Releases: CycloneDX/cyclonedx-gomod
Releases · CycloneDX/cyclonedx-gomod
v1.8.0
Changelog
Features
- 80bf19c: feat: change default output version to 1.6 (@nscuro)
- d304d89: feat: dont rely on cyclonedx cli for bom validation (@nscuro)
- 6a03474: feat: switch snapshot tests from xml to json (@nscuro)
Fixes
- 9cddfb0: fix:
fmt.Errorf
->errors.New
(@nscuro) - 7c6357f: fix: exclude schema files from license check (@nscuro)
- 4039a89: fix: failing
InvalidOutputVersion
test (@nscuro) - 1ea4afd: fix: handle breaking change in skywalking-eyes (@nscuro)
- 32c943d: fix: ignore
init
lint failure (@nscuro) - 95bd45c: fix: incorrect
go
directive ingo.mod
(@nscuro) - a05b56d: fix: linter errors (@nscuro)
- 5987947: fix: redact platform-dependent values in snapshot tests (@nscuro)
- f9e550b: fix: remove deprecated goreleaser flag (@nscuro)
Building and Packaging
- 74ef5e8: build(deps): bump actions/checkout from 4.1.2 to 4.1.4 (@dependabot[bot])
- f99b6b7: build(deps): bump actions/checkout from 4.1.4 to 4.1.6 (@dependabot[bot])
- 7535647: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (@dependabot[bot])
- 2d70b1c: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (@dependabot[bot])
- 034893f: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (@dependabot[bot])
- 6ef596d: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (@dependabot[bot])
- 163a3c0: build(deps): bump aquasecurity/trivy-action from 0.19.0 to 0.21.0 (@dependabot[bot])
- a23a7a3: build(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 (@dependabot[bot])
- f571455: build(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 (@dependabot[bot])
- 71b7d69: build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (@dependabot[bot])
- a6fb053: build(deps): bump docker/login-action from 3.1.0 to 3.2.0 (@dependabot[bot])
- f0acfa9: build(deps): bump docker/login-action from 3.2.0 to 3.3.0 (@dependabot[bot])
- 08c1f88: build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.2.0 (@dependabot[bot])
- 61cb8f1: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (@dependabot[bot])
- 1972b88: build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (@dependabot[bot])
- a8a5cc4: build(deps): bump github.com/rs/zerolog from 1.32.0 to 1.33.0 (@dependabot[bot])
- 6d49b2e: build(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (@dependabot[bot])
- f16cdce: build(deps): bump github/codeql-action from 3.25.10 to 3.25.15 (@dependabot[bot])
- c4b79a6: build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (@dependabot[bot])
- f7de6db: build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (@dependabot[bot])
- 36f358f: build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (@dependabot[bot])
- c17db9c: build(deps): bump github/codeql-action from 3.25.8 to 3.25.9 (@dependabot[bot])
- af6e3f3: build(deps): bump github/codeql-action from 3.25.9 to 3.25.10 (@dependabot[bot])
- a1c5a1d: build(deps): bump github/codeql-action from 3.26.0 to 3.26.6 (@dependabot[bot])
- 114d480: build(deps): bump gitpod/workspace-go from
02cae32
to769e7b0
(@dependabot[bot]) - e918dde: build(deps): bump gitpod/workspace-go from
1fd550f
to8d15123
(@dependabot[bot]) - 728ff78: build(deps): bump gitpod/workspace-go from
2a9e01c
to9c95281
(@dependabot[bot]) - 34f111f: build(deps): bump gitpod/workspace-go from
769e7b0
to1fd550f
(@dependabot[bot]) - 5d92fb6: build(deps): bump gitpod/workspace-go from
8d15123
to95d2129
(@dependabot[bot]) - 6c7c413: build(deps): bump gitpod/workspace-go from
95d2129
to2a9e01c
(@dependabot[bot]) - 5b43149: build(deps): bump gitpod/workspace-go from
b746928
to02cae32
(@dependabot[bot]) - 6b73888: build(deps): bump golang from 1.22.2-alpine3.18 to 1.22.3-alpine3.18 (@dependabot[bot])
- da8d897: build(deps): bump golang from
4531927
tod1a601b
(@dependabot[bot]) - 1e7183f: build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 (@dependabot[bot])
- 3aec1a1: build(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 (@dependabot[bot])
- 2f8b783: build(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 (@dependabot[bot])
- d1b2942: build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (@dependabot[bot])
- 6c4db8d: build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 (@dependabot[bot])
- b3b46aa: build(deps): bump golang.org/x/mod from 0.17.0 to 0.18.0 (@dependabot[bot])
- fe7503c: build(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 (@dependabot[bot])
- d619728: build(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 (@dependabot[bot])
- 39845fb: build(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 (@dependabot[bot])
- c59df5e: build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (@dependabot[bot])
- 15182f2: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (@dependabot[bot])
- f3fa84c: build(deps): bump golangci/golangci-lint-action from 5.1.0 to 6.0.1 (@dependabot[bot])
- d085de2: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (@dependabot[bot])
- eb667a9: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (@dependabot[bot])
- fd72f9b: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (@dependabot[bot])
- 86196cf: build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (@dependabot[bot])
- 2f863cc: build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (@dependabot[bot])
- c62c3d8: build: bump go to 1.23.1 (@nscuro)
Documentation
- a934b7f: docs: Fix outdated CDX-version information in README (@ja-he)
- 6ac31ab: docs: update supported spec versions in readme (@nscuro)
Others
- 1fc2435: chore: CodeQL run scheduled and manual (@jkowalleck)
v1.7.0
Changelog
Features
- b7cd1be: feat: build against go 1.22 in ci (@nscuro)
- cab6d46: feat: bump baseline go version to 1.21 (@nscuro)
- 7865448: feat: change default output spec version to v1.5 (@nscuro)
Fixes
- 5b5153e: fix: handle breaking change in
metadata.tools
(@nscuro) - d0fc72d: fix: ignore deprecation lint on legacy
Tool
type (@nscuro) - 4550c9b: fix: spec version validation (@nscuro)
- 8018799: fix: work around broken
#nosec
in gosec (@nscuro)
Building and Packaging
- 75d8eb6: build(deps): bump actions/checkout from 4.1.1 to 4.1.2 (@dependabot[bot])
- 10e3de7: build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (@dependabot[bot])
- 5283b95: build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.19.0 (@dependabot[bot])
- 6bb9fdd: build(deps): bump docker/login-action from 3.0.0 to 3.1.0 (@dependabot[bot])
- 2eaa786: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.8.0 (@dependabot[bot])
- 44906d1: build(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 (@dependabot[bot])
- 63d4b19: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@dependabot[bot])
- fbcff63: build(deps): bump gitpod/workspace-go from
817abc4
tob746928
(@dependabot[bot]) - 06ccb60: build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.2-alpine3.18 (@dependabot[bot])
- f0d95f1: build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 (@dependabot[bot])
- def890a: build(deps): bump golang.org/x/crypto from 0.19.0 to 0.22.0 (@dependabot[bot])
- 78946eb: build(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (@dependabot[bot])
- 46c5b97: build(deps): bump golang.org/x/mod from 0.15.0 to 0.17.0 (@dependabot[bot])
- 268ed52: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@dependabot[bot])
- b64ba8b: build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (@dependabot[bot])
v1.6.0
Changelog
Features
- 6b624c3: feat: support storing file paths relative to module root (#412) (@SweetVishnya)
Building and Packaging
- bc8ce58: build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
- 4164841: build(deps): bump aquasecurity/trivy-action from 0.15.0 to 0.16.0 (@dependabot[bot])
- 5a729d2: build(deps): bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (@dependabot[bot])
- 8ddcae0: build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (@dependabot[bot])
- 573126a: build(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (@dependabot[bot])
- 199d9cb: build(deps): bump github.com/google/uuid from 1.4.0 to 1.6.0 (@dependabot[bot])
- aebe71f: build(deps): bump gitpod/workspace-go from
05594b7
to28c97d8
(@dependabot[bot]) - 11e5bb1: build(deps): bump gitpod/workspace-go from
28c97d8
tod608afb
(@dependabot[bot]) - 1f472e1: build(deps): bump gitpod/workspace-go from
d608afb
to817abc4
(@dependabot[bot]) - 9bf82be: build(deps): bump golang from 1.21.5-alpine3.18 to 1.21.6-alpine3.18 (@dependabot[bot])
- 8fb239a: build(deps): bump golang from
3bd4475
to3354c3a
(@dependabot[bot]) - 9639df6: build(deps): bump golang from
5c1cabd
to9390a99
(@dependabot[bot]) - 8c1bdf3: build(deps): bump golang from
869193e
to3bd4475
(@dependabot[bot]) - 8848013: build(deps): bump golang.org/x/crypto from 0.16.0 to 0.18.0 (@dependabot[bot])
- 331e272: build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (@dependabot[bot])
v1.5.0
Changelog
Fixes
Building and Packaging
- a37e219: build(deps): bump actions/checkout from 3.5.3 to 3.6.0 (@dependabot[bot])
- 3e04af4: build(deps): bump actions/checkout from 3.6.0 to 4.1.0 (@dependabot[bot])
- 4ff23ee: build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])
- 3ba5a9c: build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])
- bb461a2: build(deps): bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (@dependabot[bot])
- 164de0a: build(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.14.0 (@dependabot[bot])
- 0202226: build(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.15.0 (@dependabot[bot])
- 30e7fcd: build(deps): bump docker/login-action from 2.2.0 to 3.0.0 (@dependabot[bot])
- 4ec1675: build(deps): bump docker/setup-qemu-action from 2.2.0 to 3.0.0 (@dependabot[bot])
- b59fb32: build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (@dependabot[bot])
- 3502184: build(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.1 (@dependabot[bot])
- 46e241c: build(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (@dependabot[bot])
- 3c1b101: build(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (@dependabot[bot])
- c948c25: build(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 (@dependabot[bot])
- fa436e1: build(deps): bump gitpod/workspace-go from
0f38231
to06ca870
(@dependabot[bot]) - cfa6134: build(deps): bump gitpod/workspace-go from
487cfd3
to5e45d83
(@dependabot[bot]) - 02f640d: build(deps): bump gitpod/workspace-go from
5e45d83
tod3603c7
(@dependabot[bot]) - d33d175: build(deps): bump gitpod/workspace-go from
6290ac5
to0f38231
(@dependabot[bot]) - 7c165a4: build(deps): bump gitpod/workspace-go from
94ae638
to6290ac5
(@dependabot[bot]) - b2c7596: build(deps): bump gitpod/workspace-go from
d3603c7
to94ae638
(@dependabot[bot]) - 212e79b: build(deps): bump gitpod/workspace-go from
f37c673
to487cfd3
(@dependabot[bot]) - 1ae57dd: build(deps): bump golang from 1.20.7-alpine3.18 to 1.21.5-alpine3.18 (@dependabot[bot])
- cfbeac7: build(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (@dependabot[bot])
- cd3a38f: build(deps): bump golang.org/x/crypto from 0.13.0 to 0.14.0 (@dependabot[bot])
- 9b61805: build(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 (@dependabot[bot])
- d7221f7: build(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (@dependabot[bot])
- 93b808f: build(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (@dependabot[bot])
- cdfb139: build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (@dependabot[bot])
- 2aca6aa: build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (@dependabot[bot])
- 29730f3: build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])
- 13e8204: build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])
- 453ae8f: build(deps): bump sigstore/cosign-installer (@dependabot[bot])
- d9e7a9f: build(deps): bump sigstore/cosign-installer (@dependabot[bot])
- d4df73e: build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (@dependabot[bot])
Others
v1.4.1
Changelog
Features
Fixes
- 38c50d8: fix: errors being logged in json format when they shouldn't (@nscuro)
- 5263237: fix: missing
--yes
flag for cosign (@nscuro) - 8e8abae: fix: permission denied for
/.cache/go-build
in container (@nscuro)
Building and Packaging
- d4306ba: build(deps): bump
golang.org/x/exp
tov0.0.0-20230801115018-d63ba01acd4b
(@nscuro) - 37a2163: build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (@dependabot[bot])
- 98a4440: build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (@dependabot[bot])
- b9166b1: build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])
- 948d7f7: build(deps): bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 (@dependabot[bot])
- 2a011ee: build(deps): bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 (@dependabot[bot])
- 64f406c: build(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (@dependabot[bot])
- 78ec046: build(deps): bump docker/login-action from 2.1.0 to 2.2.0 (@dependabot[bot])
- 6d804fc: build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (@dependabot[bot])
- 6539185: build(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (@dependabot[bot])
- ca27bfc: build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1 (@dependabot[bot])
- e05885e: build(deps): bump github.com/peterbourgon/ff/v3 from 3.3.0 to 3.3.1 (@dependabot[bot])
- 5e0cf1a: build(deps): bump github.com/peterbourgon/ff/v3 from 3.3.1 to 3.3.2 (@dependabot[bot])
- 2361df0: build(deps): bump github.com/peterbourgon/ff/v3 from 3.3.2 to 3.4.0 (@dependabot[bot])
- c1a568a: build(deps): bump github.com/rs/zerolog from 1.29.0 to 1.29.1 (@dependabot[bot])
- 7b58508: build(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 (@dependabot[bot])
- 691bf2b: build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])
- e1aed57: build(deps): bump github/codeql-action from 2.2.11 to 2.3.3 (@dependabot[bot])
- d6d7944: build(deps): bump github/codeql-action from 2.3.3 to 2.13.4 (@dependabot[bot])
- 7126a9f: build(deps): bump gitpod/workspace-go from
08b6bdc
tod7a41f5
(@dependabot[bot]) - ed7fc32: build(deps): bump gitpod/workspace-go from
7bf5091
to08b6bdc
(@dependabot[bot]) - 679615f: build(deps): bump gitpod/workspace-go from
d7a41f5
tof37c673
(@dependabot[bot]) - 05231bc: build(deps): bump golang from 1.20.3-alpine3.16 to 1.20.4-alpine3.16 (@dependabot[bot])
- 369bbce: build(deps): bump golang.org/x/crypto from 0.10.0 to 0.11.0 (@dependabot[bot])
- 695911e: build(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (@dependabot[bot])
- c7047f1: build(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 (@dependabot[bot])
- 5e46093: build(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (@dependabot[bot])
- a711766: build(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (@dependabot[bot])
- 03a27c1: build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (@dependabot[bot])
- ee2b8af: build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (@dependabot[bot])
- 3605c88: build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])
- 94182fc: build(deps): bump sigstore/cosign-installer (@dependabot[bot])
- b64eb5c: build(deps): bump sigstore/cosign-installer (@dependabot[bot])
- f739b28: build(deps): bump sigstore/cosign-installer (@dependabot[bot])
Documentation
Others
v1.4.0
Changelog
Features
- 86d7a92: feat: add GOOS and GOARCH into PURL (#217) (@zdtsw)
- df6b19e: feat: add support for output of older spec versions (@nscuro)
Fixes
- e219a24: fix: module tests for cross-platform compatibility (#253) (@neilnaveen)
Building and Packaging
- e59fa66: build(deps): bump actions/checkout from 3.1.0 to 3.2.0 (@dependabot[bot])
- a18e39d: build(deps): bump actions/checkout from 3.2.0 to 3.3.0 (@dependabot[bot])
- 18adb3e: build(deps): bump actions/checkout from 3.3.0 to 3.5.0 (@dependabot[bot])
- 2907e70: build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (@dependabot[bot])
- a33451c: build(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (@dependabot[bot])
- 0055cba: build(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (@dependabot[bot])
- 2c330f4: build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (@dependabot[bot])
- 99e5f7a: build(deps): bump aquasecurity/trivy-action from 0.6.2 to 0.7.1 (#190) (@dependabot[bot])
- feb93f9: build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (@dependabot[bot])
- 65bdf0b: build(deps): bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (@dependabot[bot])
- 3cf1b61: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.0 to 0.7.1 (@dependabot[bot])
- 4182911: build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.7.0 to 2.8.0 (@dependabot[bot])
- 7aa9e25: build(deps): bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.1 (@dependabot[bot])
- d99f077: build(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 (@dependabot[bot])
- 5cfaac3: build(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 (@dependabot[bot])
- f1c3f57: build(deps): bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 (@dependabot[bot])
- 7479f0a: build(deps): bump github.com/rs/zerolog from 1.27.0 to 1.28.0 (@dependabot[bot])
- 24ba9c2: build(deps): bump github.com/rs/zerolog from 1.28.0 to 1.29.0 (@dependabot[bot])
- 405ca77: build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (@dependabot[bot])
- 6c5a0f6: build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (@dependabot[bot])
- a47841a: build(deps): bump github/codeql-action (@dependabot[bot])
- 98787d9: build(deps): bump github/codeql-action from 2.1.31 to 2.1.36 (@dependabot[bot])
- 99ad277: build(deps): bump github/codeql-action from 2.1.36 to 2.1.39 (@dependabot[bot])
- fe4d108: build(deps): bump github/codeql-action from 2.1.39 to 2.2.5 (@dependabot[bot])
- c44f8f1: build(deps): bump github/codeql-action from 2.2.5 to 2.2.7 (@dependabot[bot])
- 7a2b1b0: build(deps): bump github/codeql-action from 2.2.7 to 2.2.8 (@dependabot[bot])
- 37d77e4: build(deps): bump github/codeql-action from 2.2.8 to 2.2.11 (@dependabot[bot])
- 5f86996: build(deps): bump gitpod/workspace-go from
2be827f
to7bf5091
(@dependabot[bot]) - 8e2f88a: build(deps): bump golang from 1.18.5-alpine3.16 to 1.19.3-alpine3.16 (@dependabot[bot])
- 0dbe27b: build(deps): bump golang from 1.19.3-alpine3.16 to 1.19.4-alpine3.16 (@dependabot[bot])
- 4529125: build(deps): bump golang from 1.19.4-alpine3.16 to 1.19.5-alpine3.16 (@dependabot[bot])
- b27f4b9: build(deps): bump golang from 1.19.5-alpine3.16 to 1.20.2-alpine3.16 (@dependabot[bot])
- 811371b: build(deps): bump golang from 1.20.2-alpine3.16 to 1.20.3-alpine3.16 (@dependabot[bot])
- 20b6a25: build(deps): bump golang from
8558ae6
todc4f475
(@dependabot[bot]) - bedf9f6: build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 (@dependabot[bot])
- 5040afa: build(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 (@dependabot[bot])
- 9e982a2: build(deps): bump golang.org/x/crypto from 0.5.0 to 0.6.0 (@dependabot[bot])
- e091e69: build(deps): bump golang.org/x/crypto from 0.6.0 to 0.7.0 (@dependabot[bot])
- 963cf30: build(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 (@dependabot[bot])
- 993dab0: build(deps): bump golang.org/x/mod (@dependabot[bot])
- 4a2610b: build(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (@dependabot[bot])
- 58c520a: build(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (@dependabot[bot])
- 2b5037c: build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (@dependabot[bot])
- 44d49f4: build(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (@dependabot[bot])
- 896135d: build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (@dependabot[bot])
- 8316594: build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (@dependabot[bot])
- f512843: build(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (@dependabot[bot])
- b851cf6: build(deps): bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (@dependabot[bot])
- ec3a94c: build(deps): bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (@dependabot[bot])
- b2f95c8: build(deps): bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (@dependabot[bot])
- 730898b: build(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#188) (@dependabot[bot])
- 9eb69fa: build(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (@dependabot[bot])
- 9008f06: build(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (@dependabot[bot])
- f5716c2: build(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.1 (@dependabot[bot])
- bc3fb39: build: pin digest of gitpod dockerfile (@nscuro)
- 9a1042a: build: update cyclonedx-cli to 0.24.2 (@nscuro)
Documentation
- a045269: docs: update README.md (#189) (@tusharxoxoxo)
Others
v1.3.0
Changelog
Features
- ba34759: feat: signing artifacts (@developer-guy)
- 1c8f56f: feat: source version information from
debug.BuildInfo
(@nscuro) - 0d7dfab: feat: update to go 1.18 (#139) (@nscuro)
Fixes
- 2fe0a1d: fix(build): invalid env var reference in goreleaser config (#185) (@nscuro)
- 052a7a7: fix(goreleaser): pwd variable is not available in gh actions (#144) (@nscuro)
- 80f2983: fix:
nolint
directive forexhaustive
changed (@nscuro) - 4b23e04: fix: exclude
.dockerignore
from license check (@nscuro) - 038a657: fix: linter complaining about missing
gofmt -s
(#183) (@nscuro)
Building and Packaging
- 402796a: build(actions): set timeout and permissions (@nscuro)
- e6a3c76: build(actions): strip all permissions from ci workflows (@nscuro)
- e8021f3: build(actions): update codeql actions to v2 (@nscuro)
- 8ef6082: build(actions): update cyclonedx cli to v0.24.0 (@nscuro)
- 55398b1: build(actions): update setup-go actions to v3 (@nscuro)
- 17d68e4: build(ci): setup go in lint job (@nscuro)
- 768a18a: build(deps): bump
golang
base image digest to latest available (@nscuro) - a094c57: build(deps): bump actions/checkout from 2 to 3 (@dependabot[bot])
- 1fdb22e: build(deps): bump apache/skywalking-eyes from 0.2.0 to 0.3.0 (@dependabot[bot])
- 49f87c9: build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0 (@dependabot[bot])
- 0a437b5: build(deps): bump aquasecurity/trivy-action from 0.5.0 to 0.5.1 (@dependabot[bot])
- 9945cd1: build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.1 (@dependabot[bot])
- 64d740c: build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.6.2 (@dependabot[bot])
- 2ec4b23: build(deps): bump docker/login-action from 1 to 2 (@dependabot[bot])
- 5d99ee9: build(deps): bump docker/setup-qemu-action from 1 to 2 (@dependabot[bot])
- f634b3c: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (@dependabot[bot])
- 41af8da: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (@dependabot[bot])
- 50d5f06: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.2 to 0.6.0 (@dependabot[bot])
- 33954a5: build(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.3.0 (@dependabot[bot])
- 41c4449: build(deps): bump github.com/rs/zerolog from 1.26.1 to 1.27.0 (@dependabot[bot])
- ab00721: build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (@dependabot[bot])
- 28b2968: build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (@dependabot[bot])
- bd122ce: build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (@dependabot[bot])
- bca69b8: build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (@dependabot[bot])
- 8be980d: build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])
- 5ccaac3: build(deps): bump golang from 1.17.7-alpine3.15 to 1.17.8-alpine3.15 (#137) (@dependabot[bot])
- fd7b21f: build(deps): bump golang from 1.18.3-alpine3.16 to 1.18.4-alpine3.16 (@dependabot[bot])
- 67f5e29: build(deps): bump golang from 1.18.4-alpine3.16 to 1.18.5-alpine3.16 (@dependabot[bot])
- 149c43a: build(deps): bump golang from
46f1fa1
tod84b1ff
(@dependabot[bot]) - 97d00c3: build(deps): bump golang from
d84b1ff
toaf22f4a
(@dependabot[bot]) - 8a88f76: build(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (@dependabot[bot])
- 909060c: build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (@dependabot[bot])
- e223d39: build(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3.0.0 (@dependabot[bot])
- 5221925: build(deps): bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (@dependabot[bot])
- 2ede7c6: build(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (@dependabot[bot])
- 77bbe54: build(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (@dependabot[bot])
- 43584e4: build(gha): pin versions for goreleaser + goreleaser action (@nscuro)
- d000aa5: build(gha): scan dockerfiles with trivy (#165) (@nscuro)
- a6db900: build(goreleaser): update config to use
sboms
feature (@nscuro) - a97d4dc: build: update goreleaser to v1.10.3; cleanup
.goreleaser.yml
(@nscuro) - 966e6fb: build: use the same alpine base image in all dockerfiles (@nscuro)
Documentation
- 20f4629: docs: add brew install instructions (@nscuro)
- 6a0e8e5: docs: do not use quotes for
GOFLAGS
in goreleaser config (@nscuro) - d504393: docs: update goreleaser instructions (@nscuro)
Others
v1.2.0
Changelog
Features
- 684e015: feat: add gitpod configuration (#119) (@nscuro)
- bc4414e: feat: expose sbom generation functionality (#114) (@nscuro)
- 89f78c2: feat: output sboms conforming to spec v1.4 (#125) (@nscuro)
Building and Packaging
- f859705: build(ci): tidy codeql workflow (@nscuro)
- 6b38b1a: build(ci): tidy workflows (@nscuro)
- 5dd1d62: build(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 (@dependabot[bot])
- 4583ba5: build(deps): bump golang from 1.17.3-alpine3.15 to 1.17.5-alpine3.15 (@dependabot[bot])
- 8daa893: build(deps): bump golang from 1.17.5-alpine3.15 to 1.17.6-alpine3.15 (#113) (@dependabot[bot])
- 1fbb8be: build(deps): bump golang from 1.17.6-alpine3.15 to 1.17.7-alpine3.15 (#127) (@dependabot[bot])
- e63ad6d: build(deps): correct image digest for examples base image (@nscuro)
- 1573da5: build(deps): update
golang.org/x/crypto
fromv0.0.0-20211215165025-cf75a172585e
tov0.0.0-20220112180741-5e0467b6c7ce
(@nscuro) - c3f4a52: build(deps): update
golang.org/x/text
fromv0.3.6
tov0.3.7
(@nscuro) - 519f53d: build(goreleaser): use groups for changelog (#121) (@nscuro)
- eb14a12: build: update container base images to go 1.17.4 (@nscuro)
Documentation
- f5f923f: docs(examples): update example sboms (@nscuro)
- 56afa79: docs(examples): use cyclonedx-cli 0.22.0 for validation (@nscuro)
- 594cb15: docs:
Enhancement
->Features
in changelog (@nscuro) - 50b24f3: docs: remove
CHANGELOG.md
(@nscuro) - d309a64: docs: remove unreleased mark for v1.1.0 (@nscuro)
- 8f3727b: docs: update changelog (@nscuro)
- 6cd3ea5: docs: update example sboms (@nscuro)
Others
- 182f622: ci(dependabot): set default reviewers (@nscuro)
- 8210d09: ci: add
develop
branch to workflows (@nscuro) - 83487fb: ci: add license header check (#122) (@nscuro)
- fbdeedd: misc: change tag of
gitpod/workspace-go
tolatest
(@nscuro) - f22debf: refactor:
zerolog.New(io.Discard)
->zerolog.Nop()
(@nscuro) - ac4a859: refactor: decouple license detection logic (#118) (@nscuro)
v1.1.0
Changelog
Enhancements
- Add option to assert detected licenses (#96 via #97)
- This will move licenses from
evidence/licenses
tolicenses
, which helps with SBOM ingestion in some cases
- This will move licenses from
app
: Add option to include packages in application SBOM (#85 via #92)app
: The-packages
and-files
options are now also applied to the standard library component (when-std
is used) (#84 via #92)- Thanks TheDiveO for reporting!
bin
: Add support for build info in binaries built with Go 1.18+ (#86 via #101)- Package URLs now include a
type
qualifier to better differentiate between modules and packages (via1c4b136
)
Breaking Changes
app
:-files
can now only be used in conjunction with-packages
app
: Files are now represented as subcomponents of packages
Miscellaneous
- The
go
prefix is no longer stripped from Go versions- e.g. the standard library module will now appear as
pkg:golang/[email protected]
instead ofpkg:golang/[email protected]
- e.g. the standard library module will now appear as
Dependency Updates
- Update
github.com/rs/zerolog
fromv1.25.0
tov1.26.0
Building and Packaging
- Bump
golang
container base images from1.17.2
to1.17.3
(via #95) - Reference container base images by their SHA digest (#89 via #90)
- Introduce multi-platform container image builds (#87 via #90)
- Bump alpine-based
golang
container base images fromalpine3.14
toalpine3.15
(via47cee81
)
Commits since v1.1.0-alpha.1
- 47cee81 build: update base images to alpine 3.15
- 1f15606 feat: add support for build info in binaries built with go 1.18+ (#101)
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.1.0
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.1
v1.1.0-alpha.1
Changelog
0ec6392 Introduce multi-platform container image builds (#90)
990bd1d build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.6.0 to 2.7.0
1e45c4b build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0
473b2bd build(deps): bump golang base images from 1.17.2 to 1.17.3
c43fe86 feat: add option to assert detected licenses
febc262 feat: add option to include packages in application sbom (#92)
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.1.0-alpha.1
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.1