Releases: CycloneDX/cyclonedx-dotnet
Releases · CycloneDX/cyclonedx-dotnet
3.0.8
What's Changed
- fix: Also find assembly version info for VB projects by @dhivarson in #870
- fix: CycloneDX should fail when the provided file was not found by @mtsfoni in #883
New Contributors
- @dhivarson made their first contribution in #870
Full Changelog: v3.0.7...v3.0.8
Contributors
dhivarson and mtsfoni
Assets 5
3.0.7
What's Changed
Full Changelog: v3.0.6...v3.0.7
Contributors
mtsfoni
Assets 5
3.0.6
- Corrected an issue where an error occurred while reading a read-only .csproj file.
- Resolved an inconsistency in the naming of project-reference components when the assembly name differs from the project name.
What's Changed
- build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.4 to 20.0.15 by @dependabot in #839
- build(deps): bump xunit from 2.6.5 to 2.6.6 by @dependabot in #832
- build(deps): bump System.IO.Abstractions from 20.0.4 to 20.0.15 by @dependabot in #838
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #857
- build(deps): bump xunit.runner.visualstudio from 2.5.6 to 2.5.7 by @dependabot in #855
- build(deps): bump xunit from 2.6.6 to 2.7.0 by @dependabot in #854
- build(deps): bump dotnet/sdk from 8.0 to 8.0.101 by @dependabot in #852
- build(deps): bump NuGet.Protocol from 6.8.0 to 6.9.1 by @dependabot in #851
- build(deps): bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 by @dependabot in #849
- build(deps): bump NuGet.ProjectModel from 6.8.0 to 6.9.1 by @dependabot in #861
- build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 by @dependabot in #863
- build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.15 to 21.0.2 by @dependabot in #864
- build(deps): bump System.IO.Abstractions from 20.0.15 to 21.0.2 by @dependabot in #862
- When reading a file with a FileStream use FileAccess.Read. Fixes #859 by @mtsfoni in #860
- Fix: #833 Error with includePackageReference when ProjectReference-Graph is at least 2 levels deep. by @mtsfoni in #834
Full Changelog: v3.0.5...v3.0.6
Contributors
dependabot and mtsfoni
Assets 5
3.0.5
Bug Fixes:
- Fixed a crash, when a referenced project file is missing. This issue can arise if the ProjectReference in the project file is conditional. (Issue #826)
- Fixed a crash, when
-rswas used with asset-files and a child project had multiple targets with differing dependencies. (Issue #830) - When using the
-rssetting, dependencies that relied on the root project were under some circumstances incorrectly positioned in the dependency graph. - With the settings
-rsand-ipr, project references were not accurately placed in the dependency graph.
3.0.4
3.0.3
3.0.2
Fixes the same problem that 3.0.1 tried to fix, by returning to the 2.10.0 functionality of resolving the location of the dotnet executable.
3.0.1
Fixed a bug where CycloneDX on Linux systems searched for the dotnet executable in the wrong location, throwing a System.ComponentModel.Win32Exception [sic] right at the start.
3.0.0
Changelog
Breaking Changes
-
The flag
--disable-github-licensesis now deprecated and set as the default launch setting. If you want to enable GitHub license resolution, you must activate it by setting-enable-github-licenses. -
Generated SBOMs are now of CycloneDX-Version 1.5
Deprecated Arguments
The following arguments are deprecated and will be replaced soon:
-dis now replaced by-ed-ris now replaced by-rs-fis now replaced by-fn--outis now replaced by--output
The argument -v has been removed directly.
Features
- Introducing a new flag:
-ipror--include-project-references, which adds project references to the bom output. - The
--outputflag is not mandatory anymore but defaults to the working directory.
Bugfixes
- The
--exclude-devflag now also removes dev dependencies from the dependency graph. - Fixed an error where .NET Standard was treated as a package dependency, causing a failure.
- Fixed an error where a package reference, shadowed by a project reference, leads to a failure.
Notes
- Changed the command line from
McMaster.Extensions.CommandLineUtilstoSystem.CommandLine.
