Releases: CycloneDX/cyclonedx-node-npm
Releases · CycloneDX/cyclonedx-node-npm
4.1.2
Runtime Dependencies
Style
- Applied latest code standards (via #1388)
What's Changed
- chore(deps): bump knip from 5.68.0 to 5.69.0 in /tools/test-dependencies by @dependabot[bot] in #1384
- chore(deps): bump knip from 5.69.0 to 5.69.1 in /tools/test-dependencies by @dependabot[bot] in #1386
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1385
- chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #1387
- chore(deps): bump knip from 5.69.1 to 5.70.2 in /tools/test-dependencies by @dependabot[bot] in #1391
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1388
- chore(deps): bump xmlbuilder2 from 3.1.1 to 4.0.1 by @dependabot[bot] in #1390
Full Changelog: v4.1.1...v4.1.2
Contributors
dependabot
Assets 3
4.1.1
Fixed
- Create output dir properly if needed (via #1377)
What's Changed
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1375
- chore(deps): bump knip from 5.66.3 to 5.66.4 in /tools/test-dependencies by @dependabot[bot] in #1376
- refactor: simplify and modernize by @jkowalleck in #1378
- fix: properly create outpur dir if needed by @jkowalleck in #1377
- refactor: remove structuredClonePolyfill by @jkowalleck in #1381
- chore(deps): bump the eslint group across 1 directory with 4 updates by @dependabot[bot] in #1379
- chore(deps): bump knip from 5.66.4 to 5.68.0 in /tools/test-dependencies by @dependabot[bot] in #1380
- chore: dependabot dir adjustments by @jkowalleck in #1382
Full Changelog: v4.1.0...v4.1.1
Contributors
jkowalleck and dependabot
Assets 3
4.1.1-rc.0
Signed-off-by: jkowalleck <[email protected]>
4.1.0
Immutable
release. Only release title and notes can be modified.
- Added
- Reproducible SBOM results have Metadata's property
cdx:reproduciblepopulated (#1054 via #1373)
See the official property taxonomycdxfor details.
- Reproducible SBOM results have Metadata's property
- Build
- Use TypeScript
v5.9.3now, wasv5.9.2(via #1356)
- Use TypeScript
What's Changed
- chore(deps): bump knip from 5.63.1 to 5.64.1 in /tools/test-dependencies by @dependabot[bot] in #1355
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1354
- chore(deps): bump knip from 5.64.1 to 5.64.3 in /tools/test-dependencies by @dependabot[bot] in #1360
- chore(deps-dev): bump jest from 30.1.3 to 30.2.0 in the jest group across 1 directory by @dependabot[bot] in #1358
- chore(deps): bump the eslint group across 1 directory with 5 updates by @dependabot[bot] in #1359
- chore(deps-dev): bump typescript from 5.9.2 to 5.9.3 in the typescript group across 1 directory by @dependabot[bot] in #1356
- chore: package-manager-cache: false by @jkowalleck in #1361
- chore(deps): bump knip from 5.64.3 to 5.66.0 in /tools/test-dependencies by @dependabot[bot] in #1364
- chore(deps): bump the eslint group across 1 directory with 4 updates by @dependabot[bot] in #1362
- chore(deps): bump knip from 5.66.0 to 5.66.1 in /tools/test-dependencies by @dependabot[bot] in #1365
- chore: remove lift config by @jkowalleck in #1366
- chore(deps): bump eslint-plugin-jsdoc from 61.1.4 to 61.1.5 in /tools/code-style in the eslint group across 1 directory by @dependabot[bot] in #1367
- chore(deps): bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #1369
- chore(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #1370
- chore(deps): bump knip from 5.66.1 to 5.66.3 in /tools/test-dependencies by @dependabot[bot] in #1372
- chore(deps): bump the eslint group across 1 directory with 2 updates by @dependabot[bot] in #1371
- feat: render property
cdx:reproducibleby @AradhyaTiwari10 in #1373
New Contributors
- @AradhyaTiwari10 made their first contribution in #1373
Full Changelog: v4.0.3...v4.1.0
Contributors
jkowalleck, dependabot, and AradhyaTiwari10
Assets 3
4.0.3
Fixed
- If reproducible flag enabled, SBOM result's
bom-reffor alias/duplicated components are reproducible (#1351 via #1352)
What's Changed
- fix: have unique bomRefs for duplicated package installs by @jkowalleck in #1352
- chore(deps): bump the eslint group across 1 directory with 4 updates by @dependabot[bot] in #1348
- chore(deps): bump the eslint group across 1 directory with 5 updates by @dependabot[bot] in #1353
Full Changelog: v4.0.2...v4.0.3
Contributors
jkowalleck and dependabot
Assets 3
4.0.2
Maintenance release
Runtime Dependencies
- Support
@cyclonedx/cyclonedx-library@^9.0.0, was@^8.4.0(via #1349)
What's Changed
- chore(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in #1346
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1347
- feat: support cyclonedx-library v9.0.0 by @jkowalleck in #1349
Full Changelog: v4.0.1...v4.0.2
Contributors
jkowalleck and dependabot
Assets 3
4.0.1
Runtime Dependencies
- Support
normalize-package-data@^8.0.0, was@^7.0.0(via #1327)
Build
- Use TypeScript
v5.9.2now, wasv5.8.3(via #1332)
What's Changed
- chore(dev-deps): update dev-tools deps by @jkowalleck in #1310
- chore(deps): bump typescript-eslint from 8.27.0 to 8.34.1 in /tools/code-style by @dependabot[bot] in #1312
- chore(deps): bump the eslint group across 1 directory with 6 updates by @dependabot[bot] in #1311
- chore(deps): bump typescript-eslint from 8.34.1 to 8.35.0 in /tools/code-style by @dependabot[bot] in #1315
- chore(deps): bump the eslint group across 1 directory with 3 updates by @dependabot[bot] in #1313
- chore(deps-dev): bump jest from 30.0.2 to 30.0.3 in the jest group across 1 directory by @dependabot[bot] in #1314
- chore(deps-dev): bump jest from 30.0.3 to 30.0.4 in the jest group across 1 directory by @dependabot[bot] in #1317
- chore: QA tool to detect missing dependencies by @jkowalleck in #1321
- chore(deps): bump the eslint group across 1 directory with 6 updates by @dependabot[bot] in #1322
- chore(deps): bump knip from 5.61.3 to 5.62.0 in /tools/test-dependencies by @dependabot[bot] in #1324
- tests: omit dev/optional/peer by @jkowalleck in #1329
- chore(deps-dev): bump jest from 30.0.4 to 30.0.5 in the jest group across 1 directory by @dependabot[bot] in #1326
- refactor: rename private
makeExtRefDistFromPachageData->makeExtRefDistFromPackageDataby @jkowalleck in #1331 - tests: refactor
cliWrapper->cliWrapperPathby @jkowalleck in #1334 - chore(deps): bump the eslint group across 1 directory with 5 updates by @dependabot[bot] in #1333
- chore(deps): bump the eslint group across 1 directory with 4 updates by @dependabot[bot] in #1335
- chore(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1336
- chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1337
- chore(deps): bump knip from 5.62.0 to 5.63.0 in /tools/test-dependencies by @dependabot[bot] in #1339
- chore(deps-dev): bump jest from 30.0.5 to 30.1.1 in the jest group across 1 directory by @dependabot[bot] in #1341
- chore(deps): bump the eslint group across 1 directory with 5 updates by @dependabot[bot] in #1342
- chore(deps-dev): bump typescript from 5.8.3 to 5.9.2 in the typescript group across 1 directory by @dependabot[bot] in #1332
- chore(deps): support normalize-package-data v8.0.0 by @dependabot[bot] in #1327
- chore(deps): bump knip from 5.63.0 to 5.63.1 in /tools/test-dependencies by @dependabot[bot] in #1345
- chore(deps): bump the eslint group across 1 directory with 2 updates by @dependabot[bot] in #1343
- chore(deps-dev): bump jest from 30.1.1 to 30.1.3 in the jest group across 1 directory by @dependabot[bot] in #1344
Full Changelog: v4.0.0...v4.0.1
Contributors
jkowalleck and dependabot
Assets 3
4.0.0
BREAKING Changes
- SBOM results might have slightly changed (via #1307)
Fixed
- External dependency edge-cases are now properly nested (via #1307)
Changed
- SBOM result's
bom-refis prefixed with parent-component's one to ensure uniqueness (via #1307) - Uses only trusted data from
npm-lsinternally (via #1307)
No changes in data quality are expected.
What's Changed
- tests: fix flat prepared tests by @jkowalleck in #1308
- feat: prefer trusted data, fix external deps edge-cases by @jkowalleck in #1307
- chore(deps-dev): bump jest from 30.0.0 to 30.0.2 in the jest group by @dependabot in #1309
Full Changelog: v3.1.0...v4.0.0
Contributors
jkowalleck and dependabot
Assets 3
3.1.0
Changed
- Utilizes license file gatherer of
@cyclonedx/cyclonedx-library, previously used own implementation (via #1303)
Runtime Dependencies
- Raised
@cyclonedx/cyclonedx-library@^8.4.0, was@^8.0.0(via #1301, #1303) - Raised
commander@^14.0.0, was@^13.1.0(via #1297)
What's Changed
- chore(deps-dev): bump npm-run-all2 from 7.0.2 to 8.0.1 by @dependabot in #1294
- chore: add workflow permissions by @jkowalleck in #1298
- chore(deps): bump commander from 13.1.0 to 14.0.0 by @dependabot in #1297
- ci: use node24 by @jkowalleck in #1299
- feat: gather more info for bundled dependencies by @jkowalleck in #1301
- feat: use CDX-library's license evidence gathering by @jkowalleck in #1303
- chore(deps-dev): bump jest from 29.7.0 to 30.0.0 in the jest group by @dependabot in #1305
Full Changelog: v3.0.0...v3.1.0
Contributors
jkowalleck and dependabot
Assets 3
3.0.1-alpha.0
Signed-off-by: jkowalleck <[email protected]>