Fixed
- Qualified PackageURLs (via #1416)
Changed
- Take care of PackageURL generation ourselves, now (via #1416)
Previously, this was done at best-effort by a 3rd-party library.
Dependencies
- Bumped dependency
@cyclonedx/cyclonedx-library@^10.0.0now, was@^8.4.0||^9.0.0(via #1416) - Added dependency
packageurl-js@^2.0.1(via #1416) - Added dependency
spdx-expression-parse@^3.0.1||^4.0.0(via #1416)
What's Changed
- chore(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #1398
- chore(deps): bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #1397
- chore(deps): bump knip from 5.70.2 to 5.76.0 in /tools/test-dependencies by @dependabot[bot] in #1401
- chore: allow use of deprecated symbols until fixed by @jkowalleck in #1410
- chore(ci): modernize CI by @jkowalleck in #1409
- chore(deps): bump knip from 5.76.0 to 5.83.1 in /tools/test-dependencies by @dependabot[bot] in #1412
- ci: test node25 by @jkowalleck in #1421
- chore(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in #1420
- feat: use cyclonedx library ^10.0.0 by @jkowalleck in #1416
- tests: npm ci by @jkowalleck in #1423
- chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies by @dependabot[bot] in #1415
Full Changelog: v4.1.2...v4.2.0