fix(deps): update module github.com/cyclonedx/cyclonedx-go to v0.9.1 #4593
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
7 times, most recently
from
a1b68f9
to
aa8f9df
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
10 times, most recently
from
5eb1d6d
to
c4006e4
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
9 times, most recently
from
abbdb79
to
cb98f31
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
3 times, most recently
from
9ebb98f
to
61572cc
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
8 times, most recently
from
5cde392
to
753d006
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
11 times, most recently
from
b3e687a
to
c95105c
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
5 times, most recently
from
3bb8f37
to
c8eb141
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
3 times, most recently
from
ec856f5
to
eb23f4c
Compare
renovate
bot
force-pushed
the
renovate/github.com-cyclonedx-cyclonedx-go-0.x
branch
from
eb23f4c
to
2d8a5dd
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.6.0->v0.9.1Release Notes
CycloneDX/cyclonedx-go (github.com/CycloneDX/cyclonedx-go)
v0.9.1Compare Source
Changelog
Fixes
6f0e0cf: fix:nilpointer dereference during evidence conversion (@nscuro)ce43b6f: fix: make linter happy (@nscuro)5d799e6: fix: remove deprecated goreleaser flag (@nscuro)Building and Packaging
6d5bcb0: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (@dependabot[bot])f34fc0c: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (@dependabot[bot])71cff22: build(deps): bump gitpod/workspace-go from8d15123to2a9e01c(@dependabot[bot])ea69355: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (@dependabot[bot])d5cbdad: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (@dependabot[bot])v0.9.0Compare Source
Changelog
Features
729c284: feat: Add CycloneDX 1.6 fields swhid and omniborId (@snyk-tim)b5d3595: feat: add manufacturer and authors (@snyk-tim)c52e698: feat: raise baseline go version to 1.20 (@nscuro)Fixes
9166e10: fix:ioutil->io(@nscuro)349fc8c: fix: add bom-ref to OrganizationalEntity/Contact (@snyk-tim)c97da90: fix: handle breaking changes in skywalking-eyes (@nscuro)Building and Packaging
ec6291e: build(deps): bump actions/checkout from 4.1.1 to 4.1.5 (@dependabot[bot])899fe39: build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (@dependabot[bot])8674ed5: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (@dependabot[bot])db3a114: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (@dependabot[bot])a3bd055: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@dependabot[bot])1179dd9: build(deps): bump gitpod/workspace-go from8b9a0f6to8d15123(@dependabot[bot])d98494e: build(deps): bump gitpod/workspace-go from9118b93to8b9a0f6(@dependabot[bot])1e2a3a0: build(deps): bump gitpod/workspace-go from94ae638to9118b93(@dependabot[bot])d4d6e35: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@dependabot[bot])521d1ce: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 (@dependabot[bot])f1ebafe: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (@dependabot[bot])Others
16d2143: Fix(1.6): Added missing omitempty in NistQuantumSecurityLevel (@Petzys)ffec473: chore: add license header (@mcombuechen)1f8fdcc: feat(1.6): add BOM.Declarations (@mcombuechen)62b5342: feat(1.6): add BOM.Definitions (@mcombuechen)c33b9cb: feat(1.6): add CBOM types (@Petzys)10e10c8: feat(1.6): add JSON schema, XML namespace (@mcombuechen)2dc599a: feat(1.6): add License.Acknowledgement (@mcombuechen)7a32fde: feat(1.6): add PostalAddress type (@mcombuechen)b8e4529: feat(1.6): add SpecVersion for v1.6 (@mcombuechen)c877828: feat(1.6): add environmentalConsiderations (@mcombuechen)e0e9c67: feat(1.6): add schema definitions for CycloneDX 1.6 (@mcombuechen)b1636c2: feat(1.6): extend EvidenceOccurrence (@mcombuechen)b4b3b94: fix(1.6): convert occurrences of OrganizationalEntity (@mcombuechen)9332ca6: fix(1.6): fix json, xml labels on BOM.Definitions (@mcombuechen)v0.8.0Compare Source
This release ships with almost complete support for v1.5 of the CycloneDX specification.
The only exception being the extended data flow support, as used in SaaS BOMs.
Unfortunately, there are also breaking changes in this release:
Metadata.Toolshas changed from*[]Toolto*ToolsChoice, to facilitate the deprecation ofToolin the specToolsChoiceholds both legacy*[]Tool, as well as the new*[]Componentand*[]ServicefieldsTooltype, as well as theToolsChoice.Toolsfield are marked as deprecatedEncodeVersion),Components andServices are automatically converted to legacyToolsComponents andServices. However, when consuming BOMs, applications should still expect legacyTools to be present, and handle them accordingly.Changelog
Fixes
64eb0c8: fix: remove format linters that require extra tooling (@nscuro)Building and Packaging
696aa66: build(deps): bump actions/checkout from 3.5.3 to 4.1.0 (@dependabot[bot])b50b319: build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])5cad1b0: build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])b091061: build(deps): bump gitpod/workspace-go fromd3603c7to94ae638(@dependabot[bot])9e310b6: build(deps): bump gitpod/workspace-go fromf37c673tod3603c7(@dependabot[bot])89494fd: build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])Others
61dd91e: feat(spec1-5): add support for machine learning (@nscuro)f831960: feat(spec1-5): updatevalid-vulnerabilitytest snapshots (@nscuro)ffc9a4e: ci: enable more linters (@mmorel-35)3feda75: feat(spec1-5): add additional external reference types (@nscuro)bd66a36: feat(spec1-5): add support forCVSSv4scoring method (@nscuro)d597bb9: feat(spec1-5): add support forfirstIssuedandlastUpdatedin vuln analysis (@nscuro)2ae5445: feat(spec1-5): add support for additional compositions and composition identity (@nscuro)f856daa: feat(spec1-5): add support for formulation (@nscuro)2fbde0e: feat(spec1-5): add support for identity, occurrences, and callstack evidence (@nscuro)745a35a: feat(spec1-5): add support for licensing (@nscuro)b02255f: feat(spec1-5): add support for lifecycles (@nscuro)fe3a904: feat(spec1-5): add support for ssvc scoring method (@nscuro)7d2713f: feat(spec1-5): add support for vulnerability proof of concept (@nscuro)25b250a: feat(spec1-5): add support for vulnerability rejected timestamps (@nscuro)c7a84ac: feat(spec1-5): handle deprecation of tools (@nscuro)v0.7.2Compare Source
This is a bugfix release that ships with minimal support for the CycloneDX v1.5 specification.
Full support is being worked on and planned to be released soon. The progress may be tracked in #90.
The reason for publishing partial support like this is to allow the consumption of v1.5 BOMs, which fails with
cyclonedx-go<= v0.7.1.Changelog
Features
7128a92: feat: raise baseline go version to 1.18 (@nscuro)Fixes
ff719b6: fix: unmarshal bom on v1.5 return invalid specification version (@chen-keinan)Building and Packaging
966c223: build(deps): bump CycloneDX/gh-gomod-generate-sbom from 1.1.0 to 2.0.0 (@dependabot[bot])1e83e85: build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (@dependabot[bot])78f6593: build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (@dependabot[bot])868f6db: build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (@dependabot[bot])5885827: build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])d772b54: build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])578e862: build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])f83e6a7: build(deps): bump gitpod/workspace-go from2be827fto910daeb(@dependabot[bot])cd7b23a: build(deps): bump gitpod/workspace-go from910daebtod7a41f5(@dependabot[bot])668553d: build(deps): bump gitpod/workspace-go fromd7a41f5tof37c673(@dependabot[bot])d9a5f8c: build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (@dependabot[bot])66f96df: build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (@dependabot[bot])8b51c39: build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (@dependabot[bot])e44f7de: build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])6360fe1: build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])Others
a069906: feat(spec1-5): add initial support for spec v1.5 (@nscuro)67a7567: feat(spec1-5): add licensing, license properties, and license bom-ref (@nscuro)d2f3bb9: feat(spec1-5): add lifecycle support (@nscuro)eb041b5: feat(spec1-5): add new component types (@nscuro)c45ba61: feat(spec1-5): add new external reference types (@nscuro)d84947d: feat(spec1-5): add support for annotations (@nscuro)0ba0496: feat(spec1-5): bump schema to 1.5 for round-trip tests (@nscuro)4e20914: misc(dx): add project icon for intellij and goland (@nscuro)v0.7.1Compare Source
Changelog
Features
a1db675: feat: add JSON Schema to JSON output (#79) (@mcombuechen)41a1ac5: feat: option to specify HTML escaping for JSON format (#72) (@kzantow)Fixes
08953d1: fix:gitpod.ymlrefers to wrongDockerfile(@nscuro)97c1e5a: fix: license header inDockerfile.gitpod(@nscuro)Building and Packaging
b904cab: build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (@dependabot[bot])66aa7d3: build(deps): bump actions/checkout from 3.1.0 to 3.2.0 (@dependabot[bot])5a0b406: build(deps): bump actions/checkout from 3.2.0 to 3.3.0 (@dependabot[bot])8c73864: build(deps): bump actions/checkout from 3.3.0 to 3.4.0 (@dependabot[bot])6dc0ac5: build(deps): bump actions/checkout from 3.4.0 to 3.5.0 (@dependabot[bot])393b665: build(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (@dependabot[bot])dace5ef: build(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (@dependabot[bot])a7d5143: build(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (@dependabot[bot])fd636f7: build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (@dependabot[bot])e3af71d: build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (@dependabot[bot])2fe798d: build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (@dependabot[bot])6b726a5: build(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (@dependabot[bot])f8ad513: build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (@dependabot[bot])be3d2c3: build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (@dependabot[bot])f72e6b7: build(deps): bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (@dependabot[bot])0414aa0: build(deps): bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (@dependabot[bot])fb45216: build: pin digest of gitpod image (@nscuro)3f98a11: build: pin github actions to commit digest (@nscuro)Others
eaa4df6: Error if invalid json is passed. (@justinabrahms)e4fe5c6: ci: enable dependabot fordockerecosystem (@nscuro)05a6bb7: ci: update cyclonedx-cli to 0.24.2 (@nscuro)v0.7.0Compare Source
Changelog
Features
acb9322: feat: add enum for official media types (@nscuro)2826fe2: feat: add support for encoding to older spec versions (#51) (@nscuro)7a2113a: feat: raise baseline go version to 1.17 (#53) (@nscuro)7415143: feat: return error when parsing unknown spec versions (@nscuro)1655b7d: feat: setSpecVersionwhen decoding from xml (@nscuro)f97e04a: feat: update gitpod dockerfile (@nscuro)Fixes
ea0d5b7: fix: prevent nesting ofDependency(@nscuro)Building and Packaging
f43660c: build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (@dependabot[bot])2458312: build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (@dependabot[bot])760fae3: build(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (@dependabot[bot])4dddf51: build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0 (@dependabot[bot])6eb6521: build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.7.0 to 2.8.0 (@dependabot[bot])bff00ef: build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (@dependabot[bot])fc11b56: build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (@dependabot[bot])f521d75: build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (@dependabot[bot])d5d1ab6: build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])b83bbe8: build(deps): bump goreleaser/goreleaser-action from 2 to 3 (@dependabot[bot])Documentation
8f8fadf: docs: fix cyclonedx-go version in compatibility matrix (@nscuro)124f2be: docs: fix typos (@nscuro)Others
5f10aea: refactor: refine spec version conversion to cover more cases (@nscuro)0c2ebff: refactor: separate custom marshalling logic from model (@nscuro)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.