v0.7.2

This is a bugfix release that ships with minimal support for the CycloneDX v1.5 specification.

Full support is being worked on and planned to be released soon. The progress may be tracked in #90.

The reason for publishing partial support like this is to allow the consumption of v1.5 BOMs, which fails with cyclonedx-go <= v0.7.1.

Warning
The default SpecVersion has been updated to SpecVersion1_5. If your application generates BOMs, and you're not ready (or willing) to distribute BOMs following the v1.5 specification yet, consider using EncodeVersion to generate output for an older version of the spec.

Changelog

Features

• 7128a92: feat: raise baseline go version to 1.18 (@nscuro)

Fixes

• ff719b6: fix: unmarshal bom on v1.5 return invalid specification version (@chen-keinan)

Building and Packaging

• 966c223: build(deps): bump CycloneDX/gh-gomod-generate-sbom from 1.1.0 to 2.0.0 (@dependabot[bot])
• 1e83e85: build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (@dependabot[bot])
• 78f6593: build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (@dependabot[bot])
• 868f6db: build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (@dependabot[bot])
• 5885827: build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])
• d772b54: build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])
• 578e862: build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])
• f83e6a7: build(deps): bump gitpod/workspace-go from 2be827f to 910daeb (@dependabot[bot])
• cd7b23a: build(deps): bump gitpod/workspace-go from 910daeb to d7a41f5 (@dependabot[bot])
• 668553d: build(deps): bump gitpod/workspace-go from d7a41f5 to f37c673 (@dependabot[bot])
• d9a5f8c: build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (@dependabot[bot])
• 66f96df: build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (@dependabot[bot])
• 8b51c39: build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (@dependabot[bot])
• e44f7de: build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])
• 6360fe1: build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])

Others

• a069906: feat(spec1-5): add initial support for spec v1.5 (@nscuro)
• 67a7567: feat(spec1-5): add licensing, license properties, and license bom-ref (@nscuro)
• d2f3bb9: feat(spec1-5): add lifecycle support (@nscuro)
• eb041b5: feat(spec1-5): add new component types (@nscuro)
• c45ba61: feat(spec1-5): add new external reference types (@nscuro)
• d84947d: feat(spec1-5): add support for annotations (@nscuro)
• 0ba0496: feat(spec1-5): bump schema to 1.5 for round-trip tests (@nscuro)
• 4e20914: misc(dx): add project icon for intellij and goland (@nscuro)