Releases: CycloneDX/cyclonedx-php-library
Releases · CycloneDX/cyclonedx-php-library
3.0.2
02d05eb
This commit was signed with the committer’s verified signature.
jkowalleck
Jan Kowalleck
Misc
- Officially support PHP 8.3 (via #265)
- Integration tests compare against human-readable snapshots, for regression (via #371, #372)
What's Changed
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.26.1 to 3.28.0 in /tools/php-cs-fixer by @dependabot in #356
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.4 to 10.3.5 in /tools/phpunit by @dependabot in #354
- tools(deps-dev): Update maglnet/composer-require-checker requirement from 4.6.0 to 4.7.0 in /tools/composer-require-checker by @dependabot in #355
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.28.0 to 3.34.0 in /tools/php-cs-fixer by @dependabot in #357
- tools(deps-dev): Update maglnet/composer-require-checker requirement from 4.7.0 to 4.7.1 in /tools/composer-require-checker by @dependabot in #358
- tools(deps-dev): Update phpmd/phpmd requirement from 2.13.0 to 2.14.1 in /tools/phpmd by @dependabot in #359
- Update CONTRIBUTING.md by @jkowalleck in #360
- tools(deps-dev): Update phpunit/phpunit requirement from 10.3.5 to 10.4.0 in /tools/phpunit by @dependabot in #361
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.34.0 to 3.34.1 in /tools/php-cs-fixer by @dependabot in #362
- tools(deps-dev): Update phpunit/phpunit requirement from 10.4.0 to 10.4.1 in /tools/phpunit by @dependabot in #363
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.34.1 to 3.35.1 in /tools/php-cs-fixer by @dependabot in #364
- docs: add openSSF bestpractices link/badge by @jkowalleck in #365
- ci: move coverage by @jkowalleck in #366
- tools(deps-dev): Update phpunit/phpunit requirement from 10.4.1 to 10.4.2 in /tools/phpunit by @dependabot in #367
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.35.1 to 3.36.0 in /tools/php-cs-fixer by @dependabot in #368
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.36.0 to 3.37.1 in /tools/php-cs-fixer by @dependabot in #369
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.37.1 to 3.38.0 in /tools/php-cs-fixer by @dependabot in #370
- tests: snapshots by @jkowalleck in #371
- tests: dep tree tests by @jkowalleck in #372
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.38.0 to 3.38.2 in /tools/php-cs-fixer by @dependabot in #373
- tools(deps-dev): Update vimeo/psalm requirement from 5.15.0 to 5.16.0 in /tools/psalm by @dependabot in #374
- tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.38.2 to 3.39.1 in /tools/php-cs-fixer by @dependabot in #375
- bump
ergebnis/composer-normalize@2.28.3->@2.39.0by @jkowalleck in #376 - support php 8.3 by @jkowalleck in #265
- tools(deps-dev): Update infection/infection requirement from 0.26.19 to 0.27.8 in /tools/infection by @dependabot in #377
Full Changelog: v3.0.1...v3.0.2
Contributors
jkowalleck and dependabot
Assets 2
3.0.1
Fixed
- fixed a possible JSON schema validation issue regarding "version" property (via #352)
Full Changelog: v3.0.0...v3.0.1
3.0.0
c2f0a54
This commit was signed with the committer’s verified signature.
jkowalleck
Jan Kowalleck
BREAKING
- Interface
\CycloneDX\Core\Spec\Specwas removed from public API (#344 via #345)
This is only a breaking change if you used this interface downstream; internal usage is non-breaking.
This change was necessary, so that implementing more spec-features cause no breaking changes.
Style
- Applied latest PHP Coding Standards (via #341)
Full Changelog: v2.3.0...v3.0.0
2.3.0
94e5455
This commit was signed with the committer’s verified signature.
jkowalleck
Jan Kowalleck
Added support for CycloneDX Specification-1.5.
- Changed
- Method
\CycloneDX\Core\Spec\SpecFactory::makeForVersion()supports CycloneDX Specification-1.5 now (#193 via #255) - Classes
\CycloneDX\Core\Serialization\{DOM,JSON}\Normalizers\*support CycloneDX Specification-1.5 now (#193 via #255) - Classes
\CycloneDX\Core\Validation\Validators\*support CycloneDX Specification-1.5 now (#193 via #255)
- Method
- Added
- Namespace
\CycloneDX\Core\Enums- Enum
ComponentTypegot new cases (#193 via #255)
New:Data,DeviceDriver,MachineLearningModel,Platform - Enum
ExternalReferenceTypegot new cases (#193 via #255)
New:AdversaryModel,Attestation,CertificationReport,CodifiedInfrastructure,ComponentAnalysisReport,Configuration,DistributionIntake,DynamicAnalysisReport,Evidence,ExploitabilityStatement,Formulation,Log,MaturityReport,ModelCard,POAM,PentestReport,QualityMetrics,RiskAssessment,RuntimeAnalysisReport,SecurityContact,StaticAnalysisReport,ThreatModel,VulnerabilityAssertion
- Enum
- Namespace
\CycloneDX\Core\Spec
- Namespace
- Misc
Full Changelog: v2.2.0...v2.3.0
2.2.0
Changed
- Class
\CycloneDX\Core\Serialization\JsonSerializer - Class
\CycloneDX\Core\Serialization\XmlSerializer
Style
- Applied latest PHP Coding Standards (via #302)
Some parameters allow nullables implicitly, was explicitly. - Wrote some class properties with constructor promotion (via #309)
Full Changelog: v2.1.2...v2.2.0
2.1.2
Fixed
\CycloneDX\Core\Serialization\{DOM,JSON}\Normalizers\LicenseRepositoryNormalizer::normalize()now omits invalid license combinations (#285 via #290)
If there is anyLicenseExpression, then this is the only license normalized; otherwise all licenses are normalized.
Docs
- Fixed link to CycloneDX-specification in README (via #288)
Full Changelog: v2.1.1...v2.1.2
2.1.1
ee9c413
This commit was signed with the committer’s verified signature.
jkowalleck
Jan Kowalleck
2.1.0
cf95f54
This commit was signed with the committer’s verified signature.
jkowalleck
Jan Kowalleck
Fixed
- "Bom.serialNumber" data model can have values following the alternative format allowed in CycloneDX XML specification (#277 via #278)
\CycloneDX\Core\Serialization\{DOM,JSON}\Normalizers\BomNormalizer::normalize()now omits invalid/unsupported values forserialNumber(#277 via #278)
Changed
\CycloneDX\Core\Models\Bom::setSerialNumber()no longer throws\DomainExceptionwhen the value is of an unsupported format (#277 via #278)
This is considered a non-breaking behavior change, because the corresponding normalizers assure valid data results.
Added
- Published generator for BOM's SerialNumber:
\CycloneDX\Core\Utils\BomUtility::randomSerialNumber()(#277 via #278)
The code was donated from cyclonedx-php-composer.
Full Changelog: v2.0.0...v2.1.0
2.0.0
Added CycloneDX spec v1.4 support,
Streamlined API & data models for easy use,
Internal rework, modernization, refactoring.
Breaking changes
- Removed support for PHP v7.3 ([#6] via [#125])
- Removed support for PHP v7.4 ([#114] via [#125])
- Removed support for PHP v8.0 (via [#204])
- Changed models' aggregation properties to be no longer optional ([#66] via [#131])
- Changed models to be less restrictive ([#247] via [#249])
- Streamlined repository data structures to follow a common method naming scheme (via [#131])
- Enumeration-like classes were converted to native PHP Enumerations ([#140], [#256] via [#204], [#257])
Added
- Support for CycloneDX schema/spec v1.4 ([#57] via [#65], [#118], [#123])
- Support for properties ([#228] via [#165], [#229], [#231])
Misc
- All class properties now enforce the correct types ([#6], [#114] via [#125])
This is considered a non-breaking change, because the types were already correctly annotated. - Migrated internals to PHP8 language features ([#114] via [#125])
API change log & Migration instructions
See the change list and migration details
Full Changelog: v1.6.2...v2.0.0
2.0.0-RC1
v2 - Release Candidate 1
Changelog:
see https://github.com/CycloneDX/cyclonedx-php-library/blob/v2.0.0-RC1/HISTORY.md#200---unreleased
Install
composer require cyclonedx/cyclonedx-library:2.0.0-RC1Full Changelog: v1.6.2...v2.0.0-RC1