6.1.3

Fixed

• Possible bug in XML serialization of undefined children (via #1000)

Build

• Use TypeScript v5.3.3 now, was v5.3.2 (via #999)

---

What's Changed

• refactor: optimize maps by @jkowalleck in #997
• refactor: use TS5.3 syntax for json import by @jkowalleck in #998
• chore(deps-dev): bump the typescript group with 1 update by @dependabot in #999
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #1000

Full Changelog: v6.1.2...v6.1.3

6.1.2

Maintenance release.

Misc

• Widened dependency spdx-expression-parse@^3.0.1||^4, was @^3.0.1 (via #993)
• CI/CT: test also with Node.js v21 (via #995)

---

What's Changed

• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #994
• chore(deps): bump the spdx group with 1 update by @dependabot in #993
• ci: test node21 by @jkowalleck in #995

Full Changelog: v6.1.1...v6.1.2

6.1.1

Maintenance release.

Style

• Apply latest code style guide (via #988, #990)

Build

• Use TypeScript v5.3.2 now, was v5.2.2 (via #990)
• Use ts-loader v9.5.1 now, was v9.5.0 (via #990)

---

What's Changed

• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #986
• chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #988
• chore(deps-dev): bump the typescript group with 2 updates by @dependabot in #990

Full Changelog: v6.1.0...v6.1.1

6.1.0

Added

• Class Models.ExternalReference got a new property hashes (#984 via #985)
• Serializers and ExternalReference-Normalizers will take Models.ExternalReference.hashes into account (#984 via #985)

Build

• Use Webpack v5.89.0 now, was v5.88.2 (via #979)
• Use ts-loader v9.5.0 now, was v9.4.4 (via #977)

---

What's Changed

• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #968
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #970
• chore(deps): bump actions/checkout from 3 to 4 by @dependabot in #969
• tests: add functional test for validators by @jkowalleck in #972
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #973
• style: better readability for schema-downloader tool by @jkowalleck in #974
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #975
• chore(deps-dev): bump the eslint group with 3 updates by @dependabot in #976
• chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #978
• chore(deps-dev): bump the webpack group with 1 update by @dependabot in #979
• chore(deps-dev): bump the typescript group with 1 update by @dependabot in #977
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #980
• refactor: marm some internals as readonly by @jkowalleck in #982
• chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #981
• chore(deps-dev): bump the eslint group with 1 update by @dependabot in #983
• feat: add ExternalReferences[].hashes by @jkowalleck in #985

Full Changelog: v6.0.0...v6.1.0

6.0.0

BREAKING

• Interface Spec.Protocol was removed from public API (#957 via #958)
  This is only a breaking change if you used this TypeScript interface downstream; internal usage is non-breaking.
  This change was necessary, so that implementing more spec-features cause no breaking changes.

Build

• Use TypeScript v5.2.2 now, was v5.1.6 (via #966)

---

Full Changelog: v5.0.0...v6.0.0

5.0.0

BREAKING

• Interface Spec.Protocol now defines new mandatory methods (via #946)
  This is only a breaking change if you custom-implemented this interface downstream; internal usage is non-breaking.

Added

• New enum Enums.Lifecycle with corresponding values from CycloneDX Specification-1.5 (#937 via #946)
• New class Models.NamedLifecycle (#937 via #946)
• New class Models.LifecycleRepository (#937 via #946)
• Class Models.Metadata got a new property lifecycles (#937 via #946)
• Serializers and Metadata-Normalizers will take Models.Metadata.lifecycles into account (#937 via #946)

Build

• Use Webpack v5.88.2 now, was v5.88.1 (via #933)

---

Full Changelog: v4.0.0...v5.0.0

4.0.0

BREAKING

• Usage of this library in web browsers might no longer work out of the box (via #880)
  It might require a bundler/packer for web; see the examples/web/.
  This is only a breaking change if you used this library in a web browser.

Fixed

• Properly exclude external packages when preparing this library for web browsers (#883 via #880)

Examples

• Adjusted and extended examples for usage in web browsers (#883 via #880)
  Removed outdated examples/web/*, added examples/web/parcel & examples/web/webpack.
• Added examples for usage of CDX.Factories.PackageUrlFactory (via #882, #886)

Build

• Use TypeScript v5.1.6 now, was v5.1.5 (via #866)
• Use Webpack v5.88.1 now, was v5.88.0 (via #870)
• Apply wider rules for externals for in Webpack build (#883 via #880)

---

Full Changelog: v3.0.0...v4.0.0

3.0.0

Added support for CycloneDX Specification-1.5.
Added functionality regarding CycloneDX BOM-Link.

---

BREAKING

• Interface Spec.Protocol now defines new mandatory methods (via #843)
  This is only a breaking change if you custom-implemented this interface downstream; internal usage is non-breaking.

Changed

• Normalizers support CycloneDX Specification-1.5 (#505 via #843)
• Validators support CycloneDX Specification-1.5 (#505 via #843)
• Some models' properties were widened to support CycloneDX BOM-Link (via #856)

Added

• Existing Enums got new members and values for CycloneDX Specification-1.5 (#505 via #843)
• Namespace Spec was enhanced for CycloneDX Specification-1.5 (#505 via #843)
• Dedicated classes and types for CycloneDX BOM-Link (via #843, #856, #857)

API changes v3 - the details

see https://github.com/CycloneDX/cyclonedx-javascript-library/blob/v3.0.0/HISTORY.md#api-changes-v3---the-details

---

Full Changelog: v2.1.0...v3.0.0

2.1.0

Changed

• Classes Serialize.Xml.Normalize.Vulnerability*Normalizer are now public available (via #816)
  Previously, only instances were available via Serialize.Xml.Normalize.Factory.makeForVulnerability*().

Build

• Use TypeScript v5.1.3 now, was v5.0.4. (via #790)
• Use Webpack v5.86.0 now, was v5.82.1 (via #802)

---

Full Changelog: v2.0.0...v2.1.0

2.0.0

Improved license detection.
Finished Vulnerability capabilities.
Added ComponentEvidence capabilities.

---

BREAKING

• Method Factories.LicenseFactory.makeFromString() was changed in its behavior (#271, #530 via #547)
  It will try to create Models.SpdxLicense if value is eligible,
  else try to create Models.LicenseExpression if value is eligible,
  else fall back to Models.NamedLicense.
• revisited sort and compare:
  • Methods Models.*.compare() may return different numbers than before.
  • Methods Models.*.sorted() may return different orders than before.
• Removed deprecated symbols (#747 via #752)

Changed

• Removed beta state from symbols {Enums,Models}.Vulnerability.* (#164 via #722)
  The structures are defined as stable now.
• Some property/parameter types were widened, enabling the use of Buffer and other data-saving mechanisms (#406, #516 via #753)

Added

• New data models and serialization/normalization for Models.ComponentEvidence (#516 via #753)
• Serializers and Component-Normalizers will take Models.Component.evidence into account (#516 via #753)
• Serializers and Bom-Normalizers will take Models.Bom.vulnerabilities into account (#164 via #722)

Misc

• Internal rework, modernization, refactoring.

API changes v2 - the details

see https://github.com/CycloneDX/cyclonedx-javascript-library/blob/v2.0.0/HISTORY.md#api-changes-v2---the-details

---

Full Changelog: v1.14.0...v2.0.0

---

New Contributors

• @xmasoracle made their first contribution in #722