Fix: Set version correctly for dotnet cpm directory packages (#2046)

prabhu · web-flow · commit 91db7fca0710 · 2025-07-10T14:54:48.000+01:00
* Update packages

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

* Bug fix. Version was undefined when using CPM with Directory.Packages.Props

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

---------

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/bin/cdxgen.js b/bin/cdxgen.js
@@ -402,6 +402,7 @@ if (process.env.GLOBAL_AGENT_HTTP_PROXY || process.env.HTTP_PROXY) {
     process.env.GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE = "";
   }
   globalAgent.bootstrap();
+  thoughtLog("Using the configured HTTP proxy. 🌐");
 }
 
 const filePath = args._[0] || process.cwd();
diff --git a/biome.json b/biome.json
@@ -1,5 +1,5 @@
 {
-  "$schema": "https://biomejs.dev/schemas/2.0.6/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.1.1/schema.json",
   "assist": {
     "actions": {
       "source": {
diff --git a/lib/cli/index.js b/lib/cli/index.js
@@ -3327,7 +3327,7 @@ export async function createNodejsBom(path, options) {
       });
     }
     if (safeExistsSync(pnpmLock)) {
-      let pnpmLockObj = await parsePnpmLock(pnpmLock);
+      const pnpmLockObj = await parsePnpmLock(pnpmLock);
       if (allImports && Object.keys(allImports).length) {
         pkgList = await addEvidenceForImports(
           pnpmLockObj.pkgList,
@@ -6609,11 +6609,11 @@ export async function createCsharpBom(path, options) {
       }
     }
   }
+  const pkgNameVersions = {};
   if (csProjFiles.length) {
     manifestFiles = manifestFiles.concat(csProjFiles);
     // Parsing csproj is quite error-prone. Some project files may not have versions specified
     // To work around this, we make use of the version from the existing list
-    const pkgNameVersions = {};
     for (const p of pkgList) {
       if (p.version) {
         pkgNameVersions[p.name] = p.version;
diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -692,6 +692,7 @@ export const cdxgenAgent = got.extend({
   retry: {
     limit: 0,
   },
+  followRedirect: !isSecureMode,
   hooks: {
     beforeRequest: [
       (options) => {
@@ -9822,7 +9823,7 @@ export function parseCsProjData(csProjData, projFile, pkgNameVersions = {}) {
           continue;
         }
         pkg.name = pref.Include;
-        pkg.version = pref.Version;
+        pkg.version = pref.Version || pkgNameVersions[pkg.name];
         pkg.purl = `pkg:nuget/${pkg.name}@${pkg.version}`;
         pkg["bom-ref"] = pkg.purl;
         if (projFile) {
@@ -9859,9 +9860,11 @@ export function parseCsProjData(csProjData, projFile, pkgNameVersions = {}) {
         pkg.name = incParts[0];
         pkg.properties = [];
         if (incParts.length > 1 && incParts[1].includes("Version")) {
-          pkg.version = incParts[1].replace("Version=", "").trim();
+          pkg.version =
+            incParts[1].replace("Version=", "").trim() ||
+            pkgNameVersions[pkg.name];
         }
-        const version = pkg.version || pkgNameVersions[pkg.name];
+        const version = pkg.version;
         if (version) {
           pkg.purl = `pkg:nuget/${pkg.name}@${version}`;
         } else {
diff --git a/package.json b/package.json
@@ -75,7 +75,7 @@
   "bugs": {
     "url": "https://github.com/cyclonedx/cdxgen/issues"
   },
-  "packageManager": "pnpm@10.12.4",
+  "packageManager": "pnpm@10.13.1",
   "lint-staged": {
     "*": "biome check --fix --no-errors-on-unmatched"
   },
@@ -139,7 +139,7 @@
     "index.cjs"
   ],
   "devDependencies": {
-    "@biomejs/biome": "2.0.6",
+    "@biomejs/biome": "2.1.1",
     "jest": "^30.0.4",
     "typescript": "^5.8.3"
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map

Original file line number	Diff line number	Diff line change
`@@ -402,6 +402,7 @@ if (process.env.GLOBAL_AGENT_HTTP_PROXY \|\| process.env.HTTP_PROXY) {`
`402`	`402`	`process.env.GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE = "";`
`403`	`403`	`}`
`404`	`404`	`globalAgent.bootstrap();`
	`405`	`+ thoughtLog("Using the configured HTTP proxy. 🌐");`
`405`	`406`	`}`
`406`	`407`
`407`	`408`	`const filePath = args._[0] \|\| process.cwd();`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "$schema": "https://biomejs.dev/schemas/2.0.6/schema.json",`
	`2`	`+ "$schema": "https://biomejs.dev/schemas/2.1.1/schema.json",`
`3`	`3`	`"assist": {`
`4`	`4`	`"actions": {`
`5`	`5`	`"source": {`
Original file line number	Diff line number	Diff line change
`@@ -3327,7 +3327,7 @@ export async function createNodejsBom(path, options) {`
`3327`	`3327`	`});`
`3328`	`3328`	`}`
`3329`	`3329`	`if (safeExistsSync(pnpmLock)) {`
`3330`		`- let pnpmLockObj = await parsePnpmLock(pnpmLock);`
	`3330`	`+ const pnpmLockObj = await parsePnpmLock(pnpmLock);`
`3331`	`3331`	`if (allImports && Object.keys(allImports).length) {`
`3332`	`3332`	`pkgList = await addEvidenceForImports(`
`3333`	`3333`	`pnpmLockObj.pkgList,`
`@@ -6609,11 +6609,11 @@ export async function createCsharpBom(path, options) {`
`6609`	`6609`	`}`
`6610`	`6610`	`}`
`6611`	`6611`	`}`
	`6612`	`+ const pkgNameVersions = {};`
`6612`	`6613`	`if (csProjFiles.length) {`
`6613`	`6614`	`manifestFiles = manifestFiles.concat(csProjFiles);`
`6614`	`6615`	`// Parsing csproj is quite error-prone. Some project files may not have versions specified`
`6615`	`6616`	`// To work around this, we make use of the version from the existing list`
`6616`		`- const pkgNameVersions = {};`
`6617`	`6617`	`for (const p of pkgList) {`
`6618`	`6618`	`if (p.version) {`
`6619`	`6619`	`pkgNameVersions[p.name] = p.version;`