Merge pull request #710 from Shnatsel/ship-cyclonedx-bom

Ship `cyclonedx-bom` v0.6.0

cargo-cyclonedx/CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.5.1 - UNRELEASED
+
+### Added
+
+ - Emitting CycloneDX 1.5 is now supported. The data emitted is unchanged.
+
 ## 0.5.0 - 2024-03-01
 
 ### Added

cargo-cyclonedx/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cargo-cyclonedx"
-version = "0.5.0"
+version = "0.5.1"
 categories = ["command-line-utilities", "development-tools", "development-tools::cargo-plugins"]
 description = "CycloneDX Software Bill of Materials (SBOM) for Rust Crates"
 keywords = ["sbom", "bom", "components", "dependencies", "owasp"]
@@ -25,7 +25,7 @@ anyhow = "1.0.75"
 cargo-lock = "9.0.0"
 cargo_metadata = "0.18.1"
 clap = { version = "4.4.11", features = ["derive"] }
-cyclonedx-bom = { version = "0.5.0", path = "../cyclonedx-bom" }
+cyclonedx-bom = { version = "0.6.0", path = "../cyclonedx-bom" }
 env_logger = "0.10.0"
 log = "0.4.20"
 once_cell = "1.18.0"

cargo-cyclonedx/src/cli.rs

@@ -97,7 +97,7 @@ Defaults to the host target, as printed by 'rustc -vV'"
     #[clap(long = "license-accept-named", action=ArgAction::Append)]
     pub license_accept_named: Vec<String>,
 
-    /// The CycloneDX specification version to output: `1.3` or `1.4`. Defaults to 1.3
+    /// The CycloneDX specification version to output: `1.3`, `1.4` or `1.5`. Defaults to 1.3
     #[clap(long = "spec-version")]
     pub spec_version: Option<SpecVersion>,
 }

cyclonedx-bom/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.6.0 - 2024-05-22
+
+### Added
+
+ - Added support for CycloneDX version 1.5, necessitating a number of breaking changes to the API.
+ - Added the ability to turn a `NormalizedString` into a `String` without cloning ([#707])
+ - Added the ability to view a number of types as a `&str` to reduce the necessary cloning ([#708])
+ - Added an ability to parse a `serde_json::Value` into a CycloneDX document ([#705])
+ - Added automatic validation of generated JSON against the official CycloneDX schemas ([#653])
+
+### Fixed
+
+ - Added support for `external_references` field on `Tool` introduced in CycloneDX 1.4 but accidentally omitted from the parser ([#709])
+
+### Changed
+
+ - Introduced the `cyclonedx-bom-macros` crate with a proc macro to eliminate copy-pasted code between various spec versions
+ - Multiple refactors to make the code simpler and easier to maintain
+
 ## 0.5.0 - 2024-02-21
 
 ### Changed
@@ -44,3 +63,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#609]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/609
 [#616]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/616
 [#618]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/618
+[#653]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/653
+[#705]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/705
+[#707]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/707
+[#708]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/708
+[#709]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/709

cyclonedx-bom/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cyclonedx-bom"
-version = "0.5.0"
+version = "0.6.0"
 description = "CycloneDX Software Bill of Materials Library"
 categories = []
 keywords = ["sbom", "bom", "components", "dependencies", "owasp"]