Merge branch 'main' into dependabot/npm_and_yarn/react-hook-form-7.63.0

Author: carlosthe19916

.env

@@ -8,3 +8,9 @@ PLAYWRIGHT_VERSION=v1.55.0
 UBUNTU_VERSION_ALIAS=-jammy
 PLAYWRIGHT_PORT=5000
 PLAYWRIGHT_HOME=/home/pwuser
+
+# For Playwright MCP server
+# SKIP_INGESTION=true
+# TRUSTIFY_UI_URL=http://localhost:8080
+# AUTH_REQUIRED=false
+# TRUSTIFY_API_URL=http://localhost:8080

.github/chatmodes/playwright-tester.chatmode.md

@@ -0,0 +1,57 @@
+# Playwright Test Generator
+
+```yaml
+description: Generate a Playwright test based on given scenario using playwright-bdd library
+tools: ['playwright']
+mode: 'agent'
+```
+- You are a Playwright test generator specialized in playwright-bdd library.
+- Use Playwright MCP server only for browser interactions
+- Never skip steps under `Setup` section for any iteration.
+
+## Setup
+1. Check the current directory: `pwd`,
+2. If the current directory ends with `trustify-ui`, 
+    a. Export the `pwd` value in a variable: `export PROJECT_ROOT=$(pwd)`. This value will be used later on "Execution" step.
+    b. Change to e2e directory if not with: `cd e2e`
+    c. List the files: `ls -la`, the `playwright.config.ts` file should be present
+    d. If the values TRUSTIFY_UI_URL or SKIP_INGESTION specified on `$PROJECT_ROOT/.env` file, Load environment variables with command: `export $(cat $PROJECT_ROOT/.env | grep -v '^#' | xargs)`.
+3. If the current directory ends with `e2e`, change to parent directory: `cd ..`, then repeat step 2.
+4. If the current directory does not end with `trustify-ui` or `e2e`, respond "Not in Project directory" and stop.
+
+## Process
+1. **Input**: Scenario name in format "Scenario Outline: scenario name here"
+2. **Search**: Find scenario in `tests/**/features/**/*.feature`
+3. **Not Found**: Respond "Scenario not found" + suggest similar scenarios
+4. **Found**: Read scenario steps
+5. **Analyze**: 
+    - Check existing step definitions in `tests/**/features/**/*.step.ts`
+    - Identify missing step definitions
+6. **Missing Steps**: Add to `auto-generated.step.ts` in appropriate `tests/**/features/` directory
+   - Remove existing `auto-generated.step.ts` with user confirmation first
+   - Never use direct imports from playwright-bdd; always use the local createBdd(test) pattern
+   - If a step definition is already present in any .step.ts file, do not add or redefine it in auto-generated.step.ts
+   - Make steps generic, reusable, parameterized
+   - Use Page Object Model where possible
+7. **Execute**: 
+   - Automatically run test with:
+      ```bash
+      cd $PROJECT_ROOT/e2e
+      npx playwright test --project='bdd' --trace on -g "scenario name here" --headed
+      ```
+   - In case of test failures, the above command launched HTML server to host the test output Press `Ctrl+C` to stop the server
+
+8. **If Failed**: Fix syntax errors, selectors, timing, page objects
+9. **Report**:
+   - Steps added/modified
+   - Test results
+   - Stability recommendations
+   - Remind to move auto-generated steps to appropriate files
+10. **Commit**: 
+   - Prompt the user to add commit message `Assisted-by: <name of code assistant>` by the successful addition and execution of the scenario
+
+## Requirements
+- TypeScript + Playwright Test framework
+- Follow existing code patterns
+- Use environment variables from .env
+- Execute all commands from e2e/ directory

.gitignore

@@ -33,9 +33,18 @@ npm-debug.log*
 # Intellij IDEA
 .idea/
 
+# Cursor
+.cursor/
+
 # Rust
 crate/target
 crate/Cargo.lock
 
 # Devcontainers
 .devcontainer/devcontainer.json
+
+# Auto-generated steps
+e2e/tests/ui/features/**/auto-generated.step.ts
+
+# Test results
+test-results/

client/openapi/trustd.yaml

@@ -2057,18 +2057,6 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/BasePurlDetails'
-  /api/v2/purl/gc:
-    get:
-      tags:
-      - purl
-      operationId: garbageCollect
-      responses:
-        '200':
-          description: Performs garbage collection for orphaned packages
-          content:
-            text/plain:
-              schema:
-                type: string
   /api/v2/purl/{key}:
     get:
       tags:
@@ -3290,9 +3278,7 @@ components:
     AdvisoryDetails:
       allOf:
       - $ref: '#/components/schemas/AdvisoryHead'
-      - oneOf:
-        - type: 'null'
-        - $ref: '#/components/schemas/SourceDocument'
+      - $ref: '#/components/schemas/SourceDocument'
       - type: object
         required:
         - vulnerabilities
@@ -3373,10 +3359,8 @@ components:
     AdvisorySummary:
       allOf:
       - $ref: '#/components/schemas/AdvisoryHead'
-      - oneOf:
-        - type: 'null'
-        - $ref: '#/components/schemas/SourceDocument'
-          description: Information pertaning to the underlying source document, if any.
+      - $ref: '#/components/schemas/SourceDocument'
+        description: Information pertaning to the underlying source document, if any.
       - type: object
         required:
         - average_severity
@@ -4202,10 +4186,8 @@ components:
           items:
             allOf:
             - $ref: '#/components/schemas/AdvisoryHead'
-            - oneOf:
-              - type: 'null'
-              - $ref: '#/components/schemas/SourceDocument'
-                description: Information pertaning to the underlying source document, if any.
+            - $ref: '#/components/schemas/SourceDocument'
+              description: Information pertaning to the underlying source document, if any.
             - type: object
               required:
               - average_severity
@@ -4531,9 +4513,7 @@ components:
           items:
             allOf:
             - $ref: '#/components/schemas/SbomHead'
-            - oneOf:
-              - type: 'null'
-              - $ref: '#/components/schemas/SourceDocument'
+            - $ref: '#/components/schemas/SourceDocument'
             - type: object
               required:
               - described_by
@@ -4767,6 +4747,7 @@ components:
             type: array
             items:
               $ref: '#/components/schemas/LicenseRefMapping'
+            deprecated: true
           version:
             $ref: '#/components/schemas/VersionedPurlHead'
     PurlHead:
@@ -5087,10 +5068,12 @@ components:
         - average_score
         - status
         - packages
+        - scores
         properties:
           average_score:
             type: number
             format: double
+            deprecated: true
           average_severity:
             $ref: '#/components/schemas/Severity'
           context:
@@ -5101,14 +5084,16 @@ components:
             type: array
             items:
               $ref: '#/components/schemas/SbomPackage'
+          scores:
+            type: array
+            items:
+              $ref: '#/components/schemas/Score'
           status:
             type: string
     SbomSummary:
       allOf:
       - $ref: '#/components/schemas/SbomHead'
-      - oneOf:
-        - type: 'null'
-        - $ref: '#/components/schemas/SourceDocument'
+      - $ref: '#/components/schemas/SourceDocument'
       - type: object
         required:
         - described_by

client/src/app/Constants.ts

@@ -17,6 +17,7 @@ export const TablePersistenceKeyPrefixes = {
   sboms: "sb",
   sboms_by_package: "sbk",
   packages: "pk",
+  licenses: "li",
 };
 
 // URL param prefixes: should be short, must be unique for each table that uses one

client/src/app/Routes.tsx

@@ -31,12 +31,14 @@ const SBOMDetails = lazy(() => import("./pages/sbom-details"));
 // Others
 const Search = lazy(() => import("./pages/search"));
 const ImporterList = lazy(() => import("./pages/importer-list"));
+const LicenseList = lazy(() => import("./pages/license-list"));
 
 export enum PathParam {
   ADVISORY_ID = "advisoryId",
   VULNERABILITY_ID = "vulnerabilityId",
   SBOM_ID = "sbomId",
   PACKAGE_ID = "packageId",
+  LICENSE_NAME = "licenseName",
 }
 
 export const Paths = {
@@ -53,6 +55,7 @@ export const Paths = {
   packageDetails: `/packages/:${PathParam.PACKAGE_ID}`,
   search: "/search",
   importers: "/importers",
+  licenses: "/licenses",
 } as const;
 
 export const AppRoutes = createBrowserRouter([
@@ -74,38 +77,38 @@ export const AppRoutes = createBrowserRouter([
         ),
       },
       {
-        path: Paths.advisoryUpload,
+        path: Paths.advisoryDetails,
         element: (
           <LazyRouteElement
-            identifier="advisory-upload"
-            component={<AdvisoryUpload />}
+            identifier="advisory-details"
+            component={<AdvisoryDetails />}
           />
         ),
       },
       {
-        path: Paths.advisoryDetails,
+        path: Paths.advisoryUpload,
         element: (
           <LazyRouteElement
-            identifier="advisory-details"
-            component={<AdvisoryDetails />}
+            identifier="advisory-upload"
+            component={<AdvisoryUpload />}
           />
         ),
       },
       {
-        path: Paths.vulnerabilities,
+        path: Paths.importers,
         element: (
           <LazyRouteElement
-            identifier="vulnerability-list"
-            component={<VulnerabilityList />}
+            identifier="importer-list"
+            component={<ImporterList />}
           />
         ),
       },
       {
-        path: Paths.vulnerabilityDetails,
+        path: Paths.licenses,
         element: (
           <LazyRouteElement
-            identifier="vulnerability-details"
-            component={<VulnerabilityDetails />}
+            identifier="license-list"
+            component={<LicenseList />}
           />
         ),
       },
@@ -134,11 +137,11 @@ export const AppRoutes = createBrowserRouter([
         ),
       },
       {
-        path: Paths.sbomUpload,
+        path: Paths.sbomDetails,
         element: (
           <LazyRouteElement
-            identifier="sbom-upload"
-            component={<SBOMUpload />}
+            identifier="sbom-details"
+            component={<SBOMDetails />}
           />
         ),
       },
@@ -149,27 +152,36 @@ export const AppRoutes = createBrowserRouter([
         ),
       },
       {
-        path: Paths.sbomDetails,
+        path: Paths.sbomUpload,
         element: (
           <LazyRouteElement
-            identifier="sbom-details"
-            component={<SBOMDetails />}
+            identifier="sbom-upload"
+            component={<SBOMUpload />}
           />
         ),
       },
       {
-        path: Paths.importers,
+        path: Paths.search,
+        element: (
+          <LazyRouteElement identifier="search" component={<Search />} />
+        ),
+      },
+      {
+        path: Paths.vulnerabilities,
         element: (
           <LazyRouteElement
-            identifier="importer-list"
-            component={<ImporterList />}
+            identifier="vulnerability-list"
+            component={<VulnerabilityList />}
           />
         ),
       },
       {
-        path: Paths.search,
+        path: Paths.vulnerabilityDetails,
         element: (
-          <LazyRouteElement identifier="search" component={<Search />} />
+          <LazyRouteElement
+            identifier="vulnerability-details"
+            component={<VulnerabilityDetails />}
+          />
         ),
       },
     ],