feat!: emit defaults to CycloneDX1.6

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file.
 
 <!-- unreleased changes go here -->
 
+* BREAKING changes
+  * Option `specVersion` defaults to `"1.6"`, was `"1.4"` ([#1329] via [#])
+
+[#1329]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/1329
+
 ## 3.15.0 - 2024-10-19
 
 * Added

README.md

@@ -46,7 +46,7 @@ new CycloneDxWebpackPlugin(options?: object)
 
 | Name | Type | Default | Description |
 |:-----|:----:|:-------:|:------------|
-| **`specVersion`** | `{string}`<br/>one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"` | `"1.4"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
+| **`specVersion`** | `{string}`<br/>one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"` | `"1.6"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
 | **`reproducibleResults`** | `{boolean}` | `false` | Whether to go the extra mile and make the output reproducible.<br/> Reproducibility might result in loss of time- and random-based-values. |
 | **`validateResults`** | `{boolean}` | `true` | Whether to validate the BOM result.<br/>Validation is skipped, if requirements not met. Requires [transitive optional dependencies](https://github.com/CycloneDX/cyclonedx-javascript-library#optional-dependencies). |
 | **`outputLocation`** | `{string}` | `"./cyclonedx"` | Path to write the output to. The path is relative to _webpack_'s overall output path. |

src/plugin.ts

@@ -139,7 +139,7 @@ export class CycloneDxWebpackPlugin {
   collectEvidence: boolean
 
   constructor ({
-    specVersion = CDX.Spec.Version.v1dot4,
+    specVersion = CDX.Spec.Version.v1dot6,
     reproducibleResults = false,
     validateResults = true,
     outputLocation = './cyclonedx',