From 37167633183b413b04df963d29e443a6a8117c04 Mon Sep 17 00:00:00 2001
From: Hendrik Borchardt <hendrik.borchardt@gmail.com>
Date: Wed, 22 Mar 2023 22:46:28 +0100
Subject: [PATCH 1/3] Add spdx expression field to component dialog and list

The licenseExpression field has been added to the component model in the
backend.
Show it and make it editable in the component popup, and show it in the
component list's "license" column if no resolved license is available.

Signed-off-by: Hendrik Borchardt <hendrik.borchardt@gmail.com>
---
 src/i18n/locales/en.json                               | 2 ++
 src/views/portfolio/projects/ComponentDetailsModal.vue | 3 +++
 src/views/portfolio/projects/ProjectComponents.vue     | 6 +++++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index db78e4e78..822f2ef25 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -245,6 +245,7 @@
     "template": "Template",
     "source_header": "Source Header",
     "license_name": "License Name",
+    "license_expression": "SPDX Expression",
     "license_url": "License URL",
     "required_license_name": "The license name is required",
     "license_name_desc": "The name of the license as provided by the supplier",
@@ -310,6 +311,7 @@
     "component_swid_tagid_desc": "The ISO/IEC 19770-2:2015 (SWID) tag ID provided by the software vendor",
     "component_classifier_desc": "Specifies the type of component: Assets (applications, operating systems, and hardware) and non-assets (libraries, frameworks, and files)",
     "component_spdx_license_desc": "Specifies the SPDX license ID of the component",
+    "component_license_expression_desc": "Specifies license information for the component in the form of an SPDX expression",
     "component_license_url_desc": "Specifies the URL to the license of the component",
     "component_filename_desc": "Specifies the observed filename of the component",
     "component_hash_desc": "Specifies the observed hash value of the component using the preceding algorithm",
diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue
index 9649fed16..34495c0b1 100644
--- a/src/views/portfolio/projects/ComponentDetailsModal.vue
+++ b/src/views/portfolio/projects/ComponentDetailsModal.vue
@@ -66,6 +66,9 @@
                                      v-model="selectedLicense" :options="selectableLicenses"
                                      :label="$t('message.license')" :tooltip="$t('message.component_spdx_license_desc')"
                                      :disabled="this.isNotPermitted(PERMISSIONS.PORTFOLIO_MANAGEMENT)" />
+          <b-input-group-form-input id="component-license-expression" input-group-size="mb-3" type="text" v-model="component.licenseExpression"
+                                    required="false" :label="$t('message.license_expression')" :tooltip="$t('message.component_license_expression_desc')"
+                                    :readonly="this.isNotPermitted(PERMISSIONS.PORTFOLIO_MANAGEMENT)" />
           <b-input-group-form-input id="component-license-url-input" input-group-size="mb-3" type="text" v-model="component.licenseUrl"
                                     required="false" :label="$t('message.license_url')" :tooltip="$t('message.component_license_url_desc')"
                                     :readonly="this.isNotPermitted(PERMISSIONS.PORTFOLIO_MANAGEMENT)" />
diff --git a/src/views/portfolio/projects/ProjectComponents.vue b/src/views/portfolio/projects/ProjectComponents.vue
index 262d4980d..5ae80db45 100644
--- a/src/views/portfolio/projects/ProjectComponents.vue
+++ b/src/views/portfolio/projects/ProjectComponents.vue
@@ -130,8 +130,12 @@
               if (Object.prototype.hasOwnProperty.call(row, "resolvedLicense")) {
                 let licenseurl = "../../../licenses/" + row.resolvedLicense.licenseId;
                 return "<a href=\"" + licenseurl + "\">" + xssFilters.inHTMLData(row.resolvedLicense.licenseId) + "</a>";
-              } else {
+              } else if (value) {
                 return xssFilters.inHTMLData(common.valueWithDefault(value, ""));
+              } else if (row.licenseExpression) {
+                return xssFilters.inHTMLData(common.valueWithDefault(row.licenseExpression, ""));
+              } else {
+                return "";
               }
             }
           },

From 93989cf2328f1e58c3027a1ac3b946f3154ed38a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 02:05:30 +0000
Subject: [PATCH 2/3] build(deps): bump nginxinc/nginx-unprivileged in /docker

Bumps nginxinc/nginx-unprivileged from `0569600` to `279824e`.

---
updated-dependencies:
- dependency-name: nginxinc/nginx-unprivileged
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 docker/Dockerfile.alpine | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
index f85e78caa..a1a039efd 100644
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:05696001775e33798fccab756b8a9441671aa961718019d7097fb7c75dae69b6
+FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:279824ecfd934ab8cf08b5e4debabdc711c5768371203263f2d5c5141423ed80
 
 # Arguments that can be passed at build time
 ARG COMMIT_SHA=unknown

From 787a745c30163f3a3eae6c2e2a3beddff2cf1eb7 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Sun, 20 Aug 2023 00:11:31 +0200
Subject: [PATCH 3/3] Fix license expression input fields

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 src/views/portfolio/projects/ComponentDetailsModal.vue    | 3 +++
 src/views/portfolio/projects/ProjectAddComponentModal.vue | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/src/views/portfolio/projects/ComponentDetailsModal.vue b/src/views/portfolio/projects/ComponentDetailsModal.vue
index 34495c0b1..0f001160d 100644
--- a/src/views/portfolio/projects/ComponentDetailsModal.vue
+++ b/src/views/portfolio/projects/ComponentDetailsModal.vue
@@ -224,6 +224,7 @@
           author: this.component.author,
           description: this.component.description,
           license: this.selectedLicense,
+          licenseExpression: this.component.licenseExpression,
           licenseUrl: this.component.licenseUrl,
           filename: this.component.filename,
           classifier: this.component.classifier,
@@ -258,6 +259,8 @@
       retrieveLicenses: function() {
         let url = `${this.$api.BASE_URL}/${this.$api.URL_LICENSE_CONCISE}`;
         this.axios.get(url).then((response) => {
+          // Allow for license to be un-selected.
+          this.selectableLicenses.push({value: '', text: ''});
           for (let i = 0; i < response.data.length; i++) {
             let license = response.data[i];
             this.selectableLicenses.push({value: license.licenseId, text: license.name, uuid: license.uuid});
diff --git a/src/views/portfolio/projects/ProjectAddComponentModal.vue b/src/views/portfolio/projects/ProjectAddComponentModal.vue
index b3a2146e0..974cc0671 100644
--- a/src/views/portfolio/projects/ProjectAddComponentModal.vue
+++ b/src/views/portfolio/projects/ProjectAddComponentModal.vue
@@ -48,6 +48,10 @@
           <b-input-group-form-select id="component-license-input" required="false"
                                      v-model="selectedLicense" :options="selectableLicenses"
                                      :label="$t('message.license')" :tooltip="$t('message.component_spdx_license_desc')" />
+          <b-input-group-form-input id="component-license-expression" input-group-size="mb-3" type="text" v-model="component.licenseExpression"
+                                    required="false" :label="$t('message.license_expression')" :tooltip="$t('message.component_license_expression_desc')" />
+          <b-input-group-form-input id="component-license-url-input" input-group-size="mb-3" type="text" v-model="component.licenseUrl"
+                                    required="false" :label="$t('message.license_url')" :tooltip="$t('message.component_license_url_desc')" />
           <b-form-group
             id="component-copyright-form-group"
             :label="this.$t('message.copyright')"
@@ -138,6 +142,7 @@
           group: this.component.group,
           description: this.component.description,
           license: this.selectedLicense,
+          licenseExpression: this.component.licenseExpression,
           licenseUrl: this.component.licenseUrl,
           filename: this.component.filename,
           classifier: this.component.classifier,
@@ -167,6 +172,7 @@
           group: null,
           description: null,
           license: null,
+          licenseExpression: null,
           licenseUrl:null,
           filename: null,
           classifier: null,
@@ -186,6 +192,8 @@
       retrieveLicenses: function() {
         let url = `${this.$api.BASE_URL}/${this.$api.URL_LICENSE_CONCISE}`;
         this.axios.get(url).then((response) => {
+          // Allow for license to be un-selected.
+          this.selectableLicenses.push({value: '', text: ''});
           for (let i = 0; i < response.data.length; i++) {
             let license = response.data[i];
             this.selectableLicenses.push({value: license.licenseId, text: license.name});