HISTORY.md

Changelog

All notable changes to this project will be documented in this file.

unreleased

2.0.0 - 2025-01-27

• BREAKING Changes
  • CLI option --spec-version defaults to 1.6, was 1.5 (#222 via #251)
  • Emit $.metadata.tools as components (#221 via #254)
    This affects only CycloneDX spec-version 1.5 and later.
  • Emitted .purl values might be partially url-encoded (via #254)
    This is caused by changes on underlying 3rd-party dependency packageurl-js.
  • Create dir for output file if not exists (#253 via #255)
    This is only a breaking change if you relied on non-existent result paths to cause errors.
• Dependencies
  • Upgraded runtime-dependency @cyclonedx/[email protected], was @6.13.1 (via #254)

1.1.0 - 2025-01-14

• Added
  • Capability to gather license text evidences (#33 via #193)
    This feature can be controlled via CLI switch --gather-license-texts.
    This feature is experimental. This feature is disabled per default.
• Dependencies
  • Upgraded runtime-dependency @cyclonedx/[email protected], was @6.11.0 (via #206, #237)
    This was done to incorporate non-breaking upstream changes and fixes.
  • Upgraded runtime-dependency [email protected], was @6.0.1 (via #141)
    This was done to incorporate non-breaking upstream changes and fixes.
  • Removed unused runtime dependency packageurl-js (via #220)
• Build
  • Use TypeScript v5.7.3 now, was v5.5.3 (via #160, #178, #233, #212, #244)
  • Use @yarnpkg/builder v4.2.0 now, was v4.1.1 (via #164, #172)

[#]:

1.0.2 - 2024-07-15

• Dependencies
  • Upgraded runtime-dependency @cyclonedx/[email protected], was @6.10.0 (via #151, #157)
    This was done to incorporate non-breaking upstream changes and fixes.
• Build
  • Use TypeScript v5.5.3 now, was v5.5.2 (via #149)

1.0.1 - 2024-06-27

• Fixed
  • Writing output-files on Windows systems (#145 via #146)

1.0.0 - 2024-06-26

First release (#8 via #6)

• Responsibilities
  • Provide a yarn (berry) plugin that generates CycloneDX SBOM for current workspace
  • Provide a CLI wrapper for said plugin
• Capabilities
  • Support yarn (berry) v3 and v4
  • Can output in XML and JSON format according to CycloneDX v1.2 - v1.6 spec
  • Can omit dev-dependencies
  • Can generate reproducible results

1.0.0-rc.8 - 2024-06-25

• Docs
  • Enhanced the installation docs
  • Fixed some typos here and there

1.0.0-rc.7 - 2024-06-01

• Misc
  • Refactored node imports (via #127)
  • Revisited release pipeline

1.0.0-rc.5 - 2024-05-30

• Misc
  • Added more tests (via #123, #124, #125)

1.0.0-rc.2 - 2024-05-28

• Added
  • Support for yarn3 (#122 via #121)
• Style
  • Some refactoring here and there
• Docs
  • Some typo fixes and modernization here and there

1.0.0-rc.0 - 2024-05-27

Minimum Viable Product - RC-0

1.0.0-beta.1 - 2024-05-27

Minimum Viable Product - Beta-1

First release.

• Responsibilities
  • Provide a yarn plugin that generates CycloneDX SBOM for current workspace
  • Provide a CLI wrapper got said plugin
• Capabilities
  • Supports yarn4
  • Can output in XML and JSON format, CycloneDX v1.2 - v1.6 spec
  • Can omit dev dependencies