CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.4.1]

Changed

• Minimum Ruby version is now v2.6.3 so the Array.union function can be used.

Fixed

• Improved performance when analyzing a Podfile with many pods. (Issue #78) @macblazer.

[1.4.0]

Added

• Added evidence element to the component output to indicate that we are doing manifest analysis to generate the bom. (Issue #69) @macblazer.

Fixed

• Added top level dependencies when the metadata/component is specified (by using the --name, --version, and --type parameters). (PR #70) @fnxpt
• Properly concatenate paths to Podfile and Podfile.lock (with unit tests!). (Issue #71) @macblazer.

[1.3.0]

Added

• Added optional --shortened-strings CLI parameter to limit the author, publisher, and purl lengths. (Issue #65) @macblazer.

Changed

• Updated to use v1.5 of the CycloneDX specification. (Issue #57) @macblazer
• Code cleanup based on RuboCop analysis. (Issue #45) @macblazer.

Fixed

• Following the specification to put the bom-ref attribute on component instead of as a bomRef element of component. @macblazer.

[1.2.0]

Added

• Includes dependency relationship information for each of the components. (Issue #58) @fnxpt.

Changed

• Components and dependencies are output in alphabetically sorted order by purl to increase reproducability of BOM generation. (Issue #59) @macblazer.

[1.1.2]

Changed

• Updated gem dependency for cocoapods to be minimum v1.10.1 up to anything less than v2. (Issue #51) @macblazer.
• Updated gem dependency for nokogiri to be minimum v1.11.2 up to anything less than v2. @macblazer.
• Updated README.md with a description of what happens with pods or Podfiles that use subspecs. (Issue #52) @macblazer.

Fixed

• Fixed parsing of a Podfile that uses CocoaPods plugins. (PR #55) @DwayneCoussement.

[1.1.1]

Changed

• Better error messaging when a problem is encountered while gathering pod information (Issue #48) @macblazer.

Fixed

• Including a pod that has a platform-specific dependency for an unused platform no longer causes a crash (Issue #46) @macblazer.
• Analyzing a Podfile that has no pods defined in it no longer causes a crash @macblazer.

[1.1.0]

Added

• Can now eliminate Podfile targets that include "test" in their name (Issue #43) @macblazer.

[1.0.0]

Added

• Local pods now use the file_name purl qualifier (Issue #11) @macblazer.
• Gathering more info for local pods, Git based pods, and podspec based pods (Issues #11, #12, and #13) @macblazer.
• Added a small section in the README.md for contributors and how to set up for local development @macblazer.
• Added this CHANGELOG.md file @macblazer.

Changed

• Removed the cyclonedx-cocoapods dependencies from the list of tools in the bom metadata (Issue #29) @macblazer.
• Changed copyright to OWASP Foundation (Issue #36) @macblazer.

[0.1.1]

• Initial publication. @jgongo