Skip to content

Latest commit

 

History

History
313 lines (214 loc) · 11 KB

HISTORY.md

File metadata and controls

313 lines (214 loc) · 11 KB

Changelog

All notable changes to this project will be documented in this file.

unreleased

4.1.0 - 2024-06-26

  • Added
    • New optional dependency @cyclonedx/yarn-plugin-cyclonedx (via #365)
      This is a package for generating SBOM from yarn projects.

4.0.5 - 2024-05-06

  • Docs
    • Acknowledge tools for Rollup, Vite (via #363)

4.0.4 - 2024-03-28

  • Docs
    • Acknowledge tools for yarn, esbuild, Rspack/Rsbuid, Svelte (via #359)

4.0.3 - 2022-12-16

4.0.2 - 2022-10-21

  • Docs:
    • Fixed some typos

4.0.1 - 2022-10-21

  • Docs:
    • Describe the "Out of Scope" section (via #342)
    • Fixed some typos

4.0.0 - 2022-10-21

This became a so-called meta-package, it does not ship any own functionality, but it is a collection of dependencies. (via #321)

This package's dependencies are tools with one purpose in common: generate CycloneDX Software Bill-of-Materials (SBOM) from node-based projects.

  • for npm-based projects: @cyclonedx/cyclonedx-npm
  • for yarn-based projects: to be announced
  • for pnpm-based projects: to be announced

If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.

3.10.6 - 2022-09-05

  • Misc
    • Own in-code license text comments should no longer get stripped by downstream tooling. (#305 via #326)

3.10.4 - 2022-07-08

  • Misc
    • CI: fixed SBOM gathering for the bundled application in the docker image.

3.10.2 - 2022-07-08

  • Misc
    • Simplified the docker image. (via #316)

3.10.1 - 2022-06-22

  • Fixed
    • Component.compare() no longer raises an exception when only one of both has a purl. (#308 via #313)

3.10.0 - 2022-06-15

  • Added
    • Consider optional element "comment" when serializing ExternalReference. (via #312)

3.9.0 - 2022-05-06

  • Added
    • Dependency graph is built and emitted. (#61 via #296)

3.8.1 - 2022-05-05

  • Fixed
    • Added missing handling of Dependency when environment variable BOM_REPRODUCIBLE is present. (via #297)
  • Misc
    • Worked packaging from whitelist to blacklist to add files, like NOTICE. (via #289)

3.8.0 - 2022-04-24

  • Added
    • Environment variable BOM_REPRODUCIBLE causes bom result to be more consistent over multiple runs by omitting time/rand-based values, and sorting lists. (via #288)
    • Method Component.compare() compares self by purl or group/name/version. (via #288)
    • Method ExternalReference.compare() compares self by type/url. (via #288)
    • Method Hash.compare() compares self by algorithm/value. (via #288)
    • JSDoc for ExternalReference, ExternalReferenceList, Hash, HashList. (via #288)
  • Fixed
    • ExternalReference.url is now correctly treated as mandatory. (via #288)
    • Hash.value is now correctly treated as mandatory. (via #288)
    • ExternalReferenceList.isEligibleHomepage now returns the correct result, was inverted. (via #288)
  • Changed
    • Private properties of ExternalReference, ExternalReferenceList, Hash, HashList became inaccessible. (#233 via #288)
  • Misc: Dependencies
    • Bump jest-junit from 13.1.0 to 13.2.0 (via #287)

3.7.0 - 2022-04-13

  • Added
    • Added support for yarn.lock file. (#238 via #282)
  • Misc: Dependencies
    • Bump @xmldom/xmldom from 0.7.5 to 0.8.2 (via #279)
    • Bump packageurl-js from 0.0.5 to 0.0.6 (via #276)

3.6.0 - 2022-03-09

  • Changed
    • Updated available set of SPDX license. (via c837ada)
  • Tests
    • Reduced code duplication and made integration tests more consistent. (via #271)

3.5.0 - 2022-03-03

  • Changed
    • If homepage property of a package is solely a period(.), then omit website entry from the ExternalReferences. (#263 via #264)
  • Documentation
    • Examples use the preferred call via cyclonedx-node, instead of the fallback cyclonedx-bom. (via #258)
      This is a follow-up of #193.
  • Tests
    • Moved integration tests to a dedicated space and updated documentation for it. (via #260)

3.4.1 - 2022-02-11

  • Fixed
    • root-packages without a name no longer cause unexpected crashes (#252 via #253)

3.4.0 - 2022-02-02

  • Changed
    • Private/protected properties of Component models are no longer directly accessible. (#233 via #247)
      Access via public getter/setter.
  • Fixed
    • Normalization guarantees component.version. (#248 via #247)
    • Component's constructor may detect & set author based on package info. (#246 via #247)
  • Added
    • JSDoc for Component model. (#220 via #247)

3.3.1 - 2021-12-11

  • Fixed
    • Brought deprecated file bin/cyclonedx-bom back. (via #224)
      File is now a compatibility-layer that spits a warning.

3.3.0 - 2021-12-10

  • Changed
    • Renamed bin/cyclonedx-bom to bin/make-bom.js (via #216)
      This is considered a none-breaking change, as the CLI use of npx cyclonedx-node/npx cyclonedx-bom is untouched.
    • Errors are no longer thrown as String, but inherited Error. (via #217)
      This is considered a none-breaking change, as Error.toString() returns the original error message.
  • Fixed
    • ExternalReference.type setter sets value correctly now. (via #217)
      Setter caused an Error or set to undefined in the past.
    • AttachmentText sets encoding correctly via setter and constructor now. (via #217)
      Set to undefined in the past.

3.2.0 - 2021-12-07

  • Added
    • CLI endpoint cyclonedx-node is now available. (#193 via #197)
      Already existing cyclonedx-bom stayed as is.
  • Fixed
    • CLI no fails longer silently in case of errors. (#168 via #210)
      Instead the exit code is non-zero and a proper error message is displayed.

3.1.3 - 2021-12-05

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.2...v3.1.3

3.1.2 - 2021-12-05

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.1...v3.1.2

3.1.1 - 2021-09-10

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.0...v3.1.1

3.1.0 - 2021-09-07

  • Added
    • Added object model support for dependencies.

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.7...v3.1.0

3.0.7 - 2021-09-02

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.6...v3.0.7

3.0.6 - 2021-09-02

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.5...v3.0.6

3.0.5 - 2021-09-02

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.4...v3.0.5

3.0.4 - 2021-08-27

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.3...v3.0.4

3.0.3 - 2021-07-11

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.2...v3.0.3

3.0.2 - 2021-07-02

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.1...v3.0.2

3.0.1 - 2021-07-01

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.0...v3.0.1

3.0.0 - 2021-06-30

  • Breaking changes:
    • Requires Node >= 12.0, was Node >= 8.0 before.
    • CLI
      • Dropped option -a/--append. There is no replacement for it.
      • Dropped option -s/--schema. There is no replacement for it.
  • Changes
    • CLI output in CycloneDX v1.3 spec now, was switchable defaulting CycloneDX v1.2 before.
    • Dropped support for CycloneDX v1.2 spec.
    • Dropped support for CycloneDX v1.1 spec.
    • Dropped support for Node version 8.
    • Dropped support for Node version 10.
  • Added
    • Supports CycloneDX v1.3 spec.

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-module/compare/v2.0.2...v3.0.0