Skip to content

Releases: CycloneDX/cyclonedx-gomod

v1.8.0

15 Sep 12:37
3afd22f
Compare
Choose a tag to compare

Changelog

Features

Fixes

Building and Packaging

Documentation

  • a934b7f: docs: Fix outdated CDX-version information in README (@ja-he)
  • 6ac31ab: docs: update supported spec versions in readme (@nscuro)

Others

v1.7.0

06 Apr 23:51
69bfeee
Compare
Choose a tag to compare

Changelog

Features

Fixes

Building and Packaging

  • 75d8eb6: build(deps): bump actions/checkout from 4.1.1 to 4.1.2 (@dependabot[bot])
  • 10e3de7: build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (@dependabot[bot])
  • 5283b95: build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.19.0 (@dependabot[bot])
  • 6bb9fdd: build(deps): bump docker/login-action from 3.0.0 to 3.1.0 (@dependabot[bot])
  • 2eaa786: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.8.0 (@dependabot[bot])
  • 44906d1: build(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 (@dependabot[bot])
  • 63d4b19: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@dependabot[bot])
  • fbcff63: build(deps): bump gitpod/workspace-go from 817abc4 to b746928 (@dependabot[bot])
  • 06ccb60: build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.2-alpine3.18 (@dependabot[bot])
  • f0d95f1: build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 (@dependabot[bot])
  • def890a: build(deps): bump golang.org/x/crypto from 0.19.0 to 0.22.0 (@dependabot[bot])
  • 78946eb: build(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (@dependabot[bot])
  • 46c5b97: build(deps): bump golang.org/x/mod from 0.15.0 to 0.17.0 (@dependabot[bot])
  • 268ed52: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@dependabot[bot])
  • b64ba8b: build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (@dependabot[bot])

v1.6.0

30 Jan 15:59
da20ca2
Compare
Choose a tag to compare

Changelog

Features

Building and Packaging

v1.5.0

06 Dec 20:38
2ad03d6
Compare
Choose a tag to compare

Changelog

Fixes

Building and Packaging

Others

v1.4.1

03 Aug 19:54
c66a4e0
Compare
Choose a tag to compare

Changelog

Features

Fixes

  • 38c50d8: fix: errors being logged in json format when they shouldn't (@nscuro)
  • 5263237: fix: missing --yes flag for cosign (@nscuro)
  • 8e8abae: fix: permission denied for /.cache/go-build in container (@nscuro)

Building and Packaging

Documentation

Others

v1.4.0

13 Apr 17:02
eb31142
Compare
Choose a tag to compare

Changelog

Features

Fixes

Building and Packaging

Documentation

Others

v1.3.0

10 Aug 19:35
2fe0a1d
Compare
Choose a tag to compare

Changelog

Features

Fixes

Building and Packaging

  • 402796a: build(actions): set timeout and permissions (@nscuro)
  • e6a3c76: build(actions): strip all permissions from ci workflows (@nscuro)
  • e8021f3: build(actions): update codeql actions to v2 (@nscuro)
  • 8ef6082: build(actions): update cyclonedx cli to v0.24.0 (@nscuro)
  • 55398b1: build(actions): update setup-go actions to v3 (@nscuro)
  • 17d68e4: build(ci): setup go in lint job (@nscuro)
  • 768a18a: build(deps): bump golang base image digest to latest available (@nscuro)
  • a094c57: build(deps): bump actions/checkout from 2 to 3 (@dependabot[bot])
  • 1fdb22e: build(deps): bump apache/skywalking-eyes from 0.2.0 to 0.3.0 (@dependabot[bot])
  • 49f87c9: build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0 (@dependabot[bot])
  • 0a437b5: build(deps): bump aquasecurity/trivy-action from 0.5.0 to 0.5.1 (@dependabot[bot])
  • 9945cd1: build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.1 (@dependabot[bot])
  • 64d740c: build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.6.2 (@dependabot[bot])
  • 2ec4b23: build(deps): bump docker/login-action from 1 to 2 (@dependabot[bot])
  • 5d99ee9: build(deps): bump docker/setup-qemu-action from 1 to 2 (@dependabot[bot])
  • f634b3c: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (@dependabot[bot])
  • 41af8da: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (@dependabot[bot])
  • 50d5f06: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.2 to 0.6.0 (@dependabot[bot])
  • 33954a5: build(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.3.0 (@dependabot[bot])
  • 41c4449: build(deps): bump github.com/rs/zerolog from 1.26.1 to 1.27.0 (@dependabot[bot])
  • ab00721: build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (@dependabot[bot])
  • 28b2968: build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (@dependabot[bot])
  • bd122ce: build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (@dependabot[bot])
  • bca69b8: build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (@dependabot[bot])
  • 8be980d: build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])
  • 5ccaac3: build(deps): bump golang from 1.17.7-alpine3.15 to 1.17.8-alpine3.15 (#137) (@dependabot[bot])
  • fd7b21f: build(deps): bump golang from 1.18.3-alpine3.16 to 1.18.4-alpine3.16 (@dependabot[bot])
  • 67f5e29: build(deps): bump golang from 1.18.4-alpine3.16 to 1.18.5-alpine3.16 (@dependabot[bot])
  • 149c43a: build(deps): bump golang from 46f1fa1 to d84b1ff (@dependabot[bot])
  • 97d00c3: build(deps): bump golang from d84b1ff to af22f4a (@dependabot[bot])
  • 8a88f76: build(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (@dependabot[bot])
  • 909060c: build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (@dependabot[bot])
  • e223d39: build(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3.0.0 (@dependabot[bot])
  • 5221925: build(deps): bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (@dependabot[bot])
  • 2ede7c6: build(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (@dependabot[bot])
  • 77bbe54: build(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (@dependabot[bot])
  • 43584e4: build(gha): pin versions for goreleaser + goreleaser action (@nscuro)
  • d000aa5: build(gha): scan dockerfiles with trivy (#165) (@nscuro)
  • a6db900: build(goreleaser): update config to use sboms feature (@nscuro)
  • a97d4dc: build: update goreleaser to v1.10.3; cleanup .goreleaser.yml (@nscuro)
  • 966e6fb: build: use the same alpine base image in all dockerfiles (@nscuro)

Documentation

Others

v1.2.0

11 Feb 17:29
ae735b5
Compare
Choose a tag to compare

Changelog

Features

Building and Packaging

  • f859705: build(ci): tidy codeql workflow (@nscuro)
  • 6b38b1a: build(ci): tidy workflows (@nscuro)
  • 5dd1d62: build(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 (@dependabot[bot])
  • 4583ba5: build(deps): bump golang from 1.17.3-alpine3.15 to 1.17.5-alpine3.15 (@dependabot[bot])
  • 8daa893: build(deps): bump golang from 1.17.5-alpine3.15 to 1.17.6-alpine3.15 (#113) (@dependabot[bot])
  • 1fbb8be: build(deps): bump golang from 1.17.6-alpine3.15 to 1.17.7-alpine3.15 (#127) (@dependabot[bot])
  • e63ad6d: build(deps): correct image digest for examples base image (@nscuro)
  • 1573da5: build(deps): update golang.org/x/crypto from v0.0.0-20211215165025-cf75a172585e to v0.0.0-20220112180741-5e0467b6c7ce (@nscuro)
  • c3f4a52: build(deps): update golang.org/x/text from v0.3.6 to v0.3.7 (@nscuro)
  • 519f53d: build(goreleaser): use groups for changelog (#121) (@nscuro)
  • eb14a12: build: update container base images to go 1.17.4 (@nscuro)

Documentation

Others

v1.1.0

03 Dec 21:52
d42e4dc
Compare
Choose a tag to compare

Changelog

Enhancements

  • Add option to assert detected licenses (#96 via #97)
    • This will move licenses from evidence/licenses to licenses, which helps with SBOM ingestion in some cases
  • app: Add option to include packages in application SBOM (#85 via #92)
  • app: The -packages and -files options are now also applied to the standard library component (when -std is used) (#84 via #92)
  • bin: Add support for build info in binaries built with Go 1.18+ (#86 via #101)
  • Package URLs now include a type qualifier to better differentiate between modules and packages (via 1c4b136)

Breaking Changes

  • app: -files can now only be used in conjunction with -packages
  • app: Files are now represented as subcomponents of packages

Miscellaneous

  • The go prefix is no longer stripped from Go versions
    • e.g. the standard library module will now appear as pkg:golang/std@go1.17.3 instead of pkg:golang/std@1.17.3

Dependency Updates

  • Update github.com/rs/zerolog from v1.25.0 to v1.26.0

Building and Packaging

  • Bump golang container base images from 1.17.2 to 1.17.3 (via #95)
  • Reference container base images by their SHA digest (#89 via #90)
  • Introduce multi-platform container image builds (#87 via #90)
  • Bump alpine-based golang container base images from alpine3.14 to alpine3.15 (via 47cee81)

Commits since v1.1.0-alpha.1

  • 47cee81 build: update base images to alpine 3.15
  • 1f15606 feat: add support for build info in binaries built with go 1.18+ (#101)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.1.0
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.1

v1.1.0-alpha.1

21 Nov 18:23
febc262
Compare
Choose a tag to compare
v1.1.0-alpha.1 Pre-release
Pre-release

Changelog

0ec6392 Introduce multi-platform container image builds (#90)
990bd1d build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.6.0 to 2.7.0
1e45c4b build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0
473b2bd build(deps): bump golang base images from 1.17.2 to 1.17.3
c43fe86 feat: add option to assert detected licenses
febc262 feat: add option to include packages in application sbom (#92)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.1.0-alpha.1
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.1