Releases · CycloneDX/cyclonedx-javascript-library

chore(deps-dev): bump npm-run-all2 from 5.0.2 to 6.1.2 by @dependabot in #1071
fix: hardenFactories.FromNodePackageJson.PackageUrlFactory's default package repository detection by @jkowalleck in #1074

Full Changelog: v6.8.0...v6.8.1

Contributors

jkowalleck and dependabot

Assets 3

14 May 11:08

github-actions

v6.8.0

86554e1

6.8.0

Added

Explicitly export own first-level submodules via package manifest (via #1066)
When used with bundlers/packers downstream, this might enable better tree shaking due to scoped imports.

Refactor

Ease internal tree shaking (via #1066)

What's Changed

feat: NodeJS exports submodules as subpaths by @jkowalleck in #1066
chore: modernize npm-run-all by @jkowalleck in #1069
chore(deps) bumped some dev-deps by @jkowalleck in #1067
chore: use rimraf instead of own by @jkowalleck in #1068

Full Changelog: v6.7.2...v6.8.0

Contributors

jkowalleck

Assets 3

08 May 16:36

github-actions

v6.7.2

07cb79f

6.7.2

Changed

The provided XML validation capabilities were explicitly hardened (via #1064; concerns #1061)
This is considered a security measure concerning XML external entity (XXE) injection.

What's Changed

refactor: XML validator explicitely harden against XXE injections by @jkowalleck in #1064

Full Changelog: v6.7.1...v6.7.2

Contributors

jkowalleck

Assets 3

07 May 18:11

github-actions

v6.7.1

e7bc72e

6.7.1

Reverted v6.7.0, back to v6.6.1 -- fixes SecurityAdvisory GHSA-38gf-rh2w-gmj7
(Release v6.7.0 got yanked for security reasons, and should not be used. Please upgrade to ^6.7.1)

What's Changed

Full Changelog: v6.6.1...v6.7.1

Assets 3

06 May 13:43

github-actions

v6.6.1

309dd5a

6.6.1

Fixed

JSON validator allow arbitrary $schema (#1059 via #1060)

What's Changed

ci: modernize artifact action by @jkowalleck in #1056
chore: test node22 by @jkowalleck in #1057
fix: JsvonValidator allow arbitrary $schema by @jkowalleck in #1060

Full Changelog: v6.6.0...v6.6.1

Contributors

jkowalleck

Assets 3

26 Apr 15:36

github-actions

v6.6.0

0a7ab0b

6.6.0

Changed

Serializers and License-Normalizers will take license acknowledgement into account (#1051 via #1052)

Added

Namespace Enums
- New enum LicenseAcknowledgement (#1051 via #1052)
Namespace Models
- Class LicenseExpression got new property acknowledgement (#1051 via #1052)
- Class NamedLicense got new property acknowledgement (#1051 via #1052)
- Class SpdxLicense got new property acknowledgement (#1051 via #1052)

What's Changed

feat: license acknowledgement by @jkowalleck in #1052

Full Changelog: v6.5.1...v6.6.0

Contributors

jkowalleck

Assets 3

16 Apr 11:48

github-actions

v6.5.1

0195ab2

6.5.1

Dependencies
- Bumped the range of optional requirement ajv-formats to ^3.0.1, was ^2.1.1 (via #1037)
  This should fix JSON-validation for time/date.

What's Changed

chore: add editorconfig checks to eslint by @jkowalleck in #1043
Chore/migtate from eslint config standard with typescript to eslint config love by @jkowalleck in #1045
chore: add the transitive peer dependencies by @jkowalleck in #1047
chore(deps): bump ajv-formats from 2.1.1 to 3.0.1 in the ajv group by @dependabot in #1037

Full Changelog: v6.5.0...v6.5.1

Contributors

jkowalleck and dependabot

Assets 3

11 Apr 11:31

github-actions

v6.5.0

4cea42b

6.5.0

Added support for CycloneDX Specification-1.6.

Changed

Normalizers support CycloneDX Specification-1.6 (#1039 via #1041)
Validators support CycloneDX Specification-1.6 (#1039 via #1041)

Added

Existing Enums got new members and values for CycloneDX Specification-1.6 (#1039 via #1041)
- Enums.ComponentType.CryptographicAsset
- Enums.ExternalReferenceType.SourceDistribution
- Enums.ExternalReferenceType.ElectronicSignature
- Enums.ExternalReferenceType.DigitalSignature
- Enums.ExternalReferenceType.RFC9116
Namespace Spec was enhanced for CycloneDX Specification-1.6 (#1039 via #1041)
- New const Spec.Spec1dot6
- New enum member Spec.Version.v1dot6

Build

Use TypeScript v5.4.5 now, was v5.4.3 (via #1040)

What's Changed

chore(deps-dev): bump the mocha group with 1 update by @dependabot in #1035
chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1033
feat: basic support CycloneDX v1.6 by @jkowalleck in #1041
chore(deps-dev): bump typescript from 5.4.3 to 5.4.5 in the typescript group by @dependabot in #1040

Full Changelog: v6.4.2...v6.5.0

Contributors

jkowalleck and dependabot

Assets 3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Changed

What's Changed

Contributors

Fixed

What's Changed

Contributors

Fixed

What's Changed

Contributors

Added

Refactor

What's Changed

Contributors

Changed

What's Changed

Contributors

What's Changed

Fixed

What's Changed

Contributors

Changed

Added

What's Changed

Contributors

What's Changed

Contributors

Changed

Added

Build

What's Changed

Contributors

Releases: CycloneDX/cyclonedx-javascript-library

6.9.0

Changed

What's Changed

Contributors

6.8.2

Fixed

What's Changed

Contributors

6.8.1

Fixed

What's Changed

Contributors

6.8.0

Added

Refactor

What's Changed

Contributors

6.7.2

Changed

What's Changed

Contributors

6.7.1

What's Changed

6.6.1

Fixed

What's Changed

Contributors

6.6.0

Changed

Added

What's Changed

Contributors

6.5.1

What's Changed

Contributors

6.5.0

Changed

Added

Build

What's Changed

Contributors