1.14.0-rc.0

v1.14.0-rc.0

prerelease 1.14.0-rc.0

1.13.3

Fixed

• Serialize.{JSON,XML}.Normalize.LicenseNormalizer.normalizeIterable() now omits invalid license combinations (#602 via #623)
  If there is any Models.LicenseExpression, then this is the only license normalized; otherwise all licenses are normalized.

Docs

• Fixed link to CycloneDX-specification in README (via #617)

---

Full Changelog: v1.13.2...v1.13.3

1.13.2

Fixed

• Builders.FromNodePackageJson.ComponentBuilder no longer cuts component's name after a slash(/) (#599 via #600)

---

Full Changelog: v1.13.1...v1.13.2

1.13.1

Docs

• Announce and annotate the generator for BOM's SerialNumber (#588 via #598)

---

Full Changelog: v1.13.0...v1.13.1

1.13.0

Fixed

• "Bom.serialNumber" data model can have values following the alternative format allowed in CycloneDX XML specification (#588 via #597)
• Serialize.{JSON,XML}.Normalize.BomNormalizer.normalize now omits invalid/unsupported values for serialNumber (#588 via #597)

Changed

• Property Models.Bom.serialNumber is of type string, was type-aliased Types.UrnUuid = string (#588 via #597)
  Also, the setter no longer throws exceptions, since no string format is illegal.
  This is considered a non-breaking behavior change, because the corresponding normalizers assure valid data results.

Added

• Published generator for BOM's SerialNumber: Utils.BomUtility.randomSerialNumber() (#588 via #597)
  The code was donated from cyclonedx-node-npm.

Deprecation

• Type alias Types.UrnUuid = string became deprecated (via #597)
  Use type string instead.
• Function Types.isUrnUuid became deprecated (via #597)

---

Full Changelog: v1.12.1...v1.13.0

1.12.2

Fixed

• Digesting this library in TypeScript build with ECMAScript module results works as expected, now (via #596)

Docs

• Development-docs are no longer packed with releases (via #572)

Misc

• Added more integration tests in CI (via #596)

---

Full Changelog: v1.12.1...v1.12.2

1.12.1

Maintenance release.

---

Full Changelog: v1.12.0...v1.12.1

1.12.0

Docs

• Made it clear, that {Builders,Factories}.{FromNodePackageJson,FromPackageJson}.* functionality is to be run on already normalized structures. (#517 via #518)
  Normalization should be done downstream, for example via normalize-package-data.

---

Full Changelog: v1.10.0...v1.12.0

1.11.0

Added

• New vulnerability-related enums were added in a new namespace Enums.Vulnerability (#164 via #419)
  Release stage is “beta”. These namespace and enums have been released to third-party developers experimentally for the purpose of collecting feedback. These enums should not be used in production, because their contracts may change without notice.
  • AffectStatus
  • AnalysisJustification
  • AnalysisResponse
  • AnalysisState
  • RatingMethod
  • Severity
• New vulnerability-related models were added in a new namespace Models.Vulnerability (#164 via #419)
  Release stage is “beta”. These namespace and models have been released to third-party developers experimentally for the purpose of collecting feedback. These models should not be used in production, because their contracts may change without notice.
  Attention: The models are not yet supported by shipped serializers nor shipped normalizers.
  • Advisory, AdvisoryRepository
  • Affect, AffectRepository, AffectedSingleVersion, AffectedVersionRange, AffectedVersionRepository
  • Analysis
  • Credits
  • Rating, RatingRepository
  • Reference, ReferenceRepository
  • Source
  • Vulnerability, VulnerabilityRepository
• New class Models.OrganizationalEntityRepository to represent a collection of Models.OrganizationalEntity (via #419)
  Additionally, Models.OrganizationalEntity.compare() was implemented.
• New types and related functionality Common Weaknesses Enumerations (CWE) were added (via #419)
  Release stage is “beta”. These types, functions and classes have been released to third-party developers experimentally for the purpose of collecting feedback. These types, functions and classes should not be used in production, because their contracts may change without notice.
  • type Types.CWE
  • runtime validation Types.isCWE()
  • class Types.CweRepository

Docs

• Use TSDoc syntax in TypeScript files, instead of JSDoc (via #318, #453)

Build

• Use TypeScript v4.9.5 now, was v4.9.4. (via #463)

Misc

• Added tests for internal helpers (via #454)
• Use [email protected] now, was 33.0.0 (via #460)

---

New Contributors

• @thepwagner made their first contribution in #419

---

Full Changelog: v1.10.0...v1.11.0

1.10.0

Added

• Typing: Interfaces of models' optional properties are now public API (#439 via #440)
• Ship TypeDoc configuration, so that users can build the documentation on demand (#57 via #436)

Fixed

• XML serializer now properly throws UnsupportedFormatError if it is unsupported by the supplied Spec (via #438)

Misc

• Added tests for internal helpers (via #431)
• Added more internal sortable data types (via #165)
• Fixed type hints in internals (via #432)
• Fixed type refs and links in doc-strings (via #437)
• Slightly improved performance of compare methods when reproducible results were needed (via #433)
• Use [email protected] now, was 23.0.0 (via #382, #423, #445)

---

Full Changelog: v1.9.2...v1.10.0