uv-sbom 2.4.0

SBOM generation tool for uv projects - Generate CycloneDX SBOMs from uv.lock files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

// Types for the dependency-diff feature; wired to the binary in a subsequent CLI integration subtask of #224.
#![allow(dead_code)]

/// Classification of how a package changed between two dependency snapshots.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum ChangeType {
    Added,
    Removed,
    Updated,
    Unchanged,
}

/// Per-package record describing how one package changed.
///
/// `old_version` / `new_version` semantics:
/// - Added:     old = None,          new = Some(version)
/// - Removed:   old = Some(version), new = None
/// - Updated:   old = Some(_),       new = Some(_)  (versions differ)
/// - Unchanged: old = Some(v),       new = Some(v)  (same version)
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct PackageChange {
    pub package_name: String,
    pub change_type: ChangeType,
    pub old_version: Option<String>,
    pub new_version: Option<String>,
    pub license: Option<String>,
    pub vulnerability_count: usize,
}

/// Aggregate counts across all changes in a diff.
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct DiffSummary {
    pub added: usize,
    pub removed: usize,
    pub updated: usize,
    pub unchanged: usize,
}

/// Result of comparing two dependency snapshots.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DependencyDiff {
    pub base_ref: String,
    pub changes: Vec<PackageChange>,
    pub summary: DiffSummary,
}