Skip to content

v2.1.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 Apr 04:28
· 270 commits to develop since this release
v2.1.0
b1570bd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Installation

Cargo

cargo install uv-sbom

Python (PyPI)

pip install uv-sbom-bin

Pre-built Binaries

macOS (Apple Silicon):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.1.0/uv-sbom-aarch64-apple-darwin.tar.gz
tar xzf uv-sbom-aarch64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

macOS (Intel):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.1.0/uv-sbom-x86_64-apple-darwin.tar.gz
tar xzf uv-sbom-x86_64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

Linux (x86_64):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.1.0/uv-sbom-x86_64-unknown-linux-gnu.tar.gz
tar xzf uv-sbom-x86_64-unknown-linux-gnu.tar.gz
sudo mv uv-sbom /usr/local/bin/

Windows:
Download the .zip file below and extract to your desired location.

Verify Installation

uv-sbom --version

See the README for full documentation.

What's Changed

  • chore(deps): bump rustls-webpki from 0.103.8 to 0.103.10 by @dependabot[bot] in #352
  • refactor(application): extract resolution_guide_builder and upgrade_recommendation_builder [#341] by @Taketo-Yoda in #351
  • refactor(cli): convert cli.rs to cli/ module and extract runner.rs by @Taketo-Yoda in #356
  • refactor(cli): extract MergedConfig and config helpers into config_resolver.rs by @Taketo-Yoda in #357
  • refactor(cli): extract merge_config and its tests into config_resolver.rs by @Taketo-Yoda in #358
  • docs: add Architecture Overview to CLAUDE.md and conditional update step to implement skill by @Taketo-Yoda in #362
  • refactor(adapters): extract build_vulnerability_properties helper in cyclonedx_formatter.rs by @Taketo-Yoda in #363
  • chore(deps): bump the dependencies group with 2 updates by @dependabot[bot] in #364
  • feat(ci): add Dependabot cooldown policy to prevent supply chain attacks by @Taketo-Yoda in #366
  • refactor(adapters): convert cyclonedx_formatter.rs to module and extract schema structs by @Taketo-Yoda in #373
  • docs: strengthen product-vision.md with Structural Barriers, Anti-roadmap, and Feature Decision Flow by @Taketo-Yoda in #374
  • docs: add .claude/feature-triage.md for autonomous AI feature evaluation by @Taketo-Yoda in #375
  • feat(application): add VulnerabilityCountsBySeverity and counts_by_severity() by @Taketo-Yoda in #379
  • docs: add Feature Discussions section to CLAUDE.md for AI-DLC workflow by @Taketo-Yoda in #380
  • docs: add Issue-First Rule to CLAUDE.md by @Taketo-Yoda in #383
  • docs: add /split skill for Issue decomposition workflow by @Taketo-Yoda in #384
  • docs(split): add 200-line PR size guideline to guard rails by @Taketo-Yoda in #387
  • feat(adapters): add i18n strings and render_summary() for Markdown executive summary by @Taketo-Yoda in #388
  • docs(release): add step to filter non-user-facing CHANGELOG entries before release by @Taketo-Yoda in #389
  • docs: add /ideate skill for AI-driven feature ideation workflow by @Taketo-Yoda in #392
  • docs: refactor instructions.md for AI context efficiency by @Taketo-Yoda in #393
  • feat(adapters): wire render_summary() before render_header() in MarkdownFormatter by @Taketo-Yoda in #394
  • fix(markdown): prefer SPDX ID over raw license name in Markdown formatter by @Taketo-Yoda in #395
  • feat(spdx): add missing BSD variant, fix LGPLv2 mapping, add fuzzy suffix normalization by @Taketo-Yoda in #396
  • test(adapters): add unit test for license name fallback when spdx_id is None by @Taketo-Yoda in #401
  • refactor(domain): remove dead-code VulnerabilityRow from vulnerability_checker.rs by @Taketo-Yoda in #402
  • refactor(domain): move is_above_threshold onto ThresholdConfig as a value object method by @Taketo-Yoda in #403
  • chore(deps): bump toml from 1.1.0+spec-1.1.0 to 1.1.1+spec-1.1.0 in the dependencies group by @dependabot[bot] in #404
  • refactor(domain): extract CveFilter as a separate domain service by @Taketo-Yoda in #405
  • test(domain): add unit tests for CveFilter domain service by @Taketo-Yoda in #407
  • docs: create competitive-landscape.md for ongoing competitive tracking by @Taketo-Yoda in #408
  • docs(examples): add license violation demo to sample-project by @Taketo-Yoda in #410
  • fix(i18n): translate license violation count summary line by @Taketo-Yoda in #412
  • chore(release): prepare v2.1.0 by @Taketo-Yoda in #414
  • chore(release): v2.1.0 by @Taketo-Yoda in #415

Full Changelog: v2.0.1...v2.1.0

Contributors

dependabot and Taketo-Yoda
Assets 6
Loading