[pull] master from CycloneDX:master#7

Open

pull[bot] wants to merge 138 commits intofahedouch:masterfrom

CycloneDX:master

pull bot commented Feb 9, 2026 •

edited

Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

jkowalleck and others added 19 commits

October 2, 2025 16:50


          SPDX licenses bump automation

fb1e3b0

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>


          Update .github/workflows/update_spdx_licenses.yml

805ed58

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>


          Merge branch 'master' into spdx-schema_pull-latest

e90504b


          Merge branch 'master' into spdx-schema_pull-latest

a6820fb


          Merge branch 'master' into spdx-schema_pull-latest

a333525


          fix(proto): correct 'plain text' typo in AttachedText comment

7ef4b85

Closes #785

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          feat(crypto-registry): add Argon2 (RFC 9106)

eb3e76c

Add Argon2 (RFC 9106) to the Cryptography Registry with a parameterized pattern aligned to RFC terminology.

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(registry): treat Argon2 as kdf and add dkLen

28eacb1

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          feat(crypto-registry): add SP800-90A DRBGs

e45984d

Add CTR_DRBG, Hash_DRBG, and HMAC_DRBG entries with NIST SP800-90Ar1 reference.

Closes #789

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Add Argon2 to algorithmFamiliesEnum

48455b8

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Add ShangMi (SM2/SM3/SM4/SM9) algorithm families (#811)

a62420d

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(registry): extend Argon2 pattern inputs per RFC 9106

8b016c1

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(registry): clarify Argon2 parameter length units (bytes) and exte…

5c762cd

…nd Argon2 pattern inputs per RFC 9106

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Add ShangMi AEAD modes and refine SM9 variants

fd763e5

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          feat(registry): add AES-SIV AEAD variant (RFC 5297) (#763)

0c16394

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Make SM2-256 suffix optional in registry patterns

f21fcb0

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(registry): correct ANSI INCITS 92-1981 reference URL (References #…

f6f0f56

…806)

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(proto): correct 'plain text' typo in AttachedText comment (#786)

f626e70

Corrects a typo in Protocol Buffers schema documentation: "plan text" ->
"plain text" for the example.

Closes #785.


          chore: SPDX licenses bump automation (#703)

2d03abb

fixes #186


this automation will do the following on a daily/scheduled basis
- auto-detect the latest release of SPDX licenses
- update OUR list of known SPDX licenses
- Pull request the changes, if needed

pull bot locked and limited conversation to collaborators

pull bot added the ⤵️ pull label

Mehrn0ush and others added 9 commits

February 12, 2026 14:31


          feat(registry): add SPAKE2 (RFC 9382) and SPAKE2+ (RFC 9383) (#797)

6cd1973

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          feat(registry): add AES-GCM-SIV AEAD variant (RFC8452)

f613597

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Fix HMACXOF typo

77a78b6

Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>


          fix(schema): add SP800-90A DRBG families to algorithmFamiliesEnum

7d6500d

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Merge branch 'master' into feat/crypto-registry-drbg-sp800-90a

e6c0e97

Signed-off-by: Mehrnoush <mehrnoush.vaseghi@gmail.com>


          feat(crypto-registry): add SRP and J-PAKE

70feec9

Add SRP (RFC2945/RFC5054) and J-PAKE (RFC8236) key agreement entries.

Closes #791

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(schema): add SRP and J-PAKE to algorithmFamiliesEnum

a13a7a9

Keep cryptography-defs.schema.json aligned with cryptography-defs.json.

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          Add UMAC (RFC4418) to cryptography registry

a7c7015

Refs #787

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>


          fix(schema): add UMAC to algorithmFamiliesEnum

427116e

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>

jkowalleck and others added 30 commits

March 13, 2026 15:46


          docs: fix scroll-padding-top for XML (#886)

fixes/streamlines XML docs behavior when loading an anchor.

example: https://cyclonedx.org/docs/1.7/xml/#Glossary


          Merge branch 'master' into patch-3

e67f335


          Merge branch 'master' into patch-4

06ee11b


          Merge branch 'master' into patch-5

efe4268


          Merge branch 'master' into patch-6

fcc0861


          Merge branch 'master' into patch-7

e07246d


          Merge branch 'master' into patch-8

40bfa39


          Merge branch 'master' into fix/crypto-registry-deduplicate-md4-md5

bf58178


          Merge branch 'master' into patch-9

a1f0ea6


          Merge branch 'master' into fix/crypto-registry-siphash-primitive

8c6a4fd


          Merge branch 'master' into feat/crypto-registry-aes-ocb

7f400f4


          Add AES-OCB to cryptography registry (#885)

3941d06

Adds AES-OCB to the cryptography registry under the AES family.

Details:
- Primitive: `ae`
- Pattern: `AES[-(128|192|256)]-OCB[-{tagLength}]`
- Standard: RFC 7253



Fixes #884


          Merge branch 'master' into fix/crypto-registry-siphash-primitive

4dce6d1


          Fix SipHash primitive classification in cryptography registry (#883)

e32b374

Changes the SipHash registry entry to classify it as `mac` instead of
`hash`, and updates the reference URL to an archival source.


Fixes #882


          Add ANSI KDFs (#881)

b35d028

Fixes #856


          Deduplicate MD4 and MD5 entries in cryptography registry (#879)

263aa27

Removes duplicate `MD4` and `MD5` family entries from the cryptography
registry.

Fixes #878


          Merge branch 'master' into patch-8

482573e


          Add SP800-56C family (#877)

28f2ce4

Fixes #876


          Merge branch 'master' into patch-6

2634ad5


          Remove dash from SHA-3 hash algorithms (#871)

88d01bf

The official name of the hash algorithms does not contain the dash.


          Remove dash from EdDSA (#870)

9bf7f3c

According to RFC8032, the names are Ed25519ph, Ed25519ctx, and Ed448ph.
There is no dash.


          Add hashAlgorithm to IKE-PRF (#873)

bbc87f7

fixes #872 

Also changes primitive to "kdf" since this is a KDF, not a key agreement
function.


          Merge branch 'master' into patch-3

959e07e


          Separate out AES KW / KWP (#869)

09eea58

Also add some missing standards to AES, partially fixes #834


          Merge branch 'master' into patch-7

8bf6eb0


          Add TLS-PRF family (#875)

ba0154a

Fixes #874

The additional distinction for RFC7627 is to distinguish between usage
of the extended master secret and not.


          Fixed JSON issue

7e5501c

Signed-off-by: Steve Springett <steve@springett.us>


          Fixed JSON issue (#894)

12ea822

Fixed missing comma in JSON


          Add SSH-KDF

46e4878

Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>


          Add SSH-KDF to cryptography registry (#899)

dc1bc04

fixes #898

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels