CycloneDX/cdxgen v11.8.0

Release v11.8.0

on GitHub

What's Changed

Breaking Changes 🛠

• pin direct dependencies + simplify pnpm install steps by @prabhu in #2260
• In source arborist with ESM conversion by @prabhu in #2274

🐛 Bug Fixes

• Re-added php and ruby to the binary SBOMs by @malice00 in #2277
• Added support for changed (bug?) format with oras 1.3.0 by @malice00 in #2281
• fix(piptree): prevent UnboundLocalError by logging path (not current_path) in cycle check by @OfekShimko in #2359

🧼 Code Refactoring

• Simplified safeSpawnSync invocations by @prabhu in #2235

🧪 Testing

• Set explicit versions for older Node by @malice00 in #2288

🏗️ Build System

• Added usage of Nexus for RubyGems when running on self-hosted runners by @malice00 in #2225
• Removed 'php' to get rid of the error during the build by @malice00 in #2232
• Added usage of Nexus for downloading NodeJS distributions & source (npm, nvm) when running on self-hosted runners by @malice00 in #2230
• Added usage of Nexus for downloading Ruby source (rbenv) when running on self-hosted runners by @malice00 in #2231
• Reverting the Debian repos on self-hosted was not correct by @malice00 in #2237
• Added usage of Nexus for downloading binaries (releases) from GitHub when running on self-hosted runners by @malice00 in #2239
• Added usage of Nexus for downloading Swift when running on self-hosted runners by @malice00 in #2241
• Added usage of Nexus for downloading Composer when running on self-hosted runners by @malice00 in #2240
• Added action 'pnpm/action-setup' to install pnpm by @malice00 in #2247
• Bazel can also be downloaded from Nexus when running on self-hosted by @malice00 in #2283
• Found some more binary downloads that can be proxied by @malice00 in #2284
• Replaced more 'pnpm install' commands with shorter script by @malice00 in #2286
• Switched actions to use '.nvmrc' file for Node version by @malice00 in #2296
• Set explicit versions in workflows for bun and deno by @malice00 in #2315

📦 Dependency Updates

• chore(deps): update github/codeql-action action to v3.30.0 by @renovate[bot] in #2234
• chore(deps): update actions/setup-go action to v6 by @renovate[bot] in #2245
• chore(deps): update dependency go to v1.25.1 by @renovate[bot] in #2244
• chore(deps): pin pnpm/action-setup action to a7487c7 by @renovate[bot] in #2248
• chore(deps): update actions/setup-python action to v6 by @renovate[bot] in #2246
• chore(deps): update actions/setup-node action to v5 by @renovate[bot] in #2243
• chore(deps): update cachix/install-nix-action action to v31.6.1 by @renovate[bot] in #2250
• chore(deps): update github/codeql-action action to v3.30.1 - autoclosed by @renovate[bot] in #2252
• chore(deps): update softprops/action-gh-release action to v2.3.3 by @renovate[bot] in #2253
• chore(deps): update dependency @biomejs/biome to v2.2.3 by @renovate[bot] in #2251
• chore(deps): update dependency prebuild to v13.0.1 by @renovate[bot] in #2266
• chore(deps): update github/codeql-action action to v3.30.2 by @renovate[bot] in #2271
• chore(deps): update oras-project/setup-oras action to v1.2.4 by @renovate[bot] in #2272
• chore(deps): update sbt/setup-sbt action to v1.1.13 by @renovate[bot] in #2273
• chore(deps): update dependency statuses to v2.0.2 by @renovate[bot] in #2268
• chore(deps): update dependency lru-cache to v11.2.1 by @renovate[bot] in #2269
• chore(deps): update dependency tar-fs to v3.1.0 by @renovate[bot] in #2275
• chore(deps): update dependency lru-cache to v11.2.1 by @renovate[bot] in #2279
• chore(deps): pin shivammathur/setup-php action to ec406be by @renovate[bot] in #2278
• chore(deps): update shivammathur/setup-php action to v2.35.4 by @renovate[bot] in #2280
• chore(deps): update github/codeql-action action to v3.30.3 by @renovate[bot] in #2293
• chore(deps): update dependency @biomejs/biome to v2.2.4 by @renovate[bot] in #2292
• chore: configure node minimum release age to 14 days by @setchy in #2304
• chore(renovate): devengine runtime updates by @setchy in #2305
• chore(renovate): devengine packageManager updates by @setchy in #2308
• chore(renovate): configure dockerfile minor, patch, pin, digest by @setchy in #2309
• chore(deps): update eclipse-temurin docker tag to v21.0.8_9-jdk-alpine by @renovate[bot] in #2318
• chore(config): migrate renovate config - autoclosed by @renovate[bot] in #2320
• config(renovate): limit docker images for specific runtimes to patch and digest by @setchy in #2329
• chore(deps): update node.js to v24.7.0 by @renovate[bot] in #2291
• chore(deps): update node.js to v22.19.0 by @renovate[bot] in #2332
• chore(deps): update node.js to v20.19.5 by @renovate[bot] in #2338
• chore(deps): update node.js to v21.7.3 by @renovate[bot] in #2339
• chore(deps): update node.js to v23.11.1 by @renovate[bot] in #2340
• chore(deps): update ruby/setup-ruby action to v1.259.0 by @renovate[bot] in #2337
• chore(deps): update shivammathur/setup-php action to v2.35.5 by @renovate[bot] in #2335
• config(renovate): docker pin digest by @setchy in #2330
• chore(deps): update gradle to v7.6.6 by @renovate[bot] in #2351
• chore(deps): update dependency golang to v1.25.1 by @renovate[bot] in #2348
• chore(deps): update ruby docker tag to v3.4.6 by @renovate[bot] in #2341
• fix(deps): update dependency got to v14.4.9 by @renovate[bot] in #2354
• chore(deps): update dependency bun to v1.2.22 by @renovate[bot] in #2306
• chore(deps): update dependency deno to v2.5.1 by @renovate[bot] in #2307
• Added minimum release age for dependencies in pnpm by @malice00 in #2356
• chore(deps): update node.js to v24.8.0 by @renovate[bot] in #2342
• chore(deps): update pnpm to v10.17.0 by @renovate[bot] in #2299
• chore(deps): update ruby/setup-ruby action to v1.261.0 by @renovate[bot] in #2358
• chore(deps): update dependency python to 3.13 by @renovate[bot] in #2353

Other Changes

• refactor: parsedList dependencies condition by @setchy in #2226
• refactor: cdxgen version by @setchy in #2227
• refactor: use main instead of master by @setchy in #2229
• Added version-output to the verify-script help by @malice00 in #2261
• Using pnpm on Windows binaries as well by @malice00 in #2267
• Fix undefined SrcFile for root pyproject.toml causing crash in postgen.js (#2236) by @HalaAli198 in #2238
• fix: ignore non-existing paths on post-build container image scans by @taleodor in #2255
• Update 1.7 specification based on latest dev release by @prabhu in #2276
• Made curl not silent and follow relocations by @malice00 in #2282
• Updated all packages and tools in the rolling image by @malice00 in #2285
• Updated older Node versions and set explicit image-versions by @malice00 in #2289
• Add yarn workspace support by @molatif-dev in #2295
• GitHub Actions workflow parsing improvements by @prabhu in #2302
• fix: remove unused env var by @setchy in #2310
• Shaded namespace detection by @prabhu in #2311
• Update swift. Update plugins to get .Net 10 and swift 6.2 support. by @prabhu in #2314
• config: renovate ignore github action as author by @setchy in #2324
• build: renovate config validator by @setchy in #2323
• Reading node versions for matrix from files by @malice00 in #2316
• refactor(docker): rename ruby filename to match others by @setchy in #2343
• refactor: docker base image version precision by @setchy in #2331
• Revert "config(renovate): docker pin digest" by @setchy in #2344
• renovate: node version datasource by @setchy in #2345
• config(renovate): golang versions by @setchy in #2347
• config(renovate): maven versions by @setchy in #2349
• config(renovate): gradle versions by @setchy in #2350

New Contributors

• @HalaAli198 made their first contribution in #2238
• @taleodor made their first contribution in #2255
• @molatif-dev made their first contribution in #2295

Thank you all for your contributions!

Full Changelog: v11.7.0...v11.8.0