4.1.0

Added

• New optional dependency @cyclonedx/yarn-plugin-cyclonedx (via #365)
  This is a package for generating SBOM from yarn projects.

---

What's Changed

• chore(deps): Bump pnpm/action-setup from 3.0.0 to 4.0.0 by @dependabot in #364
• announce yarn plugin by @jkowalleck in #365

Full Changelog: v4.0.5...v4.1.0

4.0.5

Maintenance release

Docs

• Acknowledge tools for Rollup, Vite (via #363)

---

What's Changed

• chore(ci): fix macos runner by @jkowalleck in #361
• chore: use node22 in CI/CT by @jkowalleck in #360
• docs: add rollup-plugin-sbom to out of scope section by @janbiasi in #363

New Contributors

• @janbiasi made their first contribution in #363

Full Changelog: v4.0.4...v4.0.5

4.0.4

Maintenance release

Docs

• Acknowledge tools for yarn, esbuild, Rspack/Rsbuid, Svelte (via #359)

---

What's Changed

• ci: run node18 by @jkowalleck in #347
• chore: release process allow previews by @jkowalleck in #348
• chore: ci uses node20 by @jkowalleck in #350
• chore: ci scheduled for Sundays by @jkowalleck in #351
• Bump pnpm/action-setup from 2.2.4 to 2.4.0 by @dependabot in #354
• Bump actions/checkout from 3 to 4 by @dependabot in #355
• Bump actions/setup-node from 3 to 4 by @dependabot in #356
• Bump softprops/action-gh-release from 1 to 2 by @dependabot in #358
• Bump pnpm/action-setup from 2.4.0 to 3.0.0 by @dependabot in #357
• docs: add yarn, esbuild, Rspack/Rsbuild, Svelte by @jkowalleck in #359

Full Changelog: v4.0.3...v4.0.4

4.0.3

Docs

• fix CI/CT shield (badges/shields#8671 via #346)

4.0.2

Docs

• Fixed some typos

4.0.1

Docs:

• Describe the "Out of Scope" section (via #342)
• Fixed some typos

4.0.0

⚠️ BREAKING CHANGES

This package became a so-called meta-package, it does no longer ship any own functionality, but it is a collection of dependencies. (via #321)

This package's dependencies are tools with one purpose in common: generate CycloneDX Software Bill-of-Materials (SBOM) from node-based projects.

• for npm-based projects: @cyclonedx/cyclonedx-npm
• for yarn-based projects: to be announced
• for pnpm-based projects: to be announced

If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.

Previous versions

This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.

Previous versions of this very package are still available via npmjs versions and github releases.

4.0.0-rc.1

v4.0.0-rc.1

4.0.0-rc.1

3.10.6

Misc

• Own in-code license text comments should no longer get stripped by downstream tooling. (#305 via #326)

3.10.4

Misc

• CI: fixed SBOM gathering for the bundled application in the docker image.