ramanathan1504 commented on issue #3804:
URL:
https://github.com/apache/logging-log4j2/issues/3804#issuecomment-3226184657
@vy
Of course. Here is the exact diffoscope output.
#### **`2.23.0`**
The diffoscope command was run comparing the local build of `2.23.0` against
the official reference file.
The command produced no output.
#### **`2.23.1`**
Different between the local build and the official reference file.
**Result:**
```diff
--- target/reference/org.apache.logging.log4j/log4j-bom-2.23.1-cyclonedx.xml
+++ target/bom.xml
│ ---
target/reference/org.apache.logging.log4j/log4j-bom-2.23.1-cyclonedx.xml
├── +++ target/bom.xml
│ @@ -1,9 +1,9 @@
│ <?xml version="1.0" encoding="utf-8"?>
│ -<bom xmlns="http://cyclonedx.org/schema/bom/1.5"; version="1"
serialNumber="urn:uuid:79b4da93-8b1e-3748-8382-c91b2b199d8b">
│ +<bom xmlns="http://cyclonedx.org/schema/bom/1.5"; version="1"
serialNumber="urn:uuid:95e1b73f-02b8-3c9b-aa2e-f6c0d2869ac2">
│ <metadata>
│ <tools>
│ <tool>
│ <vendor>OWASP Foundation</vendor>
│ <name>CycloneDX Maven plugin</name>
│ <version>2.7.10</version>
│ <hashes>
```
#### **`2.25.1`**
The diffoscope output for the current version..
**Result:**
```diff
--- target/reference/org.apache.logging.log4j/log4j-bom-2.25.1-cyclonedx.xml
+++ target/bom.xml
│ ---
target/reference/org.apache.logging.log4j/log4j-bom-2.25.1-cyclonedx.xml
├── +++ target/bom.xml
│┄ Ordering differences only
│ @@ -367,45 +367,14 @@
│
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
│ </reference>
│ <reference type="vcs">
│ <url>https://code.google.com/p/jsr-305/</url>
│ </reference>
│ </externalReferences>
│ </component>
│ - <component type="library"
bom-ref="pkg:maven/org.jspecify/[email protected]?type=jar">
│ - <group>org.jspecify</group>
│ - <name>jspecify</name>
│ - <version>1.0.0</version>
│ - <description>An artifact of well-named and well-specified
annotations to power static analysis checks</description>
│ - <scope>required</scope>
...
│ - </component>
│ <component type="library"
bom-ref="pkg:maven/org.apache.logging.log4j/[email protected]?type=jar">
│ <publisher>The Apache Software Foundation</publisher>
│ <group>org.apache.logging.log4j</group>
│ <name>log4j-api</name>
│ <version>2.25.1</version>
│ <description>The logging API of the Log4j project.
│ Library and application code can log through this API.
│ @@ -435,14 +404,45 @@
│ <url>https://github.com/apache/logging-log4j2/issues</url>
│ </reference>
│ <reference type="mailing-list">
│
<url>https://lists.apache.org/[email protected]</url>
│ </reference>
│ <reference type="vcs">
│ <url>https://github.com/apache/logging-log4j2</url>
│ + </reference>
│ + </externalReferences>
│ + </component>
│ + <component type="library"
bom-ref="pkg:maven/org.jspecify/[email protected]?type=jar">
│ + <group>org.jspecify</group>
│ + <name>jspecify</name>
│ + <version>1.0.0</version>
│ + <description>An artifact of well-named and well-specified
annotations to power static analysis checks</description>
│ + <scope>required</scope>
...
│ </reference>
│ </externalReferences>
│ </component>
│ <component type="library"
bom-ref="pkg:maven/org.osgi/[email protected]?type=jar">
│ <publisher>OSGi Alliance</publisher>
│ <group>org.osgi</group>
│ <name>org.osgi.core</name>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
