Releases: CycloneDX/cyclonedx-node-npm
Releases · CycloneDX/cyclonedx-node-npm
1.18.0
Added
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^6.6.0
, was@^6.5.0
(via #1183)
What's Changed
- chore(ci): fix macos runners by @jkowalleck in #1176
- ci: modernize artifact action by @jkowalleck in #1178
- ci: use node22 by @jkowalleck in #1179
- chore: reduce duplicate test beds by @jkowalleck in #1181
- feat: license acknowledgement by @jkowalleck in #1183
Full Changelog: v1.17.0...v1.18.0
1.17.0
Added support for CycloneDX Specification-1.6.
Changed
- This tool explicitly supports CycloneDX Specification-1.6 now (via #1175)
Added
- CLI switch
--spec-version
now supports value1.6
to reflect CycloneDX Specification-1.6 (via #1175)
Default value for that option is unchanged - still1.4
.
Build
- Use TypeScript
v5.4.5
now, wasv5.4.2
(via #1167)
What's Changed
- docs: add CycloneDX 1.6 to README by @XSpielinbox in #1174
- feat: explicitely support CycloneDX 1.6 by @jkowalleck in #1175
- chore(deps-dev): bump typescript from 5.4.2 to 5.4.5 in the typescript group by @dependabot in #1167
New Contributors
- @XSpielinbox made their first contribution in #1174
Full Changelog: v1.16.2...v1.17.0
1.16.2
Style
- Applied latest code standards (via #1149)
Build
- Use TypeScript
v5.4.2
now, wasv5.3.3
(via #1160)
What's Changed
- refactor: fix typescript-eslint annotations by @jkowalleck in #1146
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1149
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1152
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1157
- tests: run with latest CDX spec-version by @jkowalleck in #1158
- chore(deps): bump softprops/action-gh-release from 1 to 2 by @dependabot in #1159
- chore(deps-dev): bump the typescript group with 1 update by @dependabot in #1160
Full Changelog: v1.16.1...v1.16.2
1.16.1
- Fixed
- Writing large results to buffered streams no longer drops data, but retries until success (via #1145)
- Docs
What's Changed
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1139
- fix: large results on small streams by @jkowalleck in #1145
Full Changelog: v1.16.0...v1.16.1
1.16.0
Change
- If BOM result validation was explicitly requested and skipped, then a warning is shown (#1137 via #1138)
- Log messages that explain program failures were set to "error" level (via #1138)
What's Changed
- Escalate various log messages by @jkowalleck in #1138
Full Changelog: v1.15.0...v1.16.0
1.15.0
Changed
- Log output is less verbose, can be re-enabled via CLI switch
--verbose
(#158 via #1131)
Warnings and errors are still displayed as before!
This is considered a non-breaking change, since only informational logs and debug information is affected. - Hardened JSON imports (via #1132, #1135)
Added
- CLI switch
-v, --verbose
to increase output verbosity (#158 via #1131)
May be used multiple times, like-vvv
. - More logs on info-level (via #1131)
- More logs on debug-level (via #1131)
Build
- Use TypeScript
v5.3.3
now, wasv5.3.2
(via #1133)
What's Changed
- chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1128
- ci: test more node versions by @jkowalleck in #1130
- feat: hardened JSON imports by @jkowalleck in #1132
- feat: more logs & configurable log level by @jkowalleck in #1131
- chore(deps-dev): bump the typescript group with 1 update by @dependabot in #1133
- hardened JSON imports by @jkowalleck in #1135
- refactor & bump
eslint-config-standard-with-typescript@41.0.0
by @jkowalleck in #1136
Full Changelog: v1.14.3...v1.15.0
1.14.3
Fixed
- Added direct dependency
packageurl-js
as such (via #1122)
Docs
- Fixed typos (via #1123)
Style
- Applied latest code standards (via #1124)
Build
- Use TypeScript
v5.3.2
now, wasv5.2.2
(via #1125)
What's Changed
- fix: excplicitely require direct dependency
packageurl-js
by @jkowalleck in #1122 - docs: fix typos by @jkowalleck in #1123
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1124
- chore(deps-dev): bump the typescript group with 1 update by @dependabot in #1125
Full Changelog: v1.14.2...v1.14.3
1.14.2
Fixed
- SBOM results might have the
externalReferences[].hashes
populated (#1118 via #1120)
The hashes might have wrongly appeared ascomponents[].hashes
before. - Components' distribution integrity hash of "sha256" is properly detected and populated in the SBOM result ([#699] via #1121)
- Components' distribution integrity hash of "sha384" is properly detected and populated in the SBOM result ([#699] via #1121)
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^6.1.0
, was@^3||^4||^5||^6
(via #1120)
What's Changed
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1110
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1112
- docs: publish test coverage by @jkowalleck in #1113
- chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1114
- chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #1115
- chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1119
- fix: move distribution hashes where they belong by @jkowalleck in #1120
- fix: detect integrity hashes sha256 sha384 by @jkowalleck in #1121
Full Changelog: v1.14.1...v1.14.2