Releases: CycloneDX/cdxgen
Release v10.7.0
What's Changed
- Update snapshot tests to integrate new custom-json-diff functionality. by @cerrussell in #1157
- Clearer paths for new vs old snapshots. by @cerrussell in #1175
- python cyclic deps by @prabhu in #1172
- Adds excluded components to formulation for python by @prabhu in #1176
- parsedeps improvements by @prabhu in #1177
- Adds bzip2 to containers by @prabhu in #1178
- pnpm9 optional packages detection by @prabhu in #1180
Full Changelog: v10.6.2...v10.7.0
Release v10.6.2
Validations for externalReferences.url has improved further thanks to @timmyteo. Beginning with this release, cdxgen will show a small donation banner in the CI. Please support the CycloneDX team with an active sponsorship, before disabling the banner using a command line argument.
What's Changed
- Update PROJECT_TYPES.md by @matuella in #1150
- Adds premium issue template by @prabhu in #1153
- chore: issue config add slack invite link by @jkowalleck in #1156
- Adds donation message to CI invocations by @prabhu in #1154
- chore: update biomejs v1.8.1 by @setchy in #1159
- docs: add libraries io badge by @setchy in #1160
- validateIri to Reject "http://" URL by @timmyteo in #1158
- Bug fix: yarn v1 dependency tree was incomplete by @prabhu in #1162
- Return error response in submitBom by @marob in #1108
New Contributors
Full Changelog: v10.6.1...v10.6.2
Release v10.6.1
If something doesn't work, call it the patch 0. Let's go again with pnpm publish.
What's Changed
Full Changelog: v10.6.0...v10.6.1
Release v10.6.0
externalReferences urls are now validated and filtered. Thanks @timmyteo. There is a new option to use maven dependency tree plugin for Java, instead of the cyclonedx plugin. Set the environment variable PREFER_MAVEN_DEPS_TREE=true
to try this out.
What's Changed
- Fallback on 'cdx' or 'bom' JSON files for Java BOM by @nekhtan in #1127
- Switch to pnpm by @prabhu in #1134
- build: update biomejs by @setchy in #1138
- Add IRI Validation for externalReference URL by @timmyteo in #1140
- Feature/dotnet roll forward by @prabhu in #1139
- Feature/component duplicate tracking by @prabhu in #1146
New Contributors
Full Changelog: v10.5.2...v10.6.0
Release v10.5.2
What's Changed
- [fix] seperate npm-release to seperate jobs by @aryan-rajoria in #1050
- [Fix] Docker Build fails almalinux:9.3 by @aryan-rajoria in #1052
- build(vscode) enable always signoff by @setchy in #1063
- fix(biome): noUselessTernary by @setchy in #1062
- docs: add project types by @setchy in #1057
- docs: add NODE_OPTIONS by @setchy in #1056
- docs: update community support by @setchy in #1059
- build: add codeowners file by @setchy in #1058
- docs: link to contribute labels by @setchy in #1060
- docs: ref to new project types page by @setchy in #1067
- feat(docker): default to docker.io registry by @setchy in #1073
- docs: enterprise and community support by @setchy in #1071
- docs: remove unused media. should be in
_media/
folder by @setchy in #1070 - docs: env variables by @setchy in #1069
- docs: type args ref to docs by @setchy in #1068
- Fix: Docker-deno and Docker-bun build fails by @aryan-rajoria in #1077
- docs: add documentation section by @setchy in #1079
- docs: update h1 by @setchy in #1080
- docs: fix broken
queries.json
link by @setchy in #1083 - docs: nodejs permissions by @setchy in #1082
- build: update contributors by @setchy in #1078
- docs: use link labels by @setchy in #1081
- feat: increase yargs terminal width by @setchy in #1087
- feat: increase yargs terminal width by @setchy in #1091
- Improved troubleshooting for go by @prabhu in #1096
- Issue 763 by @cerrussell in #1090
- Fix: Handle TAR_ENTRY_INVALID error by @aryan-rajoria in #1095
- Adding The Installation Of Root Dependencies For Npm by @g-kaz in #1100
- Fix: Split linux-tests job into two jobs by @aryan-rajoria in #1103
- cargo deep mode by @prabhu in #1102
- Fix ppc64 build issue by @prabhu in #1104
- docs: fix repo link by @setchy in #1114
- build(biome): apply safe changes. add script to filter summary for errors only by @setchy in #1111
- build(biome): update formatter options to ignore types/** by @setchy in #1110
- docs(server): add openapi specification by @setchy in #1113
- Adds new vulnerabilities command to the repl by @prabhu in #1120
- Support for dotnet framework. Dependency tree for csproj files by @prabhu in #1119
- Update spdx schema. Update packages by @prabhu in #1121
New Contributors
- @aryan-rajoria made their first contribution in #1050
- @g-kaz made their first contribution in #1100
Full Changelog: v10.5.1...v10.5.2
Release v10.5.1
The cdxgen container image now uses node 22 with compile cache. This offers significant performance improvements compared to the current node 20 based images, especially with server mode. With no breaking changes, we feel this is a patch release for the cdxgen node package rather than a minor release.
What's Changed
- Remove bun lock file by @prabhu in #1030
- Improve deno compatibility by using jar command fallback by @prabhu in #1031
- Enable node 22 tests by @prabhu in #1034
- Use node 22 via nvm in docker. Enable NODE_COMPILE_CACHE by @prabhu in #1036
Full Changelog: v10.5.0...v10.5.1
Release v10.5.0 - Python CBOM for everyone
Introduction
You can now generate CBOM for Python applications. It is as easy as invoking the cbom
command.
cbom -t python
cdxi
REPL can natively understand CBOM. Simply load the generated CBOM, and try the new commands .cryptos
and .provides
.
We have also added support for compliance-as-code via standards. Invoke cdxgen with the new --standard
arguments to automatically include their definitions.
Example:
cdxgen -t java --standard asvs-4.0.3
What's Changed
- Add support for executing dependencies task in parallel for Gradle by @ajmalab in #1007
- Feature/swh by @prabhu in #1012
- Update jdk to 21.0.3-tem by @prabhu in #1013
- Remove bun frozen install mode by @prabhu in #1017
- Python cbom by @prabhu in #1026
- Update atom. Regenerate types by @prabhu in #1028
- Support for standard templates by @prabhu in #1029
Full Changelog: v10.4.3...v10.5.0
Release v10.4.3
Release v10.4.2
We have applied numerous linting fixes reported by biome (Thanks @setchy). The lock file was deleted and regenerated, since the dependency tree was looking a lot better when compared with the existing one.
What's Changed
- chore(biome): fix use single var declarator by @setchy in #984
- chore(biome): fix use template by @setchy in #985
- chore(biome): remove unused rule overrides by @setchy in #986
- chore(biome): fix optional chaining cases by @setchy in #987
- chore(biome): fix useless else cases by @setchy in #988
- chore(biome): fix unused template literals by @setchy in #989
- Feature/maven private repos by @prabhu in #992
- chore(biome): fix no double equals by @setchy in #991
- chore: update biome by @setchy in #998
- Regenerate lock file and types. Adds vuln scanning by @prabhu in #999
Full Changelog: v10.4.1...v10.4.2
Release v10.4.1
What's Changed
Full Changelog: v10.4.0...v10.4.1