cdxgen can't parse name, version correctly

[pig837]

Hi, I generated SBOM using cdxgen 10.5.1, but it can't be parsed jquery-Migrate correctly. (Because of based filename)

Download link(gnuboard 5.5.16)

• https://sir.kr/g5_pds/7170

{ "group": "", "name": "jquery", "version": "Migrate", "scope": "required", "purl": "pkg:npm/jquery@Migrate", "type": "library", "bom-ref": "pkg:npm/jquery@Migrate", "evidence": { "identity": { "field": "purl", "confidence": 0.25, "methods": [ { "technique": "filename", "confidence": 0.25, "value": "C:\\temp\\gnuboard5.5.16\\js\\jquery-migrate-1.4.1.min.js" } ] }, "occurrences": [ { "location": "js\\remodal\\remodal.js#7" }, { "location": "js\\tooltipster\\tooltipster.bundle.js#17" }, { "location": "js\\tooltipster\\tooltipster.bundle.min.js#1" } ] }, "properties": [ { "name": "SrcFile", "value": "C:\\temp\\gnuboard5.5.16\\js\\jquery-migrate-1.4.1.min.js" }, { "name": "ImportedModules", "value": "jquery" } ] }

[prabhu]

@pig837 Thank you. The code is assuming the second word to be the version here.

Could you think of a better way to parse this and share a PR? But please note that it is a non-trivial effort, since we might cause regression for other project, unless we can collect sufficient number of tests.

/*! jQuery Migrate v1.4.1 | (c) jQuery Foundation

https://github.com/gnuboard/gnuboard5/blob/92c1052cf5c3d6a7f1b0603048483fb8108c2da5/js/jquery-migrate-1.4.1.min.js#L1

[prabhu]

Related: #1027