Merge pull request #253 from jkowalleck/v1.5-dev_fix_issue154

stevespringett · web-flow · commit 61780bb5a3c5 · 2023-06-25T15:46:40.000-05:00
streamline VulnerabilityReference
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -818,9 +818,9 @@ message ProofOfConcept {
 
 message VulnerabilityReference {
   // An identifier that uniquely identifies the vulnerability.
-  optional string id = 1;
+  string id = 1;
   // The source that published the vulnerability.
-  optional Source source = 2;
+  Source source = 2;
 }
 
 message VulnerabilityRating {
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -3361,13 +3361,13 @@ limitations under the License.
                             </xs:annotation>
                             <xs:complexType>
                                 <xs:sequence minOccurs="1" maxOccurs="1">
-                                    <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
+                                    <xs:element name="id" type="xs:normalizedString" minOccurs="1" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>The identifier that uniquely identifies the vulnerability. For example:
                                                 CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876.</xs:documentation>
                                         </xs:annotation>
                                     </xs:element>
-                                    <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="0" maxOccurs="1">
+                                    <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="1" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>The source that published the vulnerability.</xs:documentation>
                                         </xs:annotation>
