🚀 Motivation

This package we downgraded hereThe for the intents of better comparing the sbom-generator results to the deprecated osv-scanner. Specifically the downgraded version gets rid of some character escaping that was being done for PURLs which was contributing to discrepancies in the results of the two scanners.

📚 Documentation

📝 Summary

Updated packageurl-go from v0.1.1 to v0.1.3 to ensure proper URL encoding of special characters in Package URLs (PURLs). The newer version correctly encodes characters like + (%2B), : (%3A), @ (%40), and $ (%24) according to the PURL specification. This ensures consistency with third-party tools like Snyk when processing SBOMs.

You can see the releases of this library and the associated changes here https://github.com/package-url/packageurl-go/releases

🧪 Testing

• [] New tests were added for new logic.
• Existing tests were updated for new logic, and not only so that they pass!
• Benchmark results prove that performance is the same or better.

🚧 Staging validation

• Deployed and monitored using Datadog dashboards.
• Proof that it works as expected, including profiling or UX screenshots.

🆘 Recovery

Notes for on-call - select only one:

• The change can be rolled back.
• Do not roll back. Why?: