Releases: CycloneDX/cyclonedx-dotnet
4.0.0
What's Changed
- Potentially Breaking: Update CycloneDX to 8.0.0 and BOM validation to v1_6 by @MarioAllegro in #907
- Created SBOMs will now be of CycloneDX version 1.6
- Component.Author will now instead be written into the newly introduced Component.Authors field
New Contributors
- @MarioAllegro made their first contribution in #907
Full Changelog: v3.0.8...v4.0.0
3.0.8
What's Changed
- fix: Also find assembly version info for VB projects by @dhivarson in #870
- fix: CycloneDX should fail when the provided file was not found by @mtsfoni in #883
New Contributors
- @dhivarson made their first contribution in #870
Full Changelog: v3.0.7...v3.0.8
3.0.7
What's Changed
Full Changelog: v3.0.6...v3.0.7
3.0.6
- Corrected an issue where an error occurred while reading a read-only .csproj file.
- Resolved an inconsistency in the naming of project-reference components when the assembly name differs from the project name.
What's Changed
- build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.4 to 20.0.15 by @dependabot in #839
- build(deps): bump xunit from 2.6.5 to 2.6.6 by @dependabot in #832
- build(deps): bump System.IO.Abstractions from 20.0.4 to 20.0.15 by @dependabot in #838
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #857
- build(deps): bump xunit.runner.visualstudio from 2.5.6 to 2.5.7 by @dependabot in #855
- build(deps): bump xunit from 2.6.6 to 2.7.0 by @dependabot in #854
- build(deps): bump dotnet/sdk from 8.0 to 8.0.101 by @dependabot in #852
- build(deps): bump NuGet.Protocol from 6.8.0 to 6.9.1 by @dependabot in #851
- build(deps): bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 by @dependabot in #849
- build(deps): bump NuGet.ProjectModel from 6.8.0 to 6.9.1 by @dependabot in #861
- build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 by @dependabot in #863
- build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.15 to 21.0.2 by @dependabot in #864
- build(deps): bump System.IO.Abstractions from 20.0.15 to 21.0.2 by @dependabot in #862
- When reading a file with a FileStream use FileAccess.Read. Fixes #859 by @mtsfoni in #860
- Fix: #833 Error with includePackageReference when ProjectReference-Graph is at least 2 levels deep. by @mtsfoni in #834
Full Changelog: v3.0.5...v3.0.6
3.0.5
Bug Fixes:
- Fixed a crash, when a referenced project file is missing. This issue can arise if the ProjectReference in the project file is conditional. (Issue #826)
- Fixed a crash, when
-rs
was used with asset-files and a child project had multiple targets with differing dependencies. (Issue #830) - When using the
-rs
setting, dependencies that relied on the root project were under some circumstances incorrectly positioned in the dependency graph. - With the settings
-rs
and-ipr
, project references were not accurately placed in the dependency graph.
3.0.4
3.0.3
3.0.2
Fixes the same problem that 3.0.1 tried to fix, by returning to the 2.10.0 functionality of resolving the location of the dotnet executable.
3.0.1
Fixed a bug where CycloneDX on Linux systems searched for the dotnet executable in the wrong location, throwing a System.ComponentModel.Win32Exception [sic] right at the start.
3.0.0
Changelog
Breaking Changes
-
The flag
--disable-github-licenses
is now deprecated and set as the default launch setting. If you want to enable GitHub license resolution, you must activate it by setting-enable-github-licenses
. -
Generated SBOMs are now of CycloneDX-Version 1.5
Deprecated Arguments
The following arguments are deprecated and will be replaced soon:
-d
is now replaced by-ed
-r
is now replaced by-rs
-f
is now replaced by-fn
--out
is now replaced by--output
The argument -v
has been removed directly.
Features
- Introducing a new flag:
-ipr
or--include-project-references
, which adds project references to the bom output. - The
--output
flag is not mandatory anymore but defaults to the working directory.
Bugfixes
- The
--exclude-dev
flag now also removes dev dependencies from the dependency graph. - Fixed an error where .NET Standard was treated as a package dependency, causing a failure.
- Fixed an error where a package reference, shadowed by a project reference, leads to a failure.
Notes
- Changed the command line from
McMaster.Extensions.CommandLineUtils
toSystem.CommandLine
.