Releases: CycloneDX/cyclonedx-node-npm
Releases · CycloneDX/cyclonedx-node-npm
1.14.2
Fixed
- SBOM results might have the
externalReferences[].hashespopulated (#1118 via #1120)
The hashes might have wrongly appeared ascomponents[].hashesbefore. - Components' distribution integrity hash of "sha256" is properly detected and populated in the SBOM result ([#699] via #1121)
- Components' distribution integrity hash of "sha384" is properly detected and populated in the SBOM result ([#699] via #1121)
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^6.1.0, was@^3||^4||^5||^6(via #1120)
What's Changed
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1110
- chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #1112
- docs: publish test coverage by @jkowalleck in #1113
- chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1114
- chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #1115
- chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1119
- fix: move distribution hashes where they belong by @jkowalleck in #1120
- fix: detect integrity hashes sha256 sha384 by @jkowalleck in #1121
Full Changelog: v1.14.1...v1.14.2
Contributors
jkowalleck and dependabot
Assets 3
1.14.1
Contributors
joonamo
Assets 3
1.14.0
1.13.3
1.13.2
Maintenance release
Build
- Use TypeScript
v5.2.2now, wasv5.1.6(via #1098)
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^3||^4||^5||^6, was@^3||^4||^5(via #1096)
Full Changelog: v1.13.1...v1.13.2
1.13.1
Maintenance release
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^3||^4||^5, was@^3||^4(via #1042) - Raised dependency
normalize-package-data@^3||^4||^5||^6, was@^3||^4||^5(via #1043)
New Contributors
- @arthurlutz made their first contribution in #1016
Full Changelog: v1.13.0...v1.13.1
Contributors
arthurlutz
Assets 2
1.13.0
Added support for CycloneDX Specification-1.5.
Changed
Added
- CLI switch
--spec-versionnow supports value1.5to reflect CycloneDX Specification-1.5 (#828 via #843)
Default value for that option is unchanged - still1.4.
Build
- Use TypeScript
v5.1.6now, wasv5.1.3(via #841)
Misc
Full Changelog: v1.12.1...v1.13.0
1.12.1
Maintenance release
Build
- Use TypeScript
v5.1.3now, wasv5.0.4(via #764) - Disabled TypeScript compilerOption
esModuleInterop(via #736) - Disabled TypeScript compilerOption
allowSyntheticDefaultImports(via #736)
Full Changelog: v1.12.0...v1.12.1
1.12.0
Based on OWASP Software Component Verification Standard for Software Bill of Materials (SCVS SBOM) criteria, this tool is now capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
Affective changes based on these SCVS SBOM criteria:
- 2.15 — SPDX license expression detection improved (via #726)
- 2.18 — SHA-1 integrity hash detection added (#699 via #735)
Changes
- SPDX license expression detection improved (via #726)
Previously, some expressions were not properly detected, so they were marked as named-license in the SBOM results.
They should be marked as expression, now.
Added
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^2.0.0, was@^1.14.0(via #726)
Full Changelog: v1.11.0...v1.12.0
1.11.0
Added
- SBOM result might be validated (via #660)
This feature is enabled per default and can be disabled via CLI switch--no-validate.
Validation is skipped, if requirements are not met. Requires transitive optional dependencies
Full Changelog: v1.10.0...v1.11.0