Releases: CycloneDX/cyclonedx-php-composer
4.2.1
0443e0c
jkowalleck
Jan Kowalleck
Maintenance release
Docs
- Moved all non-public API into a sub-namespace called
_internal, so that its reliability is obvious. (via #427)
What's Changed
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from v3.25.0 to v3.26.1 in /tools/php-cs-fixer by @dependabot in #406
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.2 to 10.3.3 in /tools/phpunit by @dependabot in #407
- gh-actions(deps): Bump actions/checkout from 3 to 4 by @dependabot in #408
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.3 to 10.3.4 in /tools/phpunit by @dependabot in #409
- tools(deps-dev): Update maglnet/composer-require-checker requirement from 4.6.0 to 4.7.0 in /tools/composer-require-checker by @dependabot in #410
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from v3.26.1 to v3.28.0 in /tools/php-cs-fixer by @dependabot in #411
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.4 to 10.3.5 in /tools/phpunit by @dependabot in #412
- ci: lax dependency installer by @jkowalleck in #415
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from v3.28.0 to v3.34.0 in /tools/php-cs-fixer by @dependabot in #414
- tools(deps-dev): Update maglnet/composer-require-checker requirement from 4.7.0 to 4.7.1 in /tools/composer-require-checker by @dependabot in #413
- Update CONTRIBUTING.md by @jkowalleck in #416
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.5 to 10.4.0 in /tools/phpunit by @dependabot in #417
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from v3.34.0 to v3.34.1 in /tools/php-cs-fixer by @dependabot in #418
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from v3.34.1 to v3.35.1 in /tools/php-cs-fixer by @dependabot in #420
- tools(deps-dev): Update phpunit/phpunit requirement from 10.4.0 to 10.4.1 in /tools/phpunit by @dependabot in #419
- docs: add OpenSSF Best Practices link/badge by @jkowalleck in #421
- docs: publish code coverage by @jkowalleck in #422
- Tests: init integration tests by @jkowalleck in #423
- refactor: move non-public API into a sub-namespace called
_internalby @jkowalleck in #427
Full Changelog: v4.2.0...v4.2.1
Contributors
Assets 2
4.2.0
3078cdc
jkowalleck
Jan Kowalleck
4.1.1
5ed4cb4
jkowalleck
Jan Kowalleck
Maintenance release
Dependencies
- Requires
cyclonedx/cyclonedx-library:^2.3||^3.0, was:^2.3(via #398)
Style
- Applied latest PHP Coding Standards (via #395)
Full Changelog: v4.1.0...v4.1.1
4.1.0
Added support for CycloneDX Specification-1.5.
Changed
Added
- CLI switch
--spec-versionnow supports value1.5to reflect CycloneDX Specification-1.5 (#380 via #383)
Default value for that switch is unchanged – still1.4.
Dependencies
Full Changelog: v4.0.2...v4.1.0
4.0.2
4.0.1
Fixed
- Improved error reporting in case an invalid BOM would be created (via #363)
Full Changelog: v4.0.0...v4.0.1
4.0.0
Based on OWASP Software Component Verification Standard for Software Bill of Materials
(SCVS SBOM) criteria, this tool is now capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
Affective changes based on these SCVS SBOM criteria:
- 2.1 – Added Support for CycloneDX 1.4 (via #250)
- 2.3 – SBOM has a unique identifier (#279 via #250, #353)
- 2.7 – SBOM is timestamped (#112 via #250)
- 2.9 – Accuracy of Inventory was improved (#102, #122, #261, #313 via #250)
- 2.10 – Accuracy of Inventory of all test components was improved (#102, #122, #261, #313 via #250)
- 2.11 – SBOM metadata was enhanced (#171 via #250)
- 2.15 – SPDX license expression detection fixed (#128 via #250)
BREAKING changes
- Removed support for PHP
<8.1(#91, #128 via #250) - Removed support for Composer
<2.3(#153 via #250) - CLI
- Removed deprecated composer command
make-bom, callcomposer CycloneDX:make-sbominstead (#293 via #309) - Changed option
output-fileto default to-now, which causes to print to STDOUT (via #250) - Removed option
exclude-devin favor of new optionomit(via #250) - Removed option
exclude-pluginsin favor of new optionomit(via #250) - Removed option
no-version-normalization(#102 via #250)
- Removed deprecated composer command
- SBOM results
- Dependencies
Migration & Details
Read the full list of changes and details here:
https://github.com/CycloneDX/cyclonedx-php-composer/blob/v4.0.0/HISTORY.md#400---details
Full Changelog: v3.11.0...v4.0.0
4.0.0-RC2
ddeb45d
jkowalleck
Jan Kowalleck
v4 - Release Candidate 2
Changelog
Changes from RC1 to RC2: v4.0.0-RC1...v4.0.0-RC2
- Fix: BOM result's components have pURL's, again (via #352)
- Bumped dependency to
cyclonedx/cyclonedx-library:^2.1, was2.0.0-RC1(via #343, #353) - Enhanced the docs (via #336, #348, #349)
- Internal refactoring & more tests (via #338, #352)
See the full v4 changelog: https://github.com/CycloneDX/cyclonedx-php-composer/blob/v4.0.0-RC2/HISTORY.md#400---unreleased
Installation
As a global Composer plugin:
composer global require cyclonedx/cyclonedx-php-composer:4.0.0-RC2As a development dependency of the current project:
composer require --dev cyclonedx/cyclonedx-php-composer:4.0.0-RC2Full Changelog: v3.11.0...v4.0.0-RC2
4.0.0-RC1
v4 - Release Candidate 1
Changelog
See https://github.com/CycloneDX/cyclonedx-php-composer/blob/v4.0.0-RC1/HISTORY.md#400---unreleased
Installation
As a global Composer plugin:
composer global require cyclonedx/cyclonedx-php-composer:4.0.0-RC1As a development dependency of the current project:
composer require --dev cyclonedx/cyclonedx-php-composer:4.0.0-RC1Full Changelog: v3.11.0...v4.0.0-RC1