Release v10.8.5

What's Changed

• Add env variables NPM_URL, GO_PKG_URL, RUST_CRATES_URL, NUGET_URL by @Bizordec in #1247
• Disable formulation collection by default by @prabhu in #1250

New Contributors

• @Bizordec made their first contribution in #1247

Full Changelog: v10.8.4...v10.8.5

Release v10.8.4

What's Changed

• Fix for empty environment variables causing validation failures by @prabhu in #1241

Full Changelog: v10.8.3...v10.8.4

Release v10.8.3

What's Changed

• Evinse occurrence evidence was broken since language is a list in 10.8.x by @prabhu in #1238

Full Changelog: v10.8.2...v10.8.3

Release v10.8.2

What's Changed

• Add multi-threading support for custom Gradle tasks by @ajmalab in #1231
• Universal yaml manifest issue by @prabhu in #1233
• Remove python duplicate tree by @prabhu in #1236
• Fixes issue for Global Assembly Cache DLL without version numbers by @timmyteo in #1235

Full Changelog: v10.8.1...v10.8.2

Release v10.8.1

What's Changed

• Add if conditional to ignore irrelevant tasks by @ajmalab in #1227
• In universal mode, safely ignore directories from container export by @prabhu in #1228

Full Changelog: v10.8.0...v10.8.1

Release 10.8.0 - multi types

Introduction

cdxgen can now generate SBOM for multiple package types in a single execution. Some examples:

Example 1: Include js and dotnet packages.

-t js -t dotnet

Example 2: Exclude js alone and include other types

--exclude-type js

This also works for Java applications that use both maven and gradle. A single invocation with -t java will automatically invoke and collect packages from both maven and gradle!

What's Changed

• Adds MIT-0 by @prabhu in #1197
• Update atom to get fix for parsedeps command. Added additional unit test by @prabhu in #1196
• Set max buffers for npm install. Print stdout in debug by @prabhu in #1200
• Update node gyp to support python 3.12 by @prabhu in #1201
• Disable pip caching in container image by @prabhu in #1204
• Multi project types by @prabhu in #1202
• Fix issues with multi-threaded Gradle sbom gen by @ajmalab in #1205
• Do not aggressively exclude while dealing with java projects by @prabhu in #1207
• Feat: Improve dev-friendliness for snapshot tests. by @cerrussell in #1213
• Update atom to get parsedeps improvements by @prabhu in #1211
• Fix: Add python alias to dockerfile-deno by @aryan-rajoria in #1216
• Support for Rancher Desktop on mac by @prabhu in #1219
• Support for invoking multiple package managers for java by @prabhu in #1217
• Fix: change PYTHON_CMD to python3.12 in all docker files by @aryan-rajoria in #1220
• Updated atom. Added messages to promote new maven and gradle features by @prabhu in #1223

Full Changelog: v10.7.1...v10.8.0

Release v10.7.1

What's Changed

• Lima template by @prabhu in #1182
• Ensure All Required Dependencies are Included in PNPM v9 by @pcbowers in #1184
• Update packages by @prabhu in #1186
• update python and node versions in lima by @prabhu in #1191
• stderr can be null by @prabhu in #1193

New Contributors

• @pcbowers made their first contribution in #1184

Full Changelog: v10.7.0...v10.7.1

Release v10.7.0

What's Changed

• Update snapshot tests to integrate new custom-json-diff functionality. by @cerrussell in #1157
• Clearer paths for new vs old snapshots. by @cerrussell in #1175
• python cyclic deps by @prabhu in #1172
• Adds excluded components to formulation for python by @prabhu in #1176
• parsedeps improvements by @prabhu in #1177
• Adds bzip2 to containers by @prabhu in #1178
• pnpm9 optional packages detection by @prabhu in #1180

Full Changelog: v10.6.2...v10.7.0

Release v10.6.2

Validations for externalReferences.url has improved further thanks to @timmyteo. Beginning with this release, cdxgen will show a small donation banner in the CI. Please support the CycloneDX team with an active sponsorship, before disabling the banner using a command line argument.

What's Changed

• Update PROJECT_TYPES.md by @matuella in #1150
• Adds premium issue template by @prabhu in #1153
• chore: issue config add slack invite link by @jkowalleck in #1156
• Adds donation message to CI invocations by @prabhu in #1154
• chore: update biomejs v1.8.1 by @setchy in #1159
• docs: add libraries io badge by @setchy in #1160
• validateIri to Reject "http://" URL by @timmyteo in #1158
• Bug fix: yarn v1 dependency tree was incomplete by @prabhu in #1162
• Return error response in submitBom by @marob in #1108

New Contributors

• @matuella made their first contribution in #1150

Full Changelog: v10.6.1...v10.6.2

Release v10.6.1

If something doesn't work, call it the patch 0. Let's go again with pnpm publish.

What's Changed

• Try to fix pnpm publish issues by @prabhu in #1147

Full Changelog: v10.6.0...v10.6.1