Skip to content

v2.3.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 May 09:11
· 122 commits to develop since this release
v2.3.0
89e5eee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Installation

Cargo

cargo install uv-sbom

Python (PyPI)

pip install uv-sbom-bin

Pre-built Binaries

macOS (Apple Silicon):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.3.0/uv-sbom-aarch64-apple-darwin.tar.gz
tar xzf uv-sbom-aarch64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

macOS (Intel):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.3.0/uv-sbom-x86_64-apple-darwin.tar.gz
tar xzf uv-sbom-x86_64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

Linux (x86_64):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v2.3.0/uv-sbom-x86_64-unknown-linux-gnu.tar.gz
tar xzf uv-sbom-x86_64-unknown-linux-gnu.tar.gz
sudo mv uv-sbom /usr/local/bin/

Windows:
Download the .zip file below and extract to your desired location.

Verify Installation

uv-sbom --version

See the README for full documentation.

What's Changed

  • chore(deps): bump actions/cache from 5 to 5.0.4 by @dependabot[bot] in #493
  • chore(deps): bump softprops/action-gh-release from 2 to 2.6.2 by @dependabot[bot] in #494
  • docs: add Dead Code Policy section to CLAUDE.md by @Taketo-Yoda in #495
  • docs(skills): add CHANGELOG enforcement gates to /pr and /release by @Taketo-Yoda in #496
  • feat(domain): add DependencyGraph::find_paths_to for multi-hop chain resolution by @Taketo-Yoda in #500
  • feat(domain): add dependency_chains to ResolutionEntry and ResolutionEntryView by @Taketo-Yoda in #501
  • chore(deps): bump softprops/action-gh-release from 2.6.2 to 3.0.0 by @dependabot[bot] in #503
  • chore(deps): bump actions/cache from 5.0.4 to 5.0.5 by @dependabot[bot] in #504
  • chore(deps): bump the dependencies group with 4 updates by @dependabot[bot] in #505
  • feat(adapters): render Dependency Chains subsection in Markdown Resolution Guide by @Taketo-Yoda in #502
  • docs: add Dependency Chains subsection to README Markdown output example by @Taketo-Yoda in #507
  • chore(deps): bump rustls-webpki from 0.103.12 to 0.103.13 by @dependabot[bot] in #508
  • fix(domain): add package_edges to DependencyGraph for correct multi-hop BFS by @Taketo-Yoda in #510
  • docs(changelog): add Security entry for GHSA-82j2-j2ch-gfr8 (rustls-webpki) by @Taketo-Yoda in #515
  • refactor(adapters): split format into render_required_sections and render_optional_sections by @Taketo-Yoda in #520
  • refactor(adapters): extract test_fixtures module in markdown formatter tests by @Taketo-Yoda in #521
  • refactor(adapters): collapse 16 duplicate i18n tests into parameterized helpers by @Taketo-Yoda in #522
  • refactor(adapters): consolidate section-ordering and vulnerability tests by @Taketo-Yoda in #523
  • refactor(adapters): expand test_fixtures to eliminate inline VulnerabilityView construction by @Taketo-Yoda in #525
  • refactor(application): extract build_resolution_guide_if_applicable from build_with_project by @Taketo-Yoda in #528
  • refactor(application): consolidate test helpers into mod test_helpers in sbom_read_model_builder by @Taketo-Yoda in #529
  • refactor(application): promote test_helpers to pub(crate) and relocate metadata_builder tests by @Taketo-Yoda in #534
  • refactor(application): relocate component_builder and dependency_builder tests to their modules by @Taketo-Yoda in #535
  • refactor(application): relocate vulnerability_builder and resolution_guide_builder tests to their modules by @Taketo-Yoda in #536
  • docs(skills): improve /split — auto-execute issues and always keep parent open by @Taketo-Yoda in #543
  • refactor(application): create FetchLicensesUseCase and wire into GenerateSbomUseCase by @Taketo-Yoda in #544
  • refactor(i18n): move upgrade advisor progress messages to i18n catalog by @Taketo-Yoda in #545
  • refactor(tests): consolidate duplicate MockVulnerabilityRepository into shared test_doubles module by @Taketo-Yoda in #546
  • refactor(tests): extract UseCaseBuilder and redesign MockLockfileReader in generate_sbom tests by @Taketo-Yoda in #547
  • chore(deps): bump reqwest from 0.13.2 to 0.13.3 in the dependencies group by @dependabot[bot] in #548
  • chore(release): prepare v2.3.0 by @Taketo-Yoda in #550
  • chore(release): v2.3.0 by @Taketo-Yoda in #551

Full Changelog: v2.2.0...v2.3.0

Contributors

dependabot and Taketo-Yoda
Assets 6
Loading