Skip to content

Releases: CycloneDX/cyclonedx-rust-cargo

0.5.7 - 2024-11-30

30 Nov 01:45
c4c3ba9
Compare
Choose a tag to compare

Release Notes

Added

  • Cargo.lock v4 format stabilized in Rust 1.78 is now supported. ([#772]) Previously the SBOM would be generated but package hashes would not be recorded in presence of v4 lockfiles.
  • The component.author field is now set to comma-separated list of authors ([#770]). We'd like to use component.authors instead once CycloneDX v1.6 is supported.

Install cargo-cyclonedx 0.5.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.7/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.7/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.7

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

0.8.0 - 2024-11-07

07 Nov 14:19
6bdfc87
Compare
Choose a tag to compare

Release Notes

Added

  • Support parsing of empty XML string tags ([#761])
  • Add spec version to bom struct and make validation honor it ([#767])

0.5.6 - 2024-11-07

07 Nov 14:31
6bdfc87
Compare
Choose a tag to compare

Release Notes

Added

Install cargo-cyclonedx 0.5.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.6

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

0.7.0 - 2024-08-06

06 Aug 11:42
76d0b09
Compare
Choose a tag to compare

Release Notes

Changed

  • Made model types pub instead of pub(crate), which allows client code to write more fields in SBOMs ([#758])
  • Removed #[non_exhaustive] from SpecVersion, which was a source of bugs in client code ([#749])
  • Switched from packageurl to purl crate as the PURL implementation ([#746])
  • Removed JSON schema validation from the public API and moved jsonschema to dev-dependencies to combat dependency bloat ([#750])

0.5.5 - 2024-07-01

06 Aug 10:51
0aa3968
Compare
Choose a tag to compare

Release Notes

Changed

  • Build dependencies are now recorded with scope: "excluded", to indicate that they are not used at runtime. ([#755])

Added

  • --no-build-deps flag to omit build dependencies entirely. ([#755])

Install cargo-cyclonedx 0.5.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.5/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.5/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.5

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

0.5.4 - 2024-07-17

17 Jul 11:11
ebc5b4f
Compare
Choose a tag to compare

Release Notes

Fixed

  • Fixed PURLs being percent-encoded incorrectly when using the purl crate v0.1.3 or later ([#746])

Install cargo-cyclonedx 0.5.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.4/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.4/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.4

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

0.6.2 - 2024-07-16

16 Jul 10:51
07a4585
Compare
Choose a tag to compare

Release Notes

Fixed

  • Dropped a lot of unnecessary dependencies pulled in transitively though the jsonschema crate ([#744])

0.6.1 - 2024-06-04

04 Jun 12:22
23e4666
Compare
Choose a tag to compare

Release Notes

Added

  • A series of APIs that serialize and deserialize in the format specified with the SpecVersion enum ([#725])

Fixed

  • Fixed a panic when parsing CycloneDX v1.5 from a serde_json::Value ([#723])

Changed

  • Removed --allow-dirty flag from the publishing workflow so that the provenance of the package uploaded to crates.io can be established ([#724])

0.5.3 - 2024-06-04

04 Jun 20:05
1f17548
Compare
Choose a tag to compare

Release Notes

Added

  • Add metadata to let cargo binstall locate our release binaries ([#727])

Fixed

  • Committed an up-to-date lockfile to ease packaging for downstreams

Install cargo-cyclonedx 0.5.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.3/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.3/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.3

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.5.2 - 2024-06-04

04 Jun 12:29
23e4666
Compare
Choose a tag to compare

Release Notes

Fixed

  • Fixed a panic when outputting CycloneDX v1.5 ([#722])

Changed

  • Removed --allow-dirty flag from the publishing workflow so that the provenance of the package uploaded to crates.io can be established ([#724])

Install cargo-cyclonedx 0.5.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.2/cargo-cyclonedx-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.2/cargo-cyclonedx-installer.ps1 | iex"

Download cargo-cyclonedx 0.5.2

File Platform Checksum
cargo-cyclonedx-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
cargo-cyclonedx-x86_64-apple-darwin.tar.xz Intel macOS checksum
cargo-cyclonedx-x86_64-pc-windows-msvc.zip x64 Windows checksum
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum