I found another instance where CSAF documents that are created with this tool do not validate.
According to the spec a product_id is a string, in this tool a dict is created.
It should be:
"product_id": "Some-ID-123"
This tool creates:
"product_id": { "value": "Some-ID-123" }
I think this is fixed with the following patch:
--- a/csaf/definitions.py 2023-05-04 13:45:28.900410357 +0200
+++ b/csaf/definitions.py 2023-05-06 14:22:49.427075816 +0200
@@ -203,7 +203,7 @@
class ReferenceTokenForProductInstance(BaseModel):
- value: Annotated[
+ __root__: Annotated[
str,
Field(
description=(
Alternatively we could change ReferenceTokenForProductInstance
for ProductId
on line 241 of product.py
Fixed product_id should be a string (https://todo.sr.ht/~sthagen/csaf/3) per commit a5d94a6. The release 2023.5.6 provides the fixed behavior.
Thanks to jaccol for reporting.