From 1bef86e8cc466980747c1264e39af417fb424766 Mon Sep 17 00:00:00 2001
From: Erlend Oftedal <erlend@oftedal.no>
Date: Tue, 20 Aug 2024 11:12:06 +0200
Subject: [PATCH] Fix encoding of PURLs in SBOM output

---
 CHANGELOG.md      |  6 ++++++
 package-lock.json | 12 ++++++------
 package.json      |  4 ++--
 src/log.ts        |  6 +-----
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3dc3bc..0d6d30b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.6.3
+
+### Bugfix
+
+* Fix encoding of PURLs in SBOM output
+
 ## 1.6.2
 
 ### Bugfix
diff --git a/package-lock.json b/package-lock.json
index 82c162a..1145ba2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,17 +1,17 @@
 {
   "name": "retire-site-scanner",
-  "version": "1.6.2",
+  "version": "1.6.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "retire-site-scanner",
-      "version": "1.6.2",
+      "version": "1.6.3",
       "license": "Apache-2.0",
       "dependencies": {
         "cacheable-lookup": "^7.0.0",
         "puppeteer": "^23.1.0",
-        "retire": "^5.2.1",
+        "retire": "^5.2.2",
         "source-map": "^0.7.4"
       },
       "bin": {
@@ -2809,9 +2809,9 @@
       }
     },
     "node_modules/retire": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/retire/-/retire-5.2.1.tgz",
-      "integrity": "sha512-KbcaLTL4tJet+xbYxJA6s2htOsUaKYUpoXHbmme6/G3+DRyb6iVkcYjXmnJjTp29EAlyNrRMIp5Uti0SjRTqXA==",
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/retire/-/retire-5.2.2.tgz",
+      "integrity": "sha512-WDXqqFjSlmZTglW3ra/y6jcStqOAuVloPLyDatKXqq97H40vV5je3WstpSLEQD4L9JDJZl21siEWbDWTecYBFw==",
       "license": "Apache-2.0",
       "dependencies": {
         "ansi-colors": "^4.1.1",
diff --git a/package.json b/package.json
index 99b013f..95a60fe 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "author": "Erlend Oftedal <erlend@oftedal.no>",
   "name": "retire-site-scanner",
-  "version": "1.6.2",
+  "version": "1.6.3",
   "license": "Apache-2.0",
   "description": "A scanner for checking a web site using retire.js",
   "main": "dist/index.js",
@@ -24,7 +24,7 @@
   "dependencies": {
     "cacheable-lookup": "^7.0.0",
     "puppeteer": "^23.1.0",
-    "retire": "^5.2.1",
+    "retire": "^5.2.2",
     "source-map": "^0.7.4"
   },
   "devDependencies": {
diff --git a/src/log.ts b/src/log.ts
index e9fb871..f5aba7a 100644
--- a/src/log.ts
+++ b/src/log.ts
@@ -1,6 +1,7 @@
 type LogLevel = "DBG" | "INF" | "ERR" | "WRN" | "TRC";
 import crypto, { randomUUID } from "crypto";
 import { Component } from "retire/lib/types";
+import { generatePURL } from "retire/lib/reporters/utils";
 import { unique } from "./utils";
 const pjson = require("../package.json");
 
@@ -188,11 +189,6 @@ function formatContentTypes(
     .join(" ");
 }
 
-function generatePURL(component: Component): string {
-  if (component.basePurl) return component.basePurl + "@" + component.version;
-  return `pkg:npm/${component.npmname ?? component.component}@${component.version}`;
-}
-
 export function convertToCycloneDX(resultToConvert: typeof collectedResults) {
   const components = new Map<string, CycloneDXComponent>();
   const vulnerabilities: Array<CycloneDXVulnerability> = [];