1.3.4

Fixed

• Factories.PackageUrlFactory omits empty-string URLs for PackageUrl's qualifiers download_url & vcs_url. (via #180)

1.3.3

Fixed

• Improved omission of invalid anyURI when it comes to XML-normalization. (#178 via #179)

1.3.2

Fixed

• Serializers render bom-ref values of nested components as unique values, as expected. (#175 via #176)

Misc

• Style: improved readability of constructor parameter types. (via #166)

1.3.1

Fixed

• JSON- and XML-Normalizer no longer render Models.Component.properties with CycloneDX Specification-1.2. (#152 via #153)
• XML-Normalizer now has the correct order/position of rendered Models.Component.properties. (via #153)

1.3.0

Changed

• Use version 9b04a94 of CycloneDX specification for XML and JSON schema validation. (via #150)
• Use SPDX license enumeration from version 9b04a94 of CycloneDX specification. (via #150)

Added

• Models for Property and PropertyRepository. (via #151)
• JSON- and XML-Normalizer for Models.Property, Models.PropertyRepository. (via #151)
• New property Models.Component.properties. (via #151)

Build

• Use Webpack v5.74.0. now, was 5.73.0. (via #141)

1.2.0

Added

• New getters/properties that represent the corresponding parameters of class constructor. (via #145)
  • Builders.FromPackageJson.ComponentBuilder.extRefFactory,
    Builders.FromPackageJson.ComponentBuilder.licenseFactory
  • Builders.FromPackageJson.ToolBuilder.extRefFactory
  • Factories.PackageUrlFactory.type
  • Serialize.BomRefDiscriminator.prefix
  • Serialize.JsonSerializer.normalizerFactory
  • Serialize.XmlBaseSerializer.normalizerFactory,
    Serialize.XmlSerializer.normalizerFactory
• Factory for PackageURL from Models.Component can handle additional data sources, now. (via #146)
  • Models.Component.hashes map -> PackageURL.qualifiers.checksum list
  • Models.Component.externalReferences[distribution].url -> PackageURL.qualifiers.download_url
  • Method Factories.PackageUrlFactory.makeFromComponent() got a new optional parameter sort,
    to indicate whether to go the extra mile and bring hashes and qualifiers in alphabetical order.
    This feature switch is related to reproducible builds.

Deprecated

• The sub-namespace FromPackageJson will be known as FromNodePackageJson. (via #148)
  • Factories.FromPackageJson -> Factories.FromNodePackageJson
  • Builders.FromPackageJson -> Builders.FromNodePackageJson

1.1.0

Added

• Support for nested/bundled (sub-)components via Models.Component.components was added, including serialization/normalization of models and impact on dependency graphs rendering. (#132 via #136)
• CycloneDX spec version 1.4 made element Models.Component.version optional.
  Therefore, serialization/normalization with this spec version will no longer render this element if its value is empty. (via #137, #138)

1.0.3

Fixed

• Types.isCPE() for CPE2.3 allows escaped(\) chars &"><, as expected. (via #134)

1.0.2

Maintenance release.

Dependencies

• Widened the range of requirement packageurl-js to >=0.0.6 <0.0.8, was ^0.0.7. (#130 via #131)

1.0.1

Maintenance release.

Misc

• Use TypeScript v4.7.4 now, was v4.6.4. (via #55)

Dependencies

• Raised the requirement of packageurl-js to ^0.0.7, was ^0.0.6. (via #123)