Update module github.com/CycloneDX/cyclonedx-go to v0.8.0 #111
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.7.2
->v0.8.0
Release Notes
CycloneDX/cyclonedx-go (github.com/CycloneDX/cyclonedx-go)
v0.8.0
Compare Source
This release ships with almost complete support for v1.5 of the CycloneDX specification.
The only exception being the extended data flow support, as used in SaaS BOMs.
Unfortunately, there are also breaking changes in this release:
Metadata.Tools
has changed from*[]Tool
to*ToolsChoice
, to facilitate the deprecation ofTool
in the specToolsChoice
holds both legacy*[]Tool
, as well as the new*[]Component
and*[]Service
fieldsTool
type, as well as theToolsChoice.Tools
field are marked as deprecatedEncodeVersion
),Component
s andService
s are automatically converted to legacyTool
sComponent
s andService
s. However, when consuming BOMs, applications should still expect legacyTool
s to be present, and handle them accordingly.Changelog
Fixes
64eb0c8
: fix: remove format linters that require extra tooling (@nscuro)Building and Packaging
696aa66
: build(deps): bump actions/checkout from 3.5.3 to 4.1.0 (@dependabot[bot])b50b319
: build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])5cad1b0
: build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])b091061
: build(deps): bump gitpod/workspace-go fromd3603c7
to94ae638
(@dependabot[bot])9e310b6
: build(deps): bump gitpod/workspace-go fromf37c673
tod3603c7
(@dependabot[bot])89494fd
: build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])Others
61dd91e
: feat(spec1-5): add support for machine learning (@nscuro)f831960
: feat(spec1-5): updatevalid-vulnerability
test snapshots (@nscuro)ffc9a4e
: ci: enable more linters (@mmorel-35)3feda75
: feat(spec1-5): add additional external reference types (@nscuro)bd66a36
: feat(spec1-5): add support forCVSSv4
scoring method (@nscuro)d597bb9
: feat(spec1-5): add support forfirstIssued
andlastUpdated
in vuln analysis (@nscuro)2ae5445
: feat(spec1-5): add support for additional compositions and composition identity (@nscuro)f856daa
: feat(spec1-5): add support for formulation (@nscuro)2fbde0e
: feat(spec1-5): add support for identity, occurrences, and callstack evidence (@nscuro)745a35a
: feat(spec1-5): add support for licensing (@nscuro)b02255f
: feat(spec1-5): add support for lifecycles (@nscuro)fe3a904
: feat(spec1-5): add support for ssvc scoring method (@nscuro)7d2713f
: feat(spec1-5): add support for vulnerability proof of concept (@nscuro)25b250a
: feat(spec1-5): add support for vulnerability rejected timestamps (@nscuro)c7a84ac
: feat(spec1-5): handle deprecation of tools (@nscuro)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.