Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug: Getting Invalid purl: version must be percent-encoded error #40

Closed
stevehipwell opened this issue Jun 10, 2024 · 3 comments · Fixed by #42
Closed

bug: Getting Invalid purl: version must be percent-encoded error #40

stevehipwell opened this issue Jun 10, 2024 · 3 comments · Fixed by #42
Assignees

Comments

@stevehipwell
Copy link

I'm seeing the Invalid purl: version must be percent-encoded error using v0.1.0 in workflows which were working correctly on v0.0.1. This is likely due to the packageurl-js dependency (via @github/dependency-submission-toolkit). See example workflow.

FYI I think package-url/packageurl-js#61 may possibly fix this.

@GeekMasher GeekMasher self-assigned this Jun 12, 2024
@GeekMasher
Copy link
Contributor

Thanks for raising this @stevehipwell, I have seen this issue when updating the packages and I thought I had fixed this myself.

Let me see what I can do to fix this

@GeekMasher
Copy link
Contributor

@stevehipwell I've created this PR #42 that should help fix the issue. If there are issues with the PURL, it will show them as warnings + I've added better testing support.

You can try out this PR before I merge by using the following (once merged it will go)

- name: SBOM upload
  uses: advanced-security/spdx-dependency-submission-action@hotfix-purl

I'm not 100% sure why its failing to parse the PURL but at least now it will upload + tell you which PURL caused the errors.

@GeekMasher
Copy link
Contributor

@stevehipwell Please me me know if you have any other issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants