys appear at 2-space indent (e.g. " /acorn/8.7.0:"). +func extractPnpmLegacyPackagePositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inPackages := false + var currentKey string + + for i, line := range lines { + lineNum := i + 1 + + trimmed := strings.TrimSpace(line) + if trimmed == "" { + continue + } + + // Detect the "packages:" top-level key + if trimmed == "packages:" { + inPackages = true + + continue + } + + if !inPackages { + continue + } + + // A line with no leading spaces means we've exited the packages block + if len(line) > 0 && line[0] != ' ' { + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + currentKey = "" + } + + inPackages = false + + continue + } + + // 2-space indent: package entry (e.g. " /acorn/8.7.0:") + if len(line) >= 3 && line[0] == ' ' && line[1] == ' ' && line[2] != ' ' && strings.HasSuffix(trimmed, ":") { + // Close previous package + if currentKey != "" { + closePnpmBlock(positions, currentKey, i, lines) + } + + // Strip trailing ":" and normalize YAML quoting: single-quoted keys like + // 'https://...' are stored with quotes in the raw text but decoded without + // quotes by the YAML parser. Stripping surrounding quotes makes the positions + // map key match what sourceFile.Packages uses for lookup. + pkgKey := strings.Trim(strings.TrimSuffix(trimmed, ":"), "'\"") + currentKey = pkgKey + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: lineNum, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + + continue + } + } + + // Close last package if file ended within packages section + if currentKey != "" { + pos := positions[currentKey] + lastIdx := len(lines) - 1 + for lastIdx >= 0 && strings.TrimSpace(lines[lastIdx]) == "" { + lastIdx-- + } + + if lastIdx >= 0 { + pos.Line.End = lastIdx + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastIdx]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[currentKey] = pos + } + + return positions +} + +func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile, positions map[string]models.FilePosition, filePath string) []lockfile.PackageDetails { packages := make([]lockfile.PackageDetails, 0, len(sourceFile.Packages)) for s, pkg := range sourceFile.Packages { @@ -186,6 +273,12 @@ func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetail targetVersions = []string{targetVersion} } + blockLocation := models.FilePosition{} + if pos, ok := positions[s]; ok { + pos.Filename = filePath + blockLocation = pos + } + packages = append(packages, lockfile.PackageDetails{ Name: name, Version: version, @@ -195,6 +288,7 @@ func parsePnpmLegacyLock(sourceFile PnpmLegacyLockfile) []lockfile.PackageDetail Commit: commit, DepGroups: depGroups, IsDirect: isDirect, + BlockLocation: blockLocation, }) } @@ -216,7 +310,12 @@ func (e PnpmLockExtractor) PackageManager() models.PackageManager { func (e PnpmLockExtractor) extractLegacyPnpm(f lockfile.DepFile) ([]lockfile.PackageDetails, error) { var parsedLockfile *PnpmLegacyLockfile - err := yaml.NewDecoder(f).Decode(&parsedLockfile) + content, err := io.ReadAll(f) + if err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + err = yaml.NewDecoder(bytes.NewReader(content)).Decode(&parsedLockfile) if err != nil && !errors.Is(err, io.EOF) { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) @@ -227,5 +326,8 @@ func (e PnpmLockExtractor) extractLegacyPnpm(f lockfile.DepFile) ([]lockfile.Pac parsedLockfile = &PnpmLegacyLockfile{} } - return parsePnpmLegacyLock(*parsedLockfile), nil + lines := fileposition.BytesToLines(content) + positions := extractPnpmLegacyPackagePositions(lines) + + return parsePnpmLegacyLock(*parsedLockfile, positions, f.Path()), nil } From a68e58d17e69dc385254c3316079ebde49b0028e Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 15 Apr 2026 11:51:40 +0200 Subject: [PATCH 30/36] test(lockfile): update pnpm-lock tests with BlockLocation assertions Add dedicated BlockLocation tests for v9 one-package, v9 mixed-groups, legacy one-package, and legacy multiple-packages fixtures. Update workspace-complex test to expect lockfile position for transitive dependency (colors@1.4.0). Co-Authored-By: Claude Sonnet 4.6 --- .../javascript/parse-pnpm-lock-v9_test.go | 191 +++++++++++++++++- 1 file changed, 188 insertions(+), 3 deletions(-) diff --git a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go index fedadc9a..3c1de340 100644 --- a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go +++ b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go @@ -9,6 +9,8 @@ import ( "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/javascript" "github.com/DataDog/datadog-sbom-generator/pkg/models" + + "github.com/stretchr/testify/assert" ) func TestParsePnpmLock_v9_NoPackages(t *testing.T) { @@ -43,6 +45,46 @@ func TestParsePnpmLock_v9_OnePackage(t *testing.T) { }) } +func TestParsePnpmLock_v9_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/one-package.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + if pkg.BlockLocation.Line.Start == 0 { + t.Errorf("Expected BlockLocation.Line.Start > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Line.End == 0 { + t.Errorf("Expected BlockLocation.Line.End > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Column.Start == 0 { + t.Errorf("Expected BlockLocation.Column.Start > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Column.End == 0 { + t.Errorf("Expected BlockLocation.Column.End > 0 for %s, got 0", pkg.Name) + } + if pkg.BlockLocation.Filename != path { + t.Errorf("Expected BlockLocation.Filename = %s, got %s", path, pkg.BlockLocation.Filename) + } + + // acorn@8.11.3 is at lines 17-20 in one-package.v9.yaml (last non-empty line before "snapshots:") + assert.Equal(t, 17, pkg.BlockLocation.Line.Start) + assert.Equal(t, 20, pkg.BlockLocation.Line.End) +} + func TestParsePnpmLock_v9_OnePackageDev(t *testing.T) { t.Parallel() @@ -313,6 +355,90 @@ func TestParsePnpmLock_v9_Commits(t *testing.T) { }) } +// TestParsePnpmLock_v9_Commits_BlockLocation verifies that git/tarball dependencies +// (whose packages: key uses a full URL like "ansi-regex@https://codeload.github.com/...") +// correctly resolve their BlockLocation even though lookupPnpmPosition receives a cleaned +// semver version, not the raw URL. +func TestParsePnpmLock_v9_Commits_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/commits.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + +func TestParsePnpmLock_v9_MixedGroups_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/mixed-groups.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // All packages should have BlockLocation set + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + +// TestParsePnpmLock_v9_PeerDependenciesAdvanced_BlockLocation verifies that scoped packages +// (whose YAML keys are surrounded by single quotes, e.g. '@scope/pkg@1.0.0':) get their +// BlockLocation correctly populated. This is a regression test for the bug where the single +// quotes were stored as part of the position map key, causing lookups to miss. +func TestParsePnpmLock_v9_PeerDependenciesAdvanced_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/peer-dependencies-advanced.v9.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // Packages that appear in the packages: section should all have BlockLocation set. + // chalk@4.1.2 only appears in snapshots: (not packages:) so it is the only exception. + packagesWithoutPosition := map[string]bool{ + "chalk@4.1.2": true, + } + + for _, pkg := range packages { + key := pkg.Name + "@" + pkg.Version + if packagesWithoutPosition[key] { + continue + } + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + func TestParsePnpmLock_v9_MixedGroups(t *testing.T) { t.Parallel() @@ -573,6 +699,7 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { } rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/pnpm-lock.yaml")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) workspace3Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-3/package.json")) @@ -608,9 +735,13 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { Version: "1.4.0", PackageManager: models.Pnpm, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 45, End: 47}, + Column: models.Position{Start: 3, End: 32}, + Filename: lockfilePath, + }, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, }, { Name: "semver", @@ -764,3 +895,57 @@ func TestParsePnpmLock_v9_WorkspacesComplex(t *testing.T) { }, }) } + +func TestParsePnpmLock_Legacy_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/one-package.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // /acorn/8.7.0 is at lines 11-15 in one-package.yaml + assert.Equal(t, 11, pkg.BlockLocation.Line.Start) + assert.Equal(t, 15, pkg.BlockLocation.Line.End) +} + +func TestParsePnpmLock_Legacy_MultiplePackages_BlockLocation(t *testing.T) { + t.Parallel() + + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/pnpm/multiple-packages.yaml")) + packages, err := javascript.ParsePnpmLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + // All packages should have BlockLocation set + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} From dfae2acbe8ac65bfc18831efe5f7002b13ea8346 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 15 Apr 2026 12:55:00 +0200 Subject: [PATCH 31/36] feat(lockfile): add BlockLocation to yarn-lock extractor Add lockfile position tracking for both yarn v1-v3 (text format) and v4+ (JSON format). For text format, track line numbers during block grouping. For JSON format, scan lines for entry keys within "entries" object. Buffer full content for both formats to enable line scanning. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/javascript/parse-yarn-lock.go | 196 +++++++++++++++++---- pkg/lockfile/javascript/types.go | 1 + 2 files changed, 165 insertions(+), 32 deletions(-) diff --git a/pkg/lockfile/javascript/parse-yarn-lock.go b/pkg/lockfile/javascript/parse-yarn-lock.go index 7829a2f4..8180df52 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock.go +++ b/pkg/lockfile/javascript/parse-yarn-lock.go @@ -3,7 +3,6 @@ package javascript import ( "bufio" "encoding/json" - "errors" "fmt" "io" "net/url" @@ -12,6 +11,7 @@ import ( "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -53,12 +53,42 @@ func parseYarnPackageBlock(block []string) []YarnPackage { return packages } -func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { +// findLastNonEmptyLineInRange finds the 1-indexed line number of the last non-empty line +// within the 0-indexed range [startIdx, endIdx]. +func findLastNonEmptyLineInRange(lines []string, startIdx, endIdx int) int { + if endIdx >= len(lines) { + endIdx = len(lines) - 1 + } + + for i := endIdx; i >= startIdx; i-- { + if strings.TrimSpace(lines[i]) != "" { + return i + 1 // 1-indexed + } + } + + return startIdx + 1 +} + +// buildYarnBlockPosition creates a FilePosition from 1-indexed start and end line numbers. +func buildYarnBlockPosition(lines []string, startLine, endLine int) models.FilePosition { + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(lines[startLine-1]) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(lines[endLine-1]) + + return models.FilePosition{ + Line: models.Position{Start: startLine, End: endLine}, + Column: models.Position{Start: colStart, End: colEnd}, + } +} + +func groupYarnPackageLines(scanner *bufio.Scanner, lines []string) []YarnPackage { var groups []YarnPackage var group []string + var blockStartLine int // 1-indexed line number of block start + lineNum := 0 var line string for scanner.Scan() { + lineNum++ line = scanner.Text() if shouldSkipYarnLine(line) { @@ -69,9 +99,15 @@ func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { if !strings.HasPrefix(line, " ") { if len(group) > 0 { packages := parseYarnPackageBlock(group) + // Set BlockLocation on each package + blockEndLine := findLastNonEmptyLineInRange(lines, blockStartLine-1, lineNum-2) + for i := range packages { + packages[i].BlockLocation = buildYarnBlockPosition(lines, blockStartLine, blockEndLine) + } groups = append(groups, packages...) } group = make([]string, 0) + blockStartLine = lineNum } group = append(group, line) @@ -79,6 +115,10 @@ func groupYarnPackageLines(scanner *bufio.Scanner) []YarnPackage { if len(group) > 0 { packages := parseYarnPackageBlock(group) + blockEndLine := findLastNonEmptyLineInRange(lines, blockStartLine-1, len(lines)-1) + for i := range packages { + packages[i].BlockLocation = buildYarnBlockPosition(lines, blockStartLine, blockEndLine) + } groups = append(groups, packages...) } @@ -336,7 +376,7 @@ func buildDependencyTree(rootPkgName, rootPkgTargetVersion, rootPkgRegistry stri return results } -func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { +func parseYarnPackage(dependency YarnPackage, filePath string) lockfile.PackageDetails { if dependency.Version == "" { _, _ = fmt.Fprintf( os.Stderr, @@ -350,6 +390,9 @@ func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { nameLocation = &models.FilePosition{Filename: dependency.WorkspacePath} } + blockLocation := dependency.BlockLocation + blockLocation.Filename = filePath + return lockfile.PackageDetails{ Name: dependency.Name, Version: dependency.Version, @@ -358,6 +401,7 @@ func parseYarnPackage(dependency YarnPackage) lockfile.PackageDetails { Ecosystem: models.EcosystemNPM, Commit: tryExtractCommit(dependency.Resolution), NameLocation: nameLocation, + BlockLocation: blockLocation, } } @@ -450,12 +494,110 @@ func isJSONFormat(content []byte) bool { // // Returns a slice of YarnPackage structs compatible with the existing YAML parser output, // allowing the rest of the extraction logic to work identically for both formats. -func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { +// extractYarnBerryJSONPositions scans JSON lines for entry keys within the "entries" object. +// Entry keys appear as " \"package@npm:^1.0.0\": {" at 4-space indent inside "entries". +func extractYarnBerryJSONPositions(lines []string) map[string]models.FilePosition { + positions := make(map[string]models.FilePosition) + + inEntries := false + var currentKey string + braceDepth := 0 + + for i, line := range lines { + lineNum := i + 1 + trimmed := strings.TrimSpace(line) + + // Detect "entries": { + if !inEntries && strings.Contains(trimmed, `"entries"`) && strings.HasSuffix(trimmed, "{") { + inEntries = true + braceDepth = 1 + + continue + } + + if !inEntries { + continue + } + + // Track brace depth + for _, ch := range trimmed { + if ch == '{' { + braceDepth++ + } else if ch == '}' { + braceDepth-- + } + } + + if braceDepth <= 0 { + // Close last entry + if currentKey != "" { + closeBerryEntry(positions, currentKey, i, lines) + currentKey = "" + } + + inEntries = false + + continue + } + + // Entry key at depth 1 (exactly 4-space indent, opens an object): " \"package@npm:^1.0.0\": {" + // Require HasSuffix("{") to avoid false positives on internal fields like "checksum": "..." + // which also sit at depth 2 but do not open a new brace. + if braceDepth == 2 && strings.HasSuffix(trimmed, "{") && strings.HasPrefix(line, " ") { + // This is a new entry key + if currentKey != "" { + closeBerryEntry(positions, currentKey, i, lines) + } + + // Extract the key between quotes + firstQuote := strings.Index(trimmed, `"`) + lastQuote := strings.Index(trimmed[firstQuote+1:], `"`) + + if firstQuote >= 0 && lastQuote >= 0 { + key := trimmed[firstQuote+1 : firstQuote+1+lastQuote] + currentKey = key + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(line) + + positions[currentKey] = models.FilePosition{ + Line: models.Position{Start: lineNum, End: 0}, + Column: models.Position{Start: colStart, End: 0}, + } + } + } + } + + if currentKey != "" { + closeBerryEntry(positions, currentKey, len(lines), lines) + } + + return positions +} + +func closeBerryEntry(positions map[string]models.FilePosition, key string, beforeIndex int, lines []string) { + pos := positions[key] + lastNonEmpty := beforeIndex - 1 + for lastNonEmpty >= 0 && strings.TrimSpace(lines[lastNonEmpty]) == "" { + lastNonEmpty-- + } + + if lastNonEmpty >= 0 { + pos.Line.End = lastNonEmpty + 1 + pos.Column.End = fileposition.GetLastNonEmptyCharacterIndexInLine(lines[lastNonEmpty]) + } else { + pos.Line.End = pos.Line.Start + } + + positions[key] = pos +} + +func parseYarnBerryJSON(content []byte, lines []string) ([]YarnPackage, error) { var berryJSON YarnBerryJSON if err := json.Unmarshal(content, &berryJSON); err != nil { return nil, fmt.Errorf("failed to parse yarn.lock JSON: %w", err) } + positions := extractYarnBerryJSONPositions(lines) packages := make([]YarnPackage, 0, len(berryJSON.Entries)) for entryKey, entry := range berryJSON.Entries { @@ -484,6 +626,12 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { }) } + // Look up position by entry key + var blockPos models.FilePosition + if pos, ok := positions[entryKey]; ok { + blockPos = pos + } + // Create one YarnPackage per target version for _, targetVersion := range targetVersions { packages = append(packages, YarnPackage{ @@ -493,6 +641,7 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { Resolution: resolution, Dependencies: dependencies, WorkspacePath: workspacePath, + BlockLocation: blockPos, }) } } @@ -501,41 +650,24 @@ func parseYarnBerryJSON(content []byte) ([]YarnPackage, error) { } func (e YarnLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanContext) ([]lockfile.PackageDetails, error) { - // Peek first bytes to detect format without loading entire file into memory - buf := make([]byte, 200) - n, err := f.Read(buf) - if err != nil && !errors.Is(err, io.EOF) { + content, err := io.ReadAll(f) + if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("error reading yarn.lock: %w", err) } - // Try to reset file position for streaming - var reader io.Reader = f - if seeker, ok := f.(io.Seeker); ok { - if _, err := seeker.Seek(0, 0); err != nil { - return []lockfile.PackageDetails{}, fmt.Errorf("error seeking yarn.lock: %w", err) - } - } else { - // If we can't seek, prepend the peeked bytes back to the reader - reader = io.MultiReader(strings.NewReader(string(buf[:n])), f) - } + lines := fileposition.BytesToLines(content) var yarnPackages []YarnPackage - if isJSONFormat(buf[:n]) { + if isJSONFormat(content) { // Parse JSON format (Yarn v4+) - // JSON requires loading entire file into memory for parsing - content, err := io.ReadAll(reader) - if err != nil { - return []lockfile.PackageDetails{}, fmt.Errorf("error reading yarn.lock JSON: %w", err) - } - yarnPackages, err = parseYarnBerryJSON(content) + yarnPackages, err = parseYarnBerryJSON(content, lines) if err != nil { return []lockfile.PackageDetails{}, err } } else { - // Parse YAML format (Yarn v1-3) using streaming scanner - // This avoids loading the entire file into memory - scanner := bufio.NewScanner(reader) - yarnPackages = groupYarnPackageLines(scanner) + // Parse YAML-like format (Yarn v1-3) + scanner := bufio.NewScanner(strings.NewReader(string(content))) + yarnPackages = groupYarnPackageLines(scanner, lines) if err := scanner.Err(); err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("error while scanning %s: %w", f.Path(), err) @@ -561,7 +693,7 @@ func (e YarnLockExtractor) Extract(f lockfile.DepFile, context lockfile.ScanCont } dependencyWorkspaces := createDependencyWorkspaceMap(workspaces, allResolvedPackages) - packages := createPackageDetails(allResolvedPackages, dependencyWorkspaces) + packages := createPackageDetails(allResolvedPackages, dependencyWorkspaces, f.Path()) pkgIndex := indexByNameAndVersions(packages) for index, pkg := range packages { @@ -608,12 +740,12 @@ func createDependencyWorkspaceMap(workspaces []YarnPackage, allResolvedPackages return dependencyWorkspaces } -func createPackageDetails(allResolvedPackages []YarnPackage, dependencyWorkspaces map[string][]string) []lockfile.PackageDetails { +func createPackageDetails(allResolvedPackages []YarnPackage, dependencyWorkspaces map[string][]string, filePath string) []lockfile.PackageDetails { packages := make([]lockfile.PackageDetails, 0, len(allResolvedPackages)) // Create lockfile.PackageDetails for regular packages, with workspace information where applicable for _, yarnPackage := range allResolvedPackages { - basePackage := parseYarnPackage(yarnPackage) + basePackage := parseYarnPackage(yarnPackage, filePath) depKey := getWorkspaceDependencyKey(yarnPackage.Name, yarnPackage.Version, yarnPackage.TargetVersion) if workspacePaths, exists := dependencyWorkspaces[depKey]; exists { diff --git a/pkg/lockfile/javascript/types.go b/pkg/lockfile/javascript/types.go index 9fe94157..8976406f 100644 --- a/pkg/lockfile/javascript/types.go +++ b/pkg/lockfile/javascript/types.go @@ -217,6 +217,7 @@ type YarnPackage struct { Resolution string Dependencies []YarnDependency WorkspacePath string + BlockLocation models.FilePosition } type YarnLockExtractor struct { From 267b70cd9f018f9bf4769b3c8a03ffcd28f773b5 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 15 Apr 2026 13:01:07 +0200 Subject: [PATCH 32/36] test(lockfile): update yarn-lock tests with BlockLocation assertions Add dedicated BlockLocation tests for v1 one-package, v1 two-packages, v2 one-package, and v2 two-packages fixtures. Update workspace-complex tests for both v1 and v2 to expect lockfile positions for transitive dependency (colors@1.4.0). Co-Authored-By: Claude Sonnet 4.6 --- .../javascript/parse-yarn-lock-v1_test.go | 71 +++++++++++++++++-- .../javascript/parse-yarn-lock-v2_test.go | 71 +++++++++++++++++-- 2 files changed, 132 insertions(+), 10 deletions(-) diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go index 46fecb90..a721e5e9 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go @@ -62,6 +62,57 @@ func TestParseYarnLock_v1_OnePackage(t *testing.T) { }) } +func TestParseYarnLock_v1_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/one-package.v1.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // balanced-match@^1.0.0 block is at lines 5-8 in one-package.v1.lock + assert.Equal(t, 5, pkg.BlockLocation.Line.Start) + assert.Equal(t, 8, pkg.BlockLocation.Line.End) +} + +func TestParseYarnLock_v1_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/two-packages.v1.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + //nolint:paralleltest func TestParseYarnLock_v1_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() @@ -1076,6 +1127,7 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/yarn-v1.lock")) rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) @@ -1114,7 +1166,12 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 8}, + Column: models.Position{Start: 1, End: 108}, + Filename: lockfilePath, + }, + Dependencies: make([]*lockfile.PackageDetails, 0), }, }, }, @@ -1124,10 +1181,14 @@ func TestParseYarnLock_v1_WorkspacesComplex(t *testing.T) { TargetVersions: []string{"^1.4.0"}, PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 5, End: 8}, + Column: models.Position{Start: 1, End: 108}, + Filename: lockfilePath, + }, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, + Dependencies: make([]*lockfile.PackageDetails, 0), }, { Name: "semver", diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go index 7075985e..945fe958 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go @@ -62,6 +62,57 @@ func TestParseYarnLock_v2_OnePackage(t *testing.T) { }) } +func TestParseYarnLock_v2_OnePackage_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/one-package.v2.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + if len(packages) != 1 { + t.Fatalf("Expected 1 package, got %d", len(packages)) + } + + pkg := packages[0] + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Equal(t, path, pkg.BlockLocation.Filename) + + // "balanced-match@npm:^1.0.0" block is at lines 8-13 in one-package.v2.lock + assert.Equal(t, 8, pkg.BlockLocation.Line.Start) + assert.Equal(t, 13, pkg.BlockLocation.Line.End) +} + +func TestParseYarnLock_v2_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + dir, err := os.Getwd() + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + path := filepath.FromSlash(filepath.Join(dir, "../fixtures/yarn/two-packages.v2.lock")) + packages, err := javascript.ParseYarnLock(path) + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + for _, pkg := range packages { + assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) + } +} + //nolint:paralleltest func TestParseYarnLock_v2_OnePackage_MatcherFailed(t *testing.T) { dir, err := os.Getwd() @@ -820,6 +871,7 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } + lockfilePath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/yarn.lock")) rootPath := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/package.json")) workspace1Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/workspace-1/package.json")) workspace2Path := filepath.FromSlash(filepath.Join(dir, "../fixtures/package-json/workspace-complex/nested/workspace-2/package.json")) @@ -858,7 +910,12 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 8, End: 13}, + Column: models.Position{Start: 1, End: 17}, + Filename: lockfilePath, + }, + Dependencies: make([]*lockfile.PackageDetails, 0), }, }, }, @@ -868,10 +925,14 @@ func TestParseYarnLock_v2_WorkspacesComplex(t *testing.T) { TargetVersions: []string{"^1.4.0"}, PackageManager: models.Yarn, Ecosystem: models.EcosystemNPM, - BlockLocation: models.FilePosition{}, - IsDirect: false, // is a dependency of group-dependencies@0.0.11 - DepGroups: []string{"dev"}, - Dependencies: make([]*lockfile.PackageDetails, 0), + BlockLocation: models.FilePosition{ + Line: models.Position{Start: 8, End: 13}, + Column: models.Position{Start: 1, End: 17}, + Filename: lockfilePath, + }, + IsDirect: false, // is a dependency of group-dependencies@0.0.11 + DepGroups: []string{"dev"}, + Dependencies: make([]*lockfile.PackageDetails, 0), }, { Name: "semver", From dd1095bcd1e2007042e441b6e39fa4da2cfeaacb Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 15 Apr 2026 22:37:31 +0200 Subject: [PATCH 33/36] test: update snapshots and fix lint warnings in BlockLocation tests Update integration test snapshots to reflect new lockfile positions for transitive dependencies. Fix testifylint warnings in new test code: - Use assert.Len instead of assert.Equal with len() - Use assert.Positive instead of assert.Greater with 0 Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/cpp/parse-conan-lock-v1_test.go | 57 ++++++++++++++++--- pkg/lockfile/elixir/parse-mix-lock_test.go | 8 +-- pkg/lockfile/java/parse-gradle-lock_test.go | 9 ++- pkg/lockfile/java/parse-maven-install.go | 2 +- .../javascript/parse-pnpm-lock-v9_test.go | 24 ++++---- .../javascript/parse-yarn-lock-v1_test.go | 16 +++--- .../javascript/parse-yarn-lock-v2_test.go | 16 +++--- pkg/lockfile/php/parse-composer-lock_test.go | 2 +- pkg/lockfile/python/parse-pdm-lock_test.go | 2 +- pkg/lockfile/python/parse-poetry-lock_test.go | 2 +- pkg/lockfile/python/parse-uv-lock_test.go | 2 +- pkg/lockfile/ruby/parse-gemfile-lock_test.go | 2 +- pkg/lockfile/rust/parse-cargo-lock_test.go | 2 +- 13 files changed, 91 insertions(+), 53 deletions(-) diff --git a/pkg/lockfile/cpp/parse-conan-lock-v1_test.go b/pkg/lockfile/cpp/parse-conan-lock-v1_test.go index b825deff..c39660ca 100644 --- a/pkg/lockfile/cpp/parse-conan-lock-v1_test.go +++ b/pkg/lockfile/cpp/parse-conan-lock-v1_test.go @@ -2,8 +2,11 @@ package cpp_test import ( "io/fs" + "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/cpp" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" @@ -49,7 +52,7 @@ func TestParseConanLock_v1_OnePackage(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -68,7 +71,7 @@ func TestParseConanLock_v1_NoName(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -87,7 +90,7 @@ func TestParseConanLock_v1_TwoPackages(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -112,7 +115,7 @@ func TestParseConanLock_v1_NestedDependencies(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.13", @@ -155,7 +158,7 @@ func TestParseConanLock_v1_OnePackageDev(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "ninja", Version: "1.11.1", @@ -174,7 +177,7 @@ func TestParseConanLock_v1_OldFormat00(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -193,7 +196,7 @@ func TestParseConanLock_v1_OldFormat01(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -212,7 +215,7 @@ func TestParseConanLock_v1_OldFormat02(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -231,7 +234,7 @@ func TestParseConanLock_v1_OldFormat03(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "zlib", Version: "1.2.11", @@ -240,3 +243,39 @@ func TestParseConanLock_v1_OldFormat03(t *testing.T) { }, }) } + +func TestParseConanLock_v1_TwoPackages_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := cpp.ParseConanLock("../fixtures/conan/two-packages.v1.json") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + packagesByName := make(map[string]lockfile.PackageDetails) + for _, pkg := range packages { + packagesByName[pkg.Name] = pkg + } + + absoluteLockfilePath, err := filepath.Abs("../fixtures/conan/two-packages.v1.json") + if err != nil { + t.Fatalf("Could not get absolute path: %v", err) + } + + // Node "1": zlib, lines 14-20, column 7-8 + zlibPkg := packagesByName["zlib"] + assert.Equal(t, absoluteLockfilePath, zlibPkg.BlockLocation.Filename) + assert.Equal(t, 14, zlibPkg.BlockLocation.Line.Start) + assert.Equal(t, 20, zlibPkg.BlockLocation.Line.End) + assert.Equal(t, 7, zlibPkg.BlockLocation.Column.Start) + assert.Equal(t, 8, zlibPkg.BlockLocation.Column.End) + + // Node "2": bzip2, lines 21-27, column 7-8 + bzip2Pkg := packagesByName["bzip2"] + assert.Equal(t, absoluteLockfilePath, bzip2Pkg.BlockLocation.Filename) + assert.Equal(t, 21, bzip2Pkg.BlockLocation.Line.Start) + assert.Equal(t, 27, bzip2Pkg.BlockLocation.Line.End) + assert.Equal(t, 7, bzip2Pkg.BlockLocation.Column.Start) + assert.Equal(t, 8, bzip2Pkg.BlockLocation.Column.End) +} diff --git a/pkg/lockfile/elixir/parse-mix-lock_test.go b/pkg/lockfile/elixir/parse-mix-lock_test.go index a345031a..abe35194 100644 --- a/pkg/lockfile/elixir/parse-mix-lock_test.go +++ b/pkg/lockfile/elixir/parse-mix-lock_test.go @@ -122,13 +122,13 @@ func TestParseMixLock_OnePackage_BlockLocation(t *testing.T) { } for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, + assert.Positive(t, pkg.BlockLocation.Line.Start, "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, + assert.Positive(t, pkg.BlockLocation.Line.End, "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, + assert.Positive(t, pkg.BlockLocation.Column.Start, "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, + assert.Positive(t, pkg.BlockLocation.Column.End, "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) assert.NotEmpty(t, pkg.BlockLocation.Filename, "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) diff --git a/pkg/lockfile/java/parse-gradle-lock_test.go b/pkg/lockfile/java/parse-gradle-lock_test.go index 2f13c46f..2dab6c42 100644 --- a/pkg/lockfile/java/parse-gradle-lock_test.go +++ b/pkg/lockfile/java/parse-gradle-lock_test.go @@ -151,7 +151,6 @@ func TestParseGradleLock_OnePackage(t *testing.T) { }) } -//nolint:paralleltest func TestParseGradleLock_OnePackage_BlockLocation(t *testing.T) { t.Parallel() dir, err := os.Getwd() @@ -166,13 +165,13 @@ func TestParseGradleLock_OnePackage_BlockLocation(t *testing.T) { } for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, + assert.Positive(t, pkg.BlockLocation.Line.Start, "package %s@%s should have BlockLocation.Line.Start > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, + assert.Positive(t, pkg.BlockLocation.Line.End, "package %s@%s should have BlockLocation.Line.End > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, + assert.Positive(t, pkg.BlockLocation.Column.Start, "package %s@%s should have BlockLocation.Column.Start > 0", pkg.Name, pkg.Version) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, + assert.Positive(t, pkg.BlockLocation.Column.End, "package %s@%s should have BlockLocation.Column.End > 0", pkg.Name, pkg.Version) assert.NotEmpty(t, pkg.BlockLocation.Filename, "package %s@%s should have BlockLocation.Filename set", pkg.Name, pkg.Version) diff --git a/pkg/lockfile/java/parse-maven-install.go b/pkg/lockfile/java/parse-maven-install.go index 019ad29a..2f3cd179 100644 --- a/pkg/lockfile/java/parse-maven-install.go +++ b/pkg/lockfile/java/parse-maven-install.go @@ -65,7 +65,7 @@ func extractMavenInstallArtifacts(installFile mavenInstallLockfile, contentBytes return []lockfile.PackageDetails{}, err } - lines := strings.Split(string(contentBytes), "\n") + lines := strings.Split(strings.ReplaceAll(string(contentBytes), "\r\n", "\n"), "\n") fileposition.InJSON("artifacts", installFile.Artifacts, lines, 0) artifactNames := make([]string, 0, len(installFile.Artifacts)) diff --git a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go index 3c1de340..6aedbf38 100644 --- a/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go +++ b/pkg/lockfile/javascript/parse-pnpm-lock-v9_test.go @@ -396,10 +396,10 @@ func TestParsePnpmLock_v9_MixedGroups_BlockLocation(t *testing.T) { // All packages should have BlockLocation set for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) } } @@ -915,10 +915,10 @@ func TestParsePnpmLock_Legacy_OnePackage_BlockLocation(t *testing.T) { } pkg := packages[0] - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") assert.Equal(t, path, pkg.BlockLocation.Filename) // /acorn/8.7.0 is at lines 11-15 in one-package.yaml @@ -942,10 +942,10 @@ func TestParsePnpmLock_Legacy_MultiplePackages_BlockLocation(t *testing.T) { // All packages should have BlockLocation set for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) } } diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go index a721e5e9..4893c8ff 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v1_test.go @@ -80,10 +80,10 @@ func TestParseYarnLock_v1_OnePackage_BlockLocation(t *testing.T) { } pkg := packages[0] - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") assert.Equal(t, path, pkg.BlockLocation.Filename) // balanced-match@^1.0.0 block is at lines 5-8 in one-package.v1.lock @@ -105,10 +105,10 @@ func TestParseYarnLock_v1_TwoPackages_BlockLocation(t *testing.T) { } for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) } } diff --git a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go index 945fe958..5e59f250 100644 --- a/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go +++ b/pkg/lockfile/javascript/parse-yarn-lock-v2_test.go @@ -80,10 +80,10 @@ func TestParseYarnLock_v2_OnePackage_BlockLocation(t *testing.T) { } pkg := packages[0] - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0") - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0") + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0") assert.Equal(t, path, pkg.BlockLocation.Filename) // "balanced-match@npm:^1.0.0" block is at lines 8-13 in one-package.v2.lock @@ -105,10 +105,10 @@ func TestParseYarnLock_v2_TwoPackages_BlockLocation(t *testing.T) { } for _, pkg := range packages { - assert.Greater(t, pkg.BlockLocation.Line.Start, 0, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Line.End, 0, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.Start, 0, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) - assert.Greater(t, pkg.BlockLocation.Column.End, 0, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.Start, "BlockLocation.Line.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Line.End, "BlockLocation.Line.End should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.Start, "BlockLocation.Column.Start should be > 0 for %s", pkg.Name) + assert.Positive(t, pkg.BlockLocation.Column.End, "BlockLocation.Column.End should be > 0 for %s", pkg.Name) assert.Equal(t, path, pkg.BlockLocation.Filename, "BlockLocation.Filename should match for %s", pkg.Name) } } diff --git a/pkg/lockfile/php/parse-composer-lock_test.go b/pkg/lockfile/php/parse-composer-lock_test.go index 6de4ea98..51216d7a 100644 --- a/pkg/lockfile/php/parse-composer-lock_test.go +++ b/pkg/lockfile/php/parse-composer-lock_test.go @@ -202,7 +202,7 @@ func TestParseComposerLock_TwoPackages_BlockLocation(t *testing.T) { // two-packages.json has: // "packages" array with sentry/sdk at lines 9-39 // "packages-dev" array with theseer/tokenizer at lines 42-77 - assert.Equal(t, 2, len(packages), "expected 2 packages") + assert.Len(t, packages, 2, "expected 2 packages") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, diff --git a/pkg/lockfile/python/parse-pdm-lock_test.go b/pkg/lockfile/python/parse-pdm-lock_test.go index 227838be..b173ca5f 100644 --- a/pkg/lockfile/python/parse-pdm-lock_test.go +++ b/pkg/lockfile/python/parse-pdm-lock_test.go @@ -238,7 +238,7 @@ func TestParsePdmLock_TwoPackages_BlockLocation(t *testing.T) { // line 4: [metadata] // line 10: [[package]] (six, lines 10-19) // line 21: [[package]] (toml, lines 21-30) - assert.Equal(t, 2, len(packages), "expected 2 packages") + assert.Len(t, packages, 2, "expected 2 packages") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, diff --git a/pkg/lockfile/python/parse-poetry-lock_test.go b/pkg/lockfile/python/parse-poetry-lock_test.go index de74b31e..4879920e 100644 --- a/pkg/lockfile/python/parse-poetry-lock_test.go +++ b/pkg/lockfile/python/parse-poetry-lock_test.go @@ -311,7 +311,7 @@ func TestParsePoetryLock_TwoPackages_BlockLocation(t *testing.T) { // line 1: "[[package]]" (proto-plus block, lines 1-13) // line 15: "[[package]]" (protobuf block, lines 15-21) // line 23: "[metadata]" (not a package) - assert.Equal(t, 2, len(packages), "expected 2 packages") + assert.Len(t, packages, 2, "expected 2 packages") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, diff --git a/pkg/lockfile/python/parse-uv-lock_test.go b/pkg/lockfile/python/parse-uv-lock_test.go index 6d63fc8d..a6b5c702 100644 --- a/pkg/lockfile/python/parse-uv-lock_test.go +++ b/pkg/lockfile/python/parse-uv-lock_test.go @@ -248,7 +248,7 @@ func TestParseUvLock_SinglePackage_BlockLocation(t *testing.T) { // line 5: certifi, line 14: charset-normalizer, line 36: idna, // line 45: requests, line 60: urllib3, line 69: uv (root, skipped) // Root package "uv" is skipped, so 5 packages returned. - assert.Equal(t, 5, len(packages), "expected 5 packages (root skipped)") + assert.Len(t, packages, 5, "expected 5 packages (root skipped)") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, diff --git a/pkg/lockfile/ruby/parse-gemfile-lock_test.go b/pkg/lockfile/ruby/parse-gemfile-lock_test.go index 1fb0da96..afa12488 100644 --- a/pkg/lockfile/ruby/parse-gemfile-lock_test.go +++ b/pkg/lockfile/ruby/parse-gemfile-lock_test.go @@ -855,7 +855,7 @@ func TestParseGemfileLock_SomeGems_BlockLocation(t *testing.T) { // line 4: " coderay (1.1.3)" // line 5: " method_source (1.0.0)" // line 6: " pry (0.14.1)" - assert.Equal(t, len(packages), 3, "expected 3 packages") + assert.Len(t, packages, 3, "expected 3 packages") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, diff --git a/pkg/lockfile/rust/parse-cargo-lock_test.go b/pkg/lockfile/rust/parse-cargo-lock_test.go index 8409e7aa..43dff906 100644 --- a/pkg/lockfile/rust/parse-cargo-lock_test.go +++ b/pkg/lockfile/rust/parse-cargo-lock_test.go @@ -199,7 +199,7 @@ func TestParseCargoLock_TwoPackages_BlockLocation(t *testing.T) { // two-packages.lock has: // line 5: "[[package]]" (addr2line block, lines 5-12) // line 14: "[[package]]" (syn block, lines 14-23) - assert.Equal(t, 2, len(packages), "expected 2 packages") + assert.Len(t, packages, 2, "expected 2 packages") for _, pkg := range packages { assert.NotEqual(t, 0, pkg.BlockLocation.Line.Start, From 4456a0bc854df6473802fafff1ae8b7d3fec0597 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 6 May 2026 14:28:40 -0400 Subject: [PATCH 34/36] feat(swift): add BlockLocation to Package.resolved extractor Buffer file content with io.ReadAll, scan pin blocks by identity field using pinPositionsByIdentity, and attach BlockLocation to each PackageDetails entry for v2/v3 lockfiles. Co-Authored-By: Claude Sonnet 4.6 --- pkg/lockfile/swift/parse-package-resolved.go | 88 +++++++++++++++++++- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/pkg/lockfile/swift/parse-package-resolved.go b/pkg/lockfile/swift/parse-package-resolved.go index e001bc23..26d24215 100644 --- a/pkg/lockfile/swift/parse-package-resolved.go +++ b/pkg/lockfile/swift/parse-package-resolved.go @@ -1,13 +1,16 @@ package swift import ( + "bytes" "encoding/json" "fmt" + "io" "net/url" "path/filepath" "strings" "github.com/DataDog/datadog-sbom-generator/internal/cachedregexp" + "github.com/DataDog/datadog-sbom-generator/internal/utility/fileposition" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/models" ) @@ -35,10 +38,18 @@ func (e PackageResolvedExtractor) PackageManager() models.PackageManager { func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanContext) ([]lockfile.PackageDetails, error) { var resolved packageResolvedFile - if err := json.NewDecoder(f).Decode(&resolved); err != nil { + content, err := io.ReadAll(f) + if err != nil { return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) } + if err := json.NewDecoder(bytes.NewReader(content)).Decode(&resolved); err != nil { + return []lockfile.PackageDetails{}, fmt.Errorf("could not extract from %s: %w", f.Path(), err) + } + + lines := strings.Split(strings.ReplaceAll(string(content), "\r\n", "\n"), "\n") + positions := pinPositionsByIdentity(lines) + // Normalize pins from v1 or v2/v3 into a common representation. type normalizedPin struct { identity string @@ -114,7 +125,7 @@ func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanCon version = pin.branch } - packages = append(packages, lockfile.PackageDetails{ + pkgDetails := lockfile.PackageDetails{ Name: name, Version: version, Commit: pin.revision, @@ -122,12 +133,83 @@ func (e PackageResolvedExtractor) Extract(f lockfile.DepFile, _ lockfile.ScanCon Ecosystem: models.EcosystemSwiftURL, IsDirect: false, LocationRole: models.LocationRoleLockfile, - }) + } + + if pos, ok := positions[pin.identity]; ok { + blockLocation := *pos + blockLocation.Filename = f.Path() + pkgDetails.BlockLocation = blockLocation + } + + packages = append(packages, pkgDetails) } return packages, nil } +// identityRegexp matches the "identity" key inside a pin object. +var identityRegexp = cachedregexp.MustCompile(`"identity"\s*:\s*"([^"]+)"`) + +// pinPositionsByIdentity scans the raw JSON lines and returns a FilePosition for each +// pin block, keyed by the pin's identity value. Each block starts at the "{" line +// that precedes the "identity" field and ends at the matching "}". +func pinPositionsByIdentity(lines []string) map[string]*models.FilePosition { + positions := make(map[string]*models.FilePosition) + + for i, line := range lines { + m := identityRegexp.FindStringSubmatch(line) + if m == nil { + continue + } + + identity := m[1] + + // Walk backwards to find the opening "{" of this pin block. + blockStart := i + for blockStart > 0 && !strings.Contains(lines[blockStart], "{") { + blockStart-- + } + + // Walk forward to find the matching closing "}". + depth := 0 + blockEnd := blockStart + + for blockEnd < len(lines) { + for _, ch := range lines[blockEnd] { + if ch == '{' { + depth++ + } else if ch == '}' { + depth-- + } + } + + if depth <= 0 { + break + } + + blockEnd++ + } + + colStart := fileposition.GetFirstNonEmptyCharacterIndexInLine(lines[blockStart]) + colEnd := fileposition.GetLastNonEmptyCharacterIndexInLine(lines[blockEnd]) + + if colStart < 1 { + colStart = 1 + } + + if colEnd < 1 { + colEnd = 1 + } + + positions[identity] = &models.FilePosition{ + Line: models.Position{Start: blockStart + 1, End: blockEnd + 1}, + Column: models.Position{Start: colStart, End: colEnd}, + } + } + + return positions +} + // nameFromRepoURL extracts a purl-compatible name from a repository URL. // For "https://github.com/Alamofire/Alamofire.git" it returns "github.com/Alamofire/Alamofire". // For scp-style SSH URLs like "git@github.com:org/repo.git" it returns "github.com/org/repo". From b69267a3e38cfbb70c9839a7143b751dddad611e Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 6 May 2026 14:28:51 -0400 Subject: [PATCH 35/36] test(swift): update Package.resolved tests with BlockLocation assertions Switch metadata tests to ExpectPackagesWithoutLocations and add a dedicated TestParsePackageResolved_TwoPackagesV2_BlockLocation test that verifies exact line/column ranges for each pin block. Co-Authored-By: Claude Sonnet 4.6 --- .../swift/parse-package-resolved_test.go | 42 +++++++++++++++---- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/pkg/lockfile/swift/parse-package-resolved_test.go b/pkg/lockfile/swift/parse-package-resolved_test.go index 0bda6ff7..b0e4f359 100644 --- a/pkg/lockfile/swift/parse-package-resolved_test.go +++ b/pkg/lockfile/swift/parse-package-resolved_test.go @@ -4,6 +4,8 @@ import ( "io/fs" "testing" + "github.com/stretchr/testify/assert" + "github.com/DataDog/datadog-sbom-generator/pkg/lockfile" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/internal/testutil" "github.com/DataDog/datadog-sbom-generator/pkg/lockfile/swift" @@ -112,7 +114,8 @@ func TestParsePackageResolved_OnePackageV1(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + // v1 pins have no "identity" field — BlockLocation is not set. + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.4.3", @@ -134,7 +137,7 @@ func TestParsePackageResolved_OnePackageV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -156,7 +159,7 @@ func TestParsePackageResolved_OnePackageV3(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.9.0", @@ -178,7 +181,7 @@ func TestParsePackageResolved_TwoPackagesV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -200,6 +203,29 @@ func TestParsePackageResolved_TwoPackagesV2(t *testing.T) { }) } +func TestParsePackageResolved_TwoPackagesV2_BlockLocation(t *testing.T) { + t.Parallel() + + packages, err := swift.ParsePackageResolved("../fixtures/swift/two-packages-v2.json") + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + alamofire := packages[0] + assert.Equal(t, 3, alamofire.BlockLocation.Line.Start) + assert.Equal(t, 11, alamofire.BlockLocation.Line.End) + assert.Equal(t, 5, alamofire.BlockLocation.Column.Start) + assert.Equal(t, 7, alamofire.BlockLocation.Column.End) + assert.Contains(t, alamofire.BlockLocation.Filename, "two-packages-v2.json") + + parser := packages[1] + assert.Equal(t, 12, parser.BlockLocation.Line.Start) + assert.Equal(t, 20, parser.BlockLocation.Line.End) + assert.Equal(t, 5, parser.BlockLocation.Column.Start) + assert.Equal(t, 6, parser.BlockLocation.Column.End) + assert.Contains(t, parser.BlockLocation.Filename, "two-packages-v2.json") +} + func TestParsePackageResolved_MixedStatesV2(t *testing.T) { t.Parallel() @@ -209,7 +235,7 @@ func TestParsePackageResolved_MixedStatesV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -240,7 +266,7 @@ func TestParsePackageResolved_SSHUrlV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", @@ -262,7 +288,7 @@ func TestParsePackageResolved_RegistryPinV2(t *testing.T) { t.Errorf("Got unexpected error: %v", err) } - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "apple.swift-argument-parser", Version: "1.2.0", @@ -284,7 +310,7 @@ func TestParsePackageResolved_LocalPackageSkipped(t *testing.T) { } // localSourceControl pins should be skipped - testutil.ExpectPackages(t, packages, []lockfile.PackageDetails{ + testutil.ExpectPackagesWithoutLocations(t, packages, []lockfile.PackageDetails{ { Name: "github.com/Alamofire/Alamofire", Version: "5.6.1", From 26f333d730fa022f6dd44777947a0983aa52b4b9 Mon Sep 17 00:00:00 2001 From: Ander Ruiz Ayesta Date: Wed, 13 May 2026 14:06:42 +0200 Subject: [PATCH 36/36] test: regenerate integration snapshots after rebase onto main (#141) Snapshots now reflect BlockLocation data from all parsers added in ander/transitive-dep-locations, merged with the npm-lock positions already shipped in PR #141. Co-Authored-By: Claude Sonnet 4.6 --- .../__snapshots__/main_test.snap | 6458 +++++++++++++++-- 1 file changed, 5759 insertions(+), 699 deletions(-) diff --git a/cmd/datadog-sbom-generator/__snapshots__/main_test.snap b/cmd/datadog-sbom-generator/__snapshots__/main_test.snap index d9e90776..e70b05fa 100644 --- a/cmd/datadog-sbom-generator/__snapshots__/main_test.snap +++ b/cmd/datadog-sbom-generator/__snapshots__/main_test.snap @@ -80,7 +80,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -93,7 +100,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"subdir/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108}}" + } + ] + } } ] } @@ -134,7 +148,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -151,7 +175,20 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + }, + { + "location": "{/"block/":{/"file_name/":/"ignored/Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -171,8 +208,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf ], "evidence": { "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"ignored/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108}}" + }, { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":5,/"column_end/":31,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":6,/"column_end/":20,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":4,/"line_end/":4,/"column_start/":24,/"column_end/":30,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"subdir/yarn.lock/",/"line_start/":4,/"line_end/":7,/"column_start/":1,/"column_end/":108}}" } ] } @@ -353,7 +396,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":30,/"line_end/":43,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/itoa@1.0.14", @@ -366,7 +416,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":45,/"line_end/":49,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/memchr@2.7.4", @@ -379,7 +436,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":171,/"line_end/":175,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/mockall@0.13.1", @@ -420,7 +484,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":60,/"line_end/":64,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/pkg-config@0.3.31", @@ -457,7 +528,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":72,/"line_end/":76,/"column_start/":1,/"column_end/":77}}" + } + ] + } }, { "bom-ref": "pkg:cargo/predicates@3.1.2", @@ -470,7 +548,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":78,/"line_end/":82,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/proc-macro2@1.0.92", @@ -483,7 +568,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":109,/"line_end/":116,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/quote@1.0.37", @@ -496,7 +588,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":118,/"line_end/":125,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex-automata@0.4.9", @@ -509,7 +608,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":94,/"line_end/":101,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex-syntax@0.8.5", @@ -522,7 +628,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":103,/"line_end/":107,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/regex@1.11.1", @@ -535,7 +648,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":84,/"line_end/":92,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/ryu@1.0.18", @@ -548,7 +668,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":127,/"line_end/":131,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/serde@0.9.15", @@ -613,7 +740,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":148,/"line_end/":157,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/serde_json@1.0.132", @@ -650,7 +784,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":177,/"line_end/":181,/"column_start/":1,/"column_end/":78}}" + } + ] + } }, { "bom-ref": "pkg:cargo/syn@2.0.90", @@ -663,7 +804,14 @@ Scanned /fixtures/integration-jar/one-package.jar file and found 1 pack "name": "datadog:package-manager", "value": "Crates" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Cargo.lock/",/"line_start/":183,/"line_end/":192,/"column_start/":1,/"column_end/":2}}" + } + ] + } }, { "bom-ref": "pkg:cargo/tokio@1.43.0", @@ -1480,7 +1628,14 @@ Scanned /fixtures/integration-nuget/csproj-sample-app-manage-versions-c "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":20,/"line_end/":24,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:nuget/Microsoft.NETFramework.ReferenceAssemblies@1.0.3", @@ -1497,7 +1652,14 @@ Scanned /fixtures/integration-nuget/csproj-sample-app-manage-versions-c "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":5,/"line_end/":13,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:nuget/Newtonsoft.Json@12.0.3", @@ -1600,7 +1762,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -1617,7 +1786,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:npm/ansi-html@0.0.1", @@ -1706,7 +1882,14 @@ Scanned /fixtures/integration-nuget/multiple-versions-with-lockfile/pac "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } } ] } @@ -1806,6 +1989,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":37,/"line_end/":50,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":48,/"line_end/":50,/"column_start/":3,/"column_end/":31}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1826,6 +2015,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":57,/"line_end/":65,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":52,/"line_end/":54,/"column_start/":3,/"column_end/":31}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1846,6 +2041,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":66,/"line_end/":75,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":56,/"line_end/":57,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1866,6 +2067,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":76,/"line_end/":84,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":59,/"line_end/":61,/"column_start/":3,/"column_end/":31}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1886,6 +2093,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":85,/"line_end/":94,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":63,/"line_end/":64,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1906,6 +2119,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":95,/"line_end/":100,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":66,/"line_end/":67,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1926,6 +2145,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":101,/"line_end/":110,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":69,/"line_end/":70,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":68,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1946,6 +2171,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":111,/"line_end/":119,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":72,/"line_end/":73,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":70,/"line_end/":77,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1966,6 +2197,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":120,/"line_end/":131,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":75,/"line_end/":78,/"column_start/":3,/"column_end/":17}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":79,/"line_end/":86,/"column_start/":1,/"column_end/":17}}" } ] } @@ -1986,6 +2223,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":132,/"line_end/":137,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":80,/"line_end/":81,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":88,/"line_end/":93,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2010,6 +2253,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":138,/"line_end/":147,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":83,/"line_end/":85,/"column_start/":3,/"column_end/":32}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":95,/"line_end/":100,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2030,6 +2279,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":148,/"line_end/":153,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":87,/"line_end/":88,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":102,/"line_end/":107,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2050,6 +2305,9 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":154,/"line_end/":168,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":90,/"line_end/":93,/"column_start/":3,/"column_end/":17}}" } ] } @@ -2098,6 +2356,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":182,/"line_end/":190,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":99,/"line_end/":101,/"column_start/":3,/"column_end/":27}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":120,/"line_end/":125,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2118,6 +2382,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":191,/"line_end/":204,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":103,/"line_end/":105,/"column_start/":3,/"column_end/":34}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":136,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2138,6 +2408,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":205,/"line_end/":210,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":107,/"line_end/":108,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":138,/"line_end/":143,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2158,6 +2434,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":211,/"line_end/":216,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":110,/"line_end/":111,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":145,/"line_end/":150,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2207,6 +2489,9 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":51,/"line_end/":56,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":116,/"line_end/":117,/"column_start/":3,/"column_end/":125}}" + }, { "location": "{/"block/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":5,/"column_end/":27,/"role/":/"manifest/"},/"name/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":6,/"column_end/":16,/"role/":/"manifest/"},/"version/":{/"file_name/":/"workspace-3/package.json/",/"line_start/":5,/"line_end/":5,/"column_start/":20,/"column_end/":26,/"role/":/"manifest/"}}" } @@ -2229,6 +2514,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":223,/"line_end/":231,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":119,/"line_end/":120,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":166,/"line_end/":173,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2273,6 +2564,9 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":232,/"line_end/":247,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":128,/"line_end/":131,/"column_start/":3,/"column_end/":17}}" } ] } @@ -2293,6 +2587,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":264,/"line_end/":283,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":133,/"line_end/":134,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2409,6 +2709,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":293,/"line_end/":301,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":153,/"line_end/":154,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2429,6 +2735,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":311,/"line_end/":320,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":156,/"line_end/":157,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":249,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2449,6 +2761,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":302,/"line_end/":310,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":159,/"line_end/":161,/"column_start/":3,/"column_end/":32}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":251,/"line_end/":256,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2469,6 +2787,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":321,/"line_end/":332,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":163,/"line_end/":165,/"column_start/":3,/"column_end/":27}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":258,/"line_end/":265,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2489,6 +2813,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":333,/"line_end/":350,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":167,/"line_end/":170,/"column_start/":3,/"column_end/":17}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":279,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2509,6 +2839,12 @@ Skipping /fixtures/locks-many/yarn.lock with exclusion rule: *yarn.lock "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package-lock.json/",/"line_start/":351,/"line_end/":356,/"column_start/":5,/"column_end/":6,/"role/":/"lockfile/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"pnpm-lock.yaml/",/"line_start/":172,/"line_end/":173,/"column_start/":3,/"column_end/":125}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":281,/"line_end/":286,/"column_start/":1,/"column_end/":17}}" } ] } @@ -2662,7 +2998,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40babel%2Fhelper-validator-identifier@7.28.5", @@ -2675,7 +3018,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fgen-mapping@0.3.13", @@ -2688,7 +3038,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fresolve-uri@3.1.2", @@ -2701,7 +3058,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsource-map@0.3.11", @@ -2714,7 +3078,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Fsourcemap-codec@1.5.5", @@ -2727,7 +3098,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.31", @@ -2740,7 +3118,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":68,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fnode@24.10.1", @@ -2753,7 +3138,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":70,/"line_end/":77,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/acorn@8.15.0", @@ -2766,7 +3158,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":79,/"line_end/":86,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/buffer-from@1.1.2", @@ -2779,7 +3178,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":88,/"line_end/":93,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/colors@1.4.0", @@ -2796,7 +3202,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":95,/"line_end/":100,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/commander@2.20.3", @@ -2809,7 +3222,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":102,/"line_end/":107,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/group-dependencies@0.0.11", @@ -2850,7 +3270,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":120,/"line_end/":125,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/jest-worker@26.6.2", @@ -2863,7 +3290,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":136,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/js-tokens@4.0.0", @@ -2876,7 +3310,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":138,/"line_end/":143,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge-stream@2.0.0", @@ -2889,7 +3330,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":145,/"line_end/":150,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/picocolors@0.2.1", @@ -2950,7 +3398,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":166,/"line_end/":173,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/rollup-plugin-terser@7.0.2", @@ -2987,7 +3442,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@4.3.6", @@ -3096,7 +3558,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map-support@0.5.21", @@ -3109,7 +3578,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":249,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/source-map@0.6.1", @@ -3122,7 +3598,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":251,/"line_end/":256,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/supports-color@7.2.0", @@ -3135,7 +3618,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":258,/"line_end/":265,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/terser@5.44.1", @@ -3148,7 +3638,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":279,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/undici-types@7.16.0", @@ -3161,7 +3658,14 @@ Scanned /fixtures/integration-pyproject/pyproject.toml file and found 3 "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":281,/"line_end/":286,/"column_start/":1,/"column_end/":17}}" + } + ] + } } ] } @@ -3208,7 +3712,14 @@ Scanned /fixtures/integration-npm/with-workspace/yarn.lock file and fou "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -3267,6 +3778,17 @@ invalid verbosity level "unknown" - must be one of: error, warn, info, verbose "ecosystem": "Packagist", "purl": "pkg:composer/sentry/sdk@2.0.4" }, + "locations": [ + { + "block": { + "file_name": "composer.lock", + "line_start": 9, + "line_end": 39, + "column_start": 5, + "column_end": 6 + } + } + ], "metadata": { "package-manager": "Composer" } @@ -3312,7 +3834,14 @@ invalid verbosity level "unknown" - must be one of: error, warn, info, verbose "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"nested/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -3729,7 +4258,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } } ] } @@ -3870,7 +4406,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } } ] } @@ -3911,7 +4454,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } } ] } @@ -15799,7 +16349,14 @@ Warning: `parsers` exists as both a subcommand of datadog-sbom-generator and as "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"nested/composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } }, { "bom-ref": "pkg:npm/balanced-match@1.0.2", @@ -15865,7 +16422,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } } ] } @@ -15906,7 +16470,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } } ] } @@ -16022,7 +16593,14 @@ Warning: `scan` exists as both a subcommand of datadog-sbom-generator and as a f "name": "datadog:package-manager", "value": "NuGet" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"packages.lock.json/",/"line_start/":5,/"line_end/":10,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pom.xml", @@ -16166,7 +16744,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -16231,7 +16816,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -16244,7 +16836,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", @@ -16281,7 +16880,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -16394,7 +17000,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -16431,7 +17044,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -16444,7 +17064,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -16485,7 +17112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -16498,7 +17132,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -16511,7 +17152,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -16524,7 +17172,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -16537,7 +17192,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -16622,7 +17284,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -16667,7 +17336,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -16740,7 +17416,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -16757,7 +17440,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -16826,7 +17516,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -16843,7 +17540,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -16880,7 +17584,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -16893,7 +17604,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -16910,7 +17628,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -17007,7 +17732,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -17024,7 +17756,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -17037,7 +17776,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -17082,7 +17828,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -17099,7 +17852,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -17116,7 +17876,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -17133,7 +17900,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -17150,7 +17924,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -17223,7 +18004,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -17236,7 +18024,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -17273,7 +18068,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -17286,7 +18088,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -17299,7 +18108,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -17312,7 +18128,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -17373,7 +18196,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -17386,7 +18216,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -17455,7 +18292,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -17472,7 +18316,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -17489,7 +18340,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -17506,7 +18364,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", @@ -17523,7 +18388,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -17540,7 +18412,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -17557,7 +18436,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -17574,7 +18460,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -17591,7 +18484,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -17608,7 +18508,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -17625,7 +18532,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -17642,7 +18556,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -17659,7 +18580,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -17676,7 +18604,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -17693,7 +18628,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -17710,7 +18652,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -17727,7 +18676,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -17768,7 +18724,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -17805,7 +18768,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -17818,7 +18788,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -17855,7 +18832,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -17868,7 +18852,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -17909,7 +18900,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", @@ -18046,7 +19044,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -18059,7 +19064,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -18072,7 +19084,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -18085,7 +19104,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -18098,7 +19124,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -18111,7 +19144,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -18124,7 +19164,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -18161,7 +19208,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -18250,7 +19304,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -18263,7 +19324,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -18276,7 +19344,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation@v7.1.3", @@ -18289,7 +19364,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -18354,7 +19436,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -18371,7 +19460,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -18456,7 +19552,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -18469,7 +19572,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -18506,7 +19616,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -18519,7 +19636,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -18532,7 +19656,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -18545,7 +19676,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -18558,7 +19696,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -18571,7 +19716,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -18584,7 +19736,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -18597,7 +19756,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/activerecord@7.1.2", @@ -18610,7 +19776,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -18623,7 +19796,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -18636,7 +19816,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -18649,7 +19836,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -18662,7 +19856,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -18675,7 +19876,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/builder@3.3.0", @@ -18688,7 +19896,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -18701,7 +19916,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -18714,7 +19936,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -18775,7 +20004,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -18788,7 +20024,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -18801,7 +20044,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -18814,7 +20064,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -18827,7 +20084,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -18840,7 +20104,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -18853,7 +20124,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -18866,7 +20144,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -18879,7 +20164,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-rails@1.4.0", @@ -18920,7 +20212,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -18961,7 +20260,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -18974,7 +20280,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -18987,7 +20300,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -19028,7 +20348,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -19041,7 +20368,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -19054,7 +20388,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -19067,7 +20408,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -19108,7 +20456,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -19121,7 +20476,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -19134,7 +20496,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -19147,7 +20516,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -19160,7 +20536,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/jquery-rails@4.6.0", @@ -19197,7 +20580,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -19210,7 +20600,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -19223,7 +20620,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -19236,7 +20640,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -19249,7 +20660,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -19262,7 +20680,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_portile2@2.8.7", @@ -19275,7 +20700,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -19288,7 +20720,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -19301,7 +20740,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -19314,7 +20760,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -19327,7 +20780,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -19340,7 +20800,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -19353,7 +20820,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -19366,7 +20840,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -19379,7 +20860,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -19392,7 +20880,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -19405,7 +20900,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -19418,7 +20920,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/racc@1.8.1", @@ -19431,7 +20940,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -19468,7 +20984,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -19481,7 +21004,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -19494,7 +21024,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -19507,7 +21044,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -19520,7 +21064,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -19533,7 +21084,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -19570,7 +21128,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -19583,7 +21148,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -19596,7 +21168,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -19609,7 +21188,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -19622,7 +21208,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -19691,7 +21284,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-expectations@3.13.1", @@ -19704,7 +21304,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -19717,7 +21324,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -19730,7 +21344,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -19819,7 +21440,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -19832,7 +21460,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -19845,7 +21480,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/timeout@0.4.1", @@ -19858,7 +21500,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -19871,7 +21520,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -19884,7 +21540,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -19897,7 +21560,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -19910,7 +21580,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -19947,7 +21624,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -19960,7 +21644,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -20068,7 +21759,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -20169,7 +21867,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -20186,7 +21891,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -20353,7 +22065,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm/pnpm-lock.yaml/",/"line_start/":21,/"line_end/":25,/"column_start/":3,/"column_end/":14}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@2.6.9", @@ -20402,7 +22121,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -20419,7 +22145,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.0.0", @@ -20436,7 +22169,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -20453,7 +22193,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -20658,7 +22405,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -21058,7 +22812,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -21123,7 +22884,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -21136,7 +22904,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", @@ -21173,7 +22948,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -21286,7 +23068,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -21323,7 +23112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -21336,7 +23132,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -21377,7 +23180,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -21390,7 +23200,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -21403,7 +23220,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -21416,7 +23240,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -21429,7 +23260,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -21514,7 +23352,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -21559,7 +23404,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -21632,7 +23484,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -21649,7 +23508,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -21718,7 +23584,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -21735,7 +23608,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -21772,7 +23652,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -21785,7 +23672,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -21802,7 +23696,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -21899,7 +23800,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -21916,7 +23824,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -21929,7 +23844,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -21974,7 +23896,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -21991,7 +23920,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -22008,7 +23944,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -22025,7 +23968,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -22042,7 +23992,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -22115,7 +24072,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -22128,7 +24092,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -22165,7 +24136,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -22178,7 +24156,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -22191,7 +24176,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -22204,7 +24196,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -22265,7 +24264,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -22278,7 +24284,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -22347,7 +24360,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -22364,7 +24384,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -22381,7 +24408,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -22398,7 +24432,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", @@ -22415,7 +24456,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -22432,7 +24480,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -22449,7 +24504,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -22466,7 +24528,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -22483,7 +24552,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -22500,7 +24576,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -22517,7 +24600,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -22534,7 +24624,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -22551,7 +24648,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -22568,7 +24672,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -22585,7 +24696,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -22602,7 +24720,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -22619,7 +24744,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -22660,7 +24792,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -22697,7 +24836,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -22710,7 +24856,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -22747,7 +24900,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -22760,7 +24920,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -22801,7 +24968,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", @@ -22938,7 +25112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -22951,7 +25132,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -22964,7 +25152,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -22977,7 +25172,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -22990,7 +25192,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -23003,7 +25212,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -23016,7 +25232,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -23053,7 +25276,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -23142,7 +25372,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -23155,7 +25392,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -23168,7 +25412,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation@v7.1.3", @@ -23181,7 +25432,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -23246,7 +25504,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -23263,7 +25528,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -23348,7 +25620,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -23361,7 +25640,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -23398,7 +25684,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -23411,7 +25704,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -23424,7 +25724,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -23437,7 +25744,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -23450,7 +25764,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -23463,7 +25784,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -23476,7 +25804,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -23489,7 +25824,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/activerecord@7.1.2", @@ -23502,7 +25844,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -23515,7 +25864,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -23528,7 +25884,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -23541,7 +25904,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -23554,7 +25924,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -23567,7 +25944,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/builder@3.3.0", @@ -23580,7 +25964,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -23593,7 +25984,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -23606,7 +26004,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -23667,7 +26072,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -23680,7 +26092,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -23693,7 +26112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -23706,7 +26132,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -23719,7 +26152,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -23732,7 +26172,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -23745,7 +26192,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -23758,7 +26212,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -23771,7 +26232,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-rails@1.4.0", @@ -23812,7 +26280,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -23853,7 +26328,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -23866,7 +26348,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -23879,7 +26368,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -23920,7 +26416,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -23933,7 +26436,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -23946,7 +26456,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -23959,7 +26476,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -24000,7 +26524,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -24013,7 +26544,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -24026,7 +26564,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -24039,7 +26584,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -24052,7 +26604,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/jquery-rails@4.6.0", @@ -24089,7 +26648,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -24102,7 +26668,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -24115,7 +26688,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -24128,7 +26708,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -24141,7 +26728,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -24154,7 +26748,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_portile2@2.8.7", @@ -24167,7 +26768,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -24180,7 +26788,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -24193,7 +26808,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -24206,7 +26828,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -24219,7 +26848,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -24232,7 +26868,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -24245,7 +26888,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -24258,7 +26908,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -24271,7 +26928,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -24284,7 +26948,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -24297,7 +26968,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -24310,7 +26988,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/racc@1.8.1", @@ -24323,7 +27008,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -24360,7 +27052,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -24373,7 +27072,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -24386,7 +27092,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -24399,7 +27112,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -24412,7 +27132,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -24425,7 +27152,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -24462,7 +27196,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -24475,7 +27216,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -24488,7 +27236,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -24501,7 +27256,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -24514,7 +27276,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -24583,7 +27352,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-expectations@3.13.1", @@ -24596,7 +27372,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -24609,7 +27392,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -24622,7 +27412,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -24711,7 +27508,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -24724,7 +27528,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -24737,7 +27548,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/timeout@0.4.1", @@ -24750,7 +27568,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -24763,7 +27588,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -24776,7 +27608,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -24789,7 +27628,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -24802,7 +27648,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -24839,7 +27692,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -24852,7 +27712,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -24913,7 +27780,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -25014,7 +27888,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -25031,7 +27912,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -25226,7 +28114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -25243,7 +28138,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.0.0", @@ -25260,7 +28162,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -25277,7 +28186,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -25482,7 +28398,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -25882,7 +28805,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5333,/"line_end/":5386,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/aws/aws-sdk-php@3.317.2", @@ -25947,7 +28877,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":69,/"line_end/":137,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dflydev/dot-access-data@v3.0.3", @@ -25960,7 +28897,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":138,/"line_end/":212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/doctrine/inflector@2.0.10", @@ -25997,7 +28941,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":304,/"line_end/":380,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/dragonmantank/cron-expression@v3.3.3", @@ -26110,7 +29061,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":580,/"line_end/":641,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/guzzle@7.9.2", @@ -26147,7 +29105,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":768,/"line_end/":850,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/psr7@2.7.0", @@ -26160,7 +29125,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":851,/"line_end/":966,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/guzzlehttp/uri-template@v1.0.3", @@ -26201,7 +29173,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5545,/"line_end/":5595,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/collections@v11.19.0", @@ -26214,7 +29193,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1053,/"line_end/":1107,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/conditionable@v11.19.0", @@ -26227,7 +29213,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1108,/"line_end/":1153,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/contracts@v11.19.0", @@ -26240,7 +29233,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1154,/"line_end/":1201,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/illuminate/macroable@v11.19.0", @@ -26253,7 +29253,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1202,/"line_end/":1247,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/laravel/prompts@v0.1.24", @@ -26338,7 +29345,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1472,/"line_end/":1553,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-aws-s3-v3@3.28.0", @@ -26383,7 +29397,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5734,/"line_end/":5782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/flysystem-path-prefixing@3.28.0", @@ -26456,7 +29477,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5596,/"line_end/":5678,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/league/mime-type-detection@1.15.0", @@ -26473,7 +29501,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5876,/"line_end/":5931,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/mockery/mockery@1.6.12", @@ -26542,7 +29577,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6015,/"line_end/":6080,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/myclabs/deep-copy@1.12.0", @@ -26559,7 +29601,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6081,/"line_end/":6140,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nesbot/carbon@3.7.0", @@ -26596,7 +29645,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1761,/"line_end/":1822,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nette/utils@v4.0.4", @@ -26609,7 +29665,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1823,/"line_end/":1908,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nikic/php-parser@v5.1.0", @@ -26626,7 +29689,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6141,/"line_end/":6198,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/nunomaduro/termwind@v2.0.1", @@ -26723,7 +29793,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6343,/"line_end/":6409,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phar-io/version@3.2.1", @@ -26740,7 +29817,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6410,/"line_end/":6460,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpoption/phpoption@1.9.3", @@ -26753,7 +29837,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":1997,/"line_end/":2071,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpstan/phpstan@1.11.9", @@ -26798,7 +29889,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6519,/"line_end/":6596,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-file-iterator@5.0.1", @@ -26815,7 +29913,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6597,/"line_end/":6657,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-invoker@5.0.1", @@ -26832,7 +29937,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6658,/"line_end/":6721,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-text-template@4.0.1", @@ -26849,7 +29961,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6722,/"line_end/":6781,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/php-timer@7.0.1", @@ -26866,7 +29985,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":6782,/"line_end/":6841,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/phpunit/phpunit@11.3.0", @@ -26939,7 +30065,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7003,/"line_end/":7051,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/clock@1.0.0", @@ -26952,7 +30085,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2072,/"line_end/":2119,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/container@2.0.2", @@ -26989,7 +30129,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2173,/"line_end/":2222,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-client@1.0.3", @@ -27002,7 +30149,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2223,/"line_end/":2274,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-factory@1.1.0", @@ -27015,7 +30169,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2275,/"line_end/":2329,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/http-message@2.0", @@ -27028,7 +30189,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2330,/"line_end/":2382,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/psr/log@3.0.0", @@ -27089,7 +30257,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2484,/"line_end/":2527,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/collection@2.0.0", @@ -27102,7 +30277,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2528,/"line_end/":2616,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/ramsey/uuid@4.7.6", @@ -27171,7 +30353,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7109,/"line_end/":7170,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/cli-parser@3.0.2", @@ -27188,7 +30377,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7171,/"line_end/":7227,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit-reverse-lookup@4.0.1", @@ -27205,7 +30401,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7285,/"line_end/":7340,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/code-unit@3.0.1", @@ -27222,7 +30425,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7228,/"line_end/":7284,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/comparator@6.0.1", @@ -27239,7 +30449,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7341,/"line_end/":7417,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/complexity@4.0.1", @@ -27256,7 +30473,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7418,/"line_end/":7475,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/diff@6.0.2", @@ -27273,7 +30497,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7476,/"line_end/":7542,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/environment@7.2.0", @@ -27290,7 +30521,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7543,/"line_end/":7606,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/exporter@6.1.3", @@ -27307,7 +30545,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7607,/"line_end/":7684,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/global-state@7.0.2", @@ -27324,7 +30569,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7685,/"line_end/":7746,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/lines-of-code@3.0.1", @@ -27341,7 +30593,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7747,/"line_end/":7804,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-enumerator@6.0.1", @@ -27358,7 +30617,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7805,/"line_end/":7862,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/object-reflector@4.0.1", @@ -27375,7 +30641,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7863,/"line_end/":7918,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/recursion-context@6.0.2", @@ -27392,7 +30665,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7919,/"line_end/":7982,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/type@5.0.1", @@ -27409,7 +30689,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":7983,/"line_end/":8039,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/sebastian/version@5.0.1", @@ -27426,7 +30713,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8040,/"line_end/":8093,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache-contracts@v3.5.0", @@ -27443,7 +30737,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8191,/"line_end/":8266,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/cache@v7.1.3", @@ -27484,7 +30785,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2709,/"line_end/":2782,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/console@v7.1.3", @@ -27521,7 +30829,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2876,/"line_end/":2940,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/deprecation-contracts@v3.5.0", @@ -27534,7 +30849,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":2941,/"line_end/":3007,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/error-handler@v7.1.3", @@ -27571,7 +30893,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3163,/"line_end/":3238,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/event-dispatcher@v7.1.1", @@ -27584,7 +30913,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3083,/"line_end/":3162,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/finder@v7.1.3", @@ -27625,7 +30961,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8361,/"line_end/":8438,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/http-client@v7.1.3", @@ -27762,7 +31105,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3658,/"line_end/":3736,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-grapheme@v1.30.0", @@ -27775,7 +31125,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3737,/"line_end/":3814,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-idn@v1.30.0", @@ -27788,7 +31145,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3815,/"line_end/":3898,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-intl-normalizer@v1.30.0", @@ -27801,7 +31165,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3899,/"line_end/":3979,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-mbstring@v1.30.0", @@ -27814,7 +31185,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":3980,/"line_end/":4059,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php72@v1.30.0", @@ -27827,7 +31205,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4060,/"line_end/":4132,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php80@v1.30.0", @@ -27840,7 +31225,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4133,/"line_end/":4212,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/polyfill-php83@v1.30.0", @@ -27877,7 +31269,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4289,/"line_end/":4367,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/process@v7.1.3", @@ -27966,7 +31365,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4510,/"line_end/":4592,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/string@v7.1.3", @@ -27979,7 +31385,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4593,/"line_end/":4679,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation-contracts@v3.5.0", @@ -27992,7 +31405,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4774,/"line_end/":4851,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/translation@v7.1.3", @@ -28005,7 +31425,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":4680,/"line_end/":4773,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/symfony/uid@v7.1.1", @@ -28070,7 +31497,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8522,/"line_end/":8597,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/theseer/tokenizer@1.2.3", @@ -28087,7 +31521,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":8598,/"line_end/":8647,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:composer/tijsverkoyen/css-to-inline-styles@v2.2.7", @@ -28172,7 +31613,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer/composer.lock/",/"line_start/":5220,/"line_end/":5277,/"column_start/":9,/"column_end/":10}}" + } + ] + } }, { "bom-ref": "pkg:conan/zlib@1.2.11", @@ -28185,7 +31633,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Conan" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"conan.lock/",/"line_start/":13,/"line_end/":19,/"column_start/":7,/"column_end/":8}}" + } + ] + } }, { "bom-ref": "pkg:gem/RedCloth@4.2.9", @@ -28222,7 +31677,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":6,/"line_end/":6,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailbox@7.1.2", @@ -28235,7 +31697,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":12,/"line_end/":12,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionmailer@7.1.2", @@ -28248,7 +31717,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":22,/"line_end/":22,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionpack@7.1.2", @@ -28261,7 +31737,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":32,/"line_end/":32,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actiontext@7.1.2", @@ -28274,7 +31757,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":42,/"line_end/":42,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/actionview@7.1.2", @@ -28287,7 +31777,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":49,/"line_end/":49,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/activejob@7.1.2", @@ -28300,7 +31797,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":55,/"line_end/":55,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/activemodel@7.1.2", @@ -28313,7 +31817,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":58,/"line_end/":58,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/activerecord@7.1.2", @@ -28326,7 +31837,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":60,/"line_end/":60,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/activestorage@7.1.2", @@ -28339,7 +31857,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":64,/"line_end/":64,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/activesupport@7.1.2", @@ -28352,7 +31877,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":70,/"line_end/":70,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/addressable@2.8.7", @@ -28365,7 +31897,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":107,/"line_end/":107,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/base64@0.2.0", @@ -28378,7 +31917,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":109,/"line_end/":109,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/bigdecimal@3.1.8", @@ -28391,7 +31937,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":110,/"line_end/":110,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/builder@3.3.0", @@ -28404,7 +31957,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":111,/"line_end/":111,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/capybara@3.39.2", @@ -28417,7 +31977,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":112,/"line_end/":112,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/childprocess@5.0.0", @@ -28430,7 +31997,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":121,/"line_end/":121,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/chronic@0.10.2", @@ -28491,7 +32065,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":124,/"line_end/":124,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/connection_pool@2.4.1", @@ -28504,7 +32085,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":125,/"line_end/":125,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:gem/crass@1.0.6", @@ -28517,7 +32105,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":126,/"line_end/":126,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-ci-environment@10.0.1", @@ -28530,7 +32125,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":139,/"line_end/":139,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-core@13.0.3", @@ -28543,7 +32145,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":140,/"line_end/":140,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-cucumber-expressions@17.1.0", @@ -28556,7 +32165,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":144,/"line_end/":144,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-gherkin@27.0.0", @@ -28569,7 +32185,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":146,/"line_end/":146,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-html-formatter@21.4.1", @@ -28582,7 +32205,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":148,/"line_end/":148,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-messages@22.0.0", @@ -28595,7 +32225,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":150,/"line_end/":150,/"column_start/":1,/"column_end/":31}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-rails@1.4.0", @@ -28636,7 +32273,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":156,/"line_end/":156,/"column_start/":1,/"column_end/":37}}" + } + ] + } }, { "bom-ref": "pkg:gem/cucumber-websteps@0.10.0", @@ -28677,7 +32321,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":127,/"line_end/":127,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-active_record@2.2.0", @@ -28690,7 +32341,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":163,/"line_end/":163,/"column_start/":1,/"column_end/":43}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner-core@2.0.1", @@ -28703,7 +32361,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":166,/"line_end/":166,/"column_start/":1,/"column_end/":34}}" + } + ] + } }, { "bom-ref": "pkg:gem/database_cleaner@2.0.2", @@ -28744,7 +32409,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":167,/"line_end/":167,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/diff-lcs@1.5.1", @@ -28757,7 +32429,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":168,/"line_end/":168,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/drb@2.2.1", @@ -28770,7 +32449,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":169,/"line_end/":169,/"column_start/":1,/"column_end/":16}}" + } + ] + } }, { "bom-ref": "pkg:gem/erubi@1.13.0", @@ -28783,7 +32469,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":170,/"line_end/":170,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/factory_girl@4.9.0", @@ -28824,7 +32517,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":173,/"line_end/":173,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/globalid@1.2.1", @@ -28837,7 +32537,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":174,/"line_end/":174,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/i18n@1.14.5", @@ -28850,7 +32557,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":176,/"line_end/":176,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/io-console@0.7.2", @@ -28863,7 +32577,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":178,/"line_end/":178,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/irb@1.14.0", @@ -28876,7 +32597,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":179,/"line_end/":179,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/jquery-rails@4.6.0", @@ -28913,7 +32641,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":186,/"line_end/":186,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/loofah@2.22.0", @@ -28926,7 +32661,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":189,/"line_end/":189,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/mail@2.8.1", @@ -28939,7 +32681,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":192,/"line_end/":192,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/marcel@1.0.4", @@ -28952,7 +32701,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":197,/"line_end/":197,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/matrix@0.4.2", @@ -28965,7 +32721,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":198,/"line_end/":198,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_mime@1.1.5", @@ -28978,7 +32741,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":199,/"line_end/":199,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/mini_portile2@2.8.7", @@ -28991,7 +32761,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":200,/"line_end/":200,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/minitest@5.24.1", @@ -29004,7 +32781,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":201,/"line_end/":201,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/multi_test@1.1.0", @@ -29017,7 +32801,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":202,/"line_end/":202,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:gem/mutex_m@0.2.0", @@ -29030,7 +32821,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":203,/"line_end/":203,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-imap@0.4.14", @@ -29043,7 +32841,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":204,/"line_end/":204,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-pop@0.1.2", @@ -29056,7 +32861,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":207,/"line_end/":207,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-protocol@0.2.2", @@ -29069,7 +32881,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":209,/"line_end/":209,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/net-smtp@0.5.0", @@ -29082,7 +32901,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":211,/"line_end/":211,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/nio4r@2.7.3", @@ -29095,7 +32921,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":213,/"line_end/":213,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/nokogiri@1.15.6", @@ -29108,7 +32941,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":214,/"line_end/":214,/"column_start/":1,/"column_end/":35}}" + } + ] + } }, { "bom-ref": "pkg:gem/psych@5.1.2", @@ -29121,7 +32961,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":216,/"line_end/":216,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/public_suffix@5.1.1", @@ -29134,7 +32981,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":218,/"line_end/":218,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/racc@1.8.1", @@ -29147,7 +33001,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":219,/"line_end/":219,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-openid@1.4.2", @@ -29184,7 +33045,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":224,/"line_end/":224,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack-test@2.1.0", @@ -29197,7 +33065,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":226,/"line_end/":226,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/rack@3.1.7", @@ -29210,7 +33085,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":220,/"line_end/":220,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/rackup@2.1.0", @@ -29223,7 +33105,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":228,/"line_end/":228,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-dom-testing@2.2.0", @@ -29236,7 +33125,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":231,/"line_end/":231,/"column_start/":1,/"column_end/":30}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails-html-sanitizer@1.6.0", @@ -29249,7 +33145,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":235,/"line_end/":235,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/rails@7.1.2", @@ -29286,7 +33189,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":94,/"line_end/":94,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/rake@13.2.1", @@ -29299,7 +33209,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":238,/"line_end/":238,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/rdoc@6.7.0", @@ -29312,7 +33229,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":239,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/regexp_parser@2.9.2", @@ -29325,7 +33249,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":241,/"line_end/":241,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:gem/reline@0.5.9", @@ -29338,7 +33269,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":242,/"line_end/":242,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-activemodel-mocks@1.2.0", @@ -29407,7 +33345,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":254,/"line_end/":254,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-expectations@3.13.1", @@ -29420,7 +33365,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":256,/"line_end/":256,/"column_start/":1,/"column_end/":32}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-mocks@3.13.1", @@ -29433,7 +33385,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":259,/"line_end/":259,/"column_start/":1,/"column_end/":25}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec-support@3.13.1", @@ -29446,7 +33405,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":262,/"line_end/":262,/"column_start/":1,/"column_end/":27}}" + } + ] + } }, { "bom-ref": "pkg:gem/rspec@3.13.0", @@ -29535,7 +33501,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":266,/"line_end/":266,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:gem/sys-uname@1.3.0", @@ -29548,7 +33521,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":267,/"line_end/":267,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:gem/thor@1.3.1", @@ -29561,7 +33541,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":269,/"line_end/":269,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:gem/timeout@0.4.1", @@ -29574,7 +33561,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":270,/"line_end/":270,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/tzinfo@2.0.6", @@ -29587,7 +33581,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":271,/"line_end/":271,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:gem/webrick@1.8.1", @@ -29600,7 +33601,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":273,/"line_end/":273,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-driver@0.7.6", @@ -29613,7 +33621,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":274,/"line_end/":274,/"column_start/":1,/"column_end/":29}}" + } + ] + } }, { "bom-ref": "pkg:gem/websocket-extensions@0.1.5", @@ -29626,7 +33641,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":276,/"line_end/":276,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:gem/will_paginate@3.0.12", @@ -29663,7 +33685,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":278,/"line_end/":278,/"column_start/":1,/"column_end/":18}}" + } + ] + } }, { "bom-ref": "pkg:gem/zeitwerk@2.6.17", @@ -29676,7 +33705,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":280,/"line_end/":280,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:golang/github.com/BurntSushi/toml@1.0.0", @@ -29737,7 +33773,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Hex" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"mix.lock/",/"line_start/":2,/"line_end/":2,/"column_start/":1,/"column_end/":421}}" + } + ] + } }, { "bom-ref": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2", @@ -29838,7 +33881,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-groovy/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.hamcrest/hamcrest-core@1.3", @@ -29855,7 +33905,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Gradle" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"gradle-kotlin/gradle.lockfile/",/"line_start/":5,/"line_end/":5,/"column_start/":1,/"column_end/":73}}" + } + ] + } }, { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test", @@ -30050,7 +34107,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":35,/"line_end/":42,/"column_start/":3,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/lodash@4.17.20", @@ -30067,7 +34131,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":44,/"line_end/":45,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.0.0", @@ -30084,7 +34155,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":47,/"line_end/":48,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.2", @@ -30101,7 +34179,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pnpm" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pnpm-9/pnpm-lock.yaml/",/"line_start/":50,/"line_end/":51,/"column_start/":3,/"column_end/":125}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -30306,7 +34391,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Pub" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"pubspec.lock/",/"line_start/":4,/"line_end/":10,/"column_start/":3,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:pypi/beautifulsoup4@4.9.3", @@ -30768,7 +34860,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Composer" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"composer.lock/",/"line_start/":9,/"line_end/":39,/"column_start/":5,/"column_end/":6}}" + } + ] + } }, { "bom-ref": "pkg:gem/ast@2.4.2", @@ -30785,7 +34884,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Bundler" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"Gemfile.lock/",/"line_start/":4,/"line_end/":4,/"column_start/":1,/"column_end/":16}}" + } + ] + } } ] } @@ -30826,7 +34932,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":5,/"line_end/":10,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -30839,7 +34952,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":12,/"line_end/":15,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -30852,7 +34972,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":17,/"line_end/":23,/"column_start/":1,/"column_end/":26}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -30865,7 +34992,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":25,/"line_end/":28,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -30878,7 +35012,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":30,/"line_end/":36,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -30891,7 +35032,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":38,/"line_end/":41,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -30904,7 +35052,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":46,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -30941,7 +35096,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":64,/"line_end/":70,/"column_start/":1,/"column_end/":47}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", @@ -30954,7 +35116,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":72,/"line_end/":80,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -30967,7 +35136,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":82,/"line_end/":85,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -30980,7 +35156,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":87,/"line_end/":98,/"column_start/":1,/"column_end/":22}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -30993,7 +35176,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":100,/"line_end/":112,/"column_start/":1,/"column_end/":20}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -31006,7 +35196,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":114,/"line_end/":120,/"column_start/":1,/"column_end/":33}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -31019,7 +35216,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":122,/"line_end/":125,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -31032,7 +35236,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":127,/"line_end/":132,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -31054,6 +35265,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":134,/"line_end/":139,/"column_start/":1,/"column_end/":16}}" } ] } @@ -31069,7 +35283,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":141,/"line_end/":146,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -31082,7 +35303,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":148,/"line_end/":154,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -31095,7 +35323,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":156,/"line_end/":159,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -31108,7 +35343,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":166,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -31121,7 +35363,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":168,/"line_end/":171,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -31134,7 +35383,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":173,/"line_end/":176,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -31147,7 +35403,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":187,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -31160,7 +35423,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":189,/"line_end/":194,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -31173,7 +35443,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":196,/"line_end/":201,/"column_start/":1,/"column_end/":28}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -31186,7 +35463,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":203,/"line_end/":208,/"column_start/":1,/"column_end/":21}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -31199,7 +35483,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":210,/"line_end/":220,/"column_start/":1,/"column_end/":19}}" + } + ] + } }, { "bom-ref": "pkg:npm/graphemer@1.4.0", @@ -31212,7 +35503,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":222,/"line_end/":225,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -31225,7 +35523,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":227,/"line_end/":230,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -31238,7 +35543,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":232,/"line_end/":235,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -31251,7 +35563,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":237,/"line_end/":242,/"column_start/":1,/"column_end/":24}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -31264,7 +35583,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":244,/"line_end/":247,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -31277,7 +35603,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":249,/"line_end/":252,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -31290,7 +35623,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":254,/"line_end/":260,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -31303,7 +35643,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":262,/"line_end/":265,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -31316,7 +35663,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":267,/"line_end/":270,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -31329,7 +35683,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":272,/"line_end/":275,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -31342,7 +35703,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":277,/"line_end/":280,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -31355,7 +35723,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":282,/"line_end/":285,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -31368,7 +35743,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":287,/"line_end/":290,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -31381,7 +35763,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":292,/"line_end/":297,/"column_start/":1,/"column_end/":29}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -31394,7 +35783,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":299,/"line_end/":302,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -31407,7 +35803,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":304,/"line_end/":307,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -31420,7 +35823,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":23}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -31433,7 +35843,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":319,/"column_start/":1,/"column_end/":108}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -31446,7 +35863,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":321,/"line_end/":326,/"column_start/":1,/"column_end/":19}}" + } + ] + } } ] } @@ -31487,7 +35911,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -31500,7 +35931,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -31513,7 +35951,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -31526,7 +35971,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -31539,7 +35991,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -31552,7 +36011,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -31565,7 +36031,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":65,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -31602,7 +36075,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":91,/"line_end/":99,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", @@ -31615,7 +36095,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":101,/"line_end/":116,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -31628,7 +36115,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":118,/"line_end/":123,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -31641,7 +36135,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":125,/"line_end/":141,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -31654,7 +36155,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":143,/"line_end/":159,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -31667,7 +36175,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":169,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -31680,7 +36195,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":171,/"line_end/":176,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -31693,7 +36215,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":185,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -31715,6 +36244,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":187,/"line_end/":197,/"column_start/":1,/"column_end/":17}}" } ] } @@ -31730,7 +36262,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":199,/"line_end/":206,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -31743,7 +36282,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":208,/"line_end/":216,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -31756,7 +36302,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":218,/"line_end/":223,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -31769,7 +36322,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":225,/"line_end/":232,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -31782,7 +36342,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":234,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -31795,7 +36362,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":246,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -31808,7 +36382,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":248,/"line_end/":259,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -31821,7 +36402,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":261,/"line_end/":268,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -31834,7 +36422,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":270,/"line_end/":277,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -31847,7 +36442,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":279,/"line_end/":286,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -31860,10 +36462,17 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] - }, - { - "bom-ref": "pkg:npm/graphemer@1.4.0", + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":288,/"line_end/":300,/"column_start/":1,/"column_end/":17}}" + } + ] + } + }, + { + "bom-ref": "pkg:npm/graphemer@1.4.0", "type": "library", "name": "graphemer", "version": "1.4.0", @@ -31873,7 +36482,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":302,/"line_end/":307,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -31886,7 +36502,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -31899,7 +36522,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":321,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -31912,7 +36542,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":323,/"line_end/":330,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -31925,7 +36562,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":332,/"line_end/":337,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -31938,7 +36582,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":339,/"line_end/":344,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -31951,7 +36602,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":346,/"line_end/":354,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -31964,7 +36622,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":356,/"line_end/":361,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -31977,7 +36642,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":363,/"line_end/":368,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -31990,7 +36662,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":370,/"line_end/":375,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -32003,7 +36682,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":377,/"line_end/":382,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -32016,7 +36702,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":384,/"line_end/":389,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -32029,7 +36722,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":391,/"line_end/":396,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -32042,7 +36742,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":398,/"line_end/":405,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -32055,7 +36762,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":407,/"line_end/":414,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -32068,7 +36782,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":416,/"line_end/":421,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -32081,7 +36802,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":432,/"line_end/":439,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -32094,7 +36822,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":441,/"line_end/":446,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -32107,7 +36842,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":448,/"line_end/":457,/"column_start/":1,/"column_end/":17}}" + } + ] + } } ] } @@ -32148,7 +36890,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":8,/"line_end/":17,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40eslint-community%2Fregexpp@4.12.1", @@ -32161,7 +36910,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":19,/"line_end/":24,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.scandir@2.1.5", @@ -32174,7 +36930,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":26,/"line_end/":34,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.stat@2.0.5", @@ -32187,7 +36950,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":36,/"line_end/":41,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40nodelib%2Ffs.walk@1.2.8", @@ -32200,7 +36970,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":43,/"line_end/":51,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fjson-schema@7.0.15", @@ -32213,7 +36990,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":53,/"line_end/":58,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40types%2Fsemver@7.5.8", @@ -32226,7 +37010,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":60,/"line_end/":65,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Feslint-plugin@5.62.0", @@ -32263,7 +37054,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":91,/"line_end/":99,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftype-utils@5.62.0", @@ -32276,7 +37074,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":101,/"line_end/":116,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypes@5.62.0", @@ -32289,7 +37094,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":118,/"line_end/":123,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Ftypescript-estree@5.62.0", @@ -32302,7 +37114,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":125,/"line_end/":141,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Futils@5.62.0", @@ -32315,7 +37134,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":143,/"line_end/":159,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/%40typescript-eslint%2Fvisitor-keys@5.62.0", @@ -32328,7 +37154,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":161,/"line_end/":169,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/array-union@2.1.0", @@ -32341,7 +37174,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":171,/"line_end/":176,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/braces@3.0.3", @@ -32354,7 +37194,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":178,/"line_end/":185,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/debug@4.4.0", @@ -32376,6 +37223,9 @@ No package sources found. Use the 'parsers list' command to view supported lockf "occurrences": [ { "location": "{/"block/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":9,/"column_end/":25,/"role/":/"manifest/"},/"name/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":10,/"column_end/":15,/"role/":/"manifest/"},/"version/":{/"file_name/":/"package.json/",/"line_start/":11,/"line_end/":11,/"column_start/":19,/"column_end/":24,/"role/":/"manifest/"}}" + }, + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":187,/"line_end/":197,/"column_start/":1,/"column_end/":17}}" } ] } @@ -32391,7 +37241,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":199,/"line_end/":206,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-scope@5.1.1", @@ -32404,7 +37261,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":208,/"line_end/":216,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/eslint-visitor-keys@3.4.3", @@ -32417,7 +37281,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":218,/"line_end/":223,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/esrecurse@4.3.0", @@ -32430,7 +37301,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":225,/"line_end/":232,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@4.3.0", @@ -32443,7 +37321,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":234,/"line_end/":239,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/estraverse@5.3.0", @@ -32456,7 +37341,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":241,/"line_end/":246,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fast-glob@3.3.2", @@ -32469,7 +37361,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":248,/"line_end/":259,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fastq@1.18.0", @@ -32482,7 +37381,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":261,/"line_end/":268,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/fill-range@7.1.1", @@ -32495,7 +37401,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":270,/"line_end/":277,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/glob-parent@5.1.2", @@ -32508,7 +37421,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":279,/"line_end/":286,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/globby@11.1.0", @@ -32521,7 +37441,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":288,/"line_end/":300,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/graphemer@1.4.0", @@ -32534,7 +37461,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":302,/"line_end/":307,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/ignore@5.3.2", @@ -32547,7 +37481,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":309,/"line_end/":314,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-extglob@2.1.1", @@ -32560,7 +37501,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":316,/"line_end/":321,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-glob@4.0.3", @@ -32573,7 +37521,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":323,/"line_end/":330,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/is-number@7.0.0", @@ -32586,7 +37541,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":332,/"line_end/":337,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/merge2@1.4.1", @@ -32599,7 +37561,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":339,/"line_end/":344,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/micromatch@4.0.8", @@ -32612,7 +37581,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":346,/"line_end/":354,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/ms@2.1.3", @@ -32625,7 +37601,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":356,/"line_end/":361,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/natural-compare-lite@1.4.0", @@ -32638,7 +37621,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":363,/"line_end/":368,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/path-type@4.0.0", @@ -32651,7 +37641,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":370,/"line_end/":375,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/picomatch@2.3.1", @@ -32664,7 +37661,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":377,/"line_end/":382,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/queue-microtask@1.2.3", @@ -32677,7 +37681,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":384,/"line_end/":389,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/reusify@1.0.4", @@ -32690,7 +37701,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":391,/"line_end/":396,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/run-parallel@1.2.0", @@ -32703,7 +37721,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":398,/"line_end/":405,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/semver@7.6.3", @@ -32716,7 +37741,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":407,/"line_end/":414,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/slash@3.0.0", @@ -32729,7 +37761,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":416,/"line_end/":421,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/to-regex-range@5.0.1", @@ -32742,7 +37781,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":432,/"line_end/":439,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/tslib@1.14.1", @@ -32755,7 +37801,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":441,/"line_end/":446,/"column_start/":1,/"column_end/":17}}" + } + ] + } }, { "bom-ref": "pkg:npm/tsutils@3.21.0", @@ -32768,7 +37821,14 @@ No package sources found. Use the 'parsers list' command to view supported lockf "name": "datadog:package-manager", "value": "Yarn" } - ] + ], + "evidence": { + "occurrences": [ + { + "location": "{/"block/":{/"file_name/":/"yarn.lock/",/"line_start/":448,/"line_end/":457,/"column_start/":1,/"column_end/":17}}" + } + ] + } } ] }