v4.0.2
API BREAKING CHANGES
- Please see #1028 for details
New features
- This release enables SPDX 3.0 support in generation and validation (not yet in redaction). Specify the
-mi:SPDX3.0parameter on the command line to enable the new functionality. Please see #1027 for more details.
⚙️ Changes
- Tidy interfaces just a bit by @DaveTryon (#1044)
- Generate only supported manifests, get target configs, and use SourcesProviders as the source of truth by @pragnya17 (#1043)
- Avoid Exception if an unsupported format is requested by @DaveTryon (#1034)
- Teach ManifestValidator about extensions by @DaveTryon (#1033)
- Rename NTIA to NTIAMin - no functional changes by @DaveTryon (#1031)
- Rename "Compliance" to "Conformance" by @DaveTryon (#1030)
- Add ability to pass additional telemetry data back from ISignValidator.Validate by @DaveTryon (#1026)
- Fix SPDX 3.0 relationship generation by @pragnya17 (#1015)
- Fix casing of ValidatedSbomFactory.CreateValidatedSBOM by @DaveTryon (#1023)
- Bug fix for supplier and suppliedBy for root package in SPDX 3.0 by @pragnya17 (#1019)
- NoAssertion bug for SBOM file and package generation by @pragnya17 (#1016)
- Package DependOnId bug fix by @pragnya17 (#1017)
- Add null check for SPDX 3.0 external identifiers by @pragnya17 (#1020)
- Update spdx22 external doc ref extension by @pragnya17 (#1018)
- Add AdditionalComponentDetectorArgs to RuntimeConfiguration by @MichielOda (#996)
- Add SPDX 3.0 extensions to convert to internal SBOM components by @pragnya17 (#1012)
- External Map generation bug by @pragnya17 (#1014)
- Introduce new telemetry method to record signature validation results by @ZhengHong-Tan (#1002)
- Write E2E tests for validation success and failure (SPDX 2.2 and 3.0) by @pragnya17 (#1005)
- Refactor SPDX 3.0 extension methods by @pragnya17 (#1001)
- Move spdx extensions to common utils and refactor SPDX 2.2 by @pragnya17 (#998)
- Validate compliance standard for SPDX 3.0 by @pragnya17 (#992)
- Fix SPDX 3.0 manifest missing files bug by @pragnya17 (#997)
- Add DotNet Component Adapter by @grvillic (#994)
- Don't run auto-comment workflow on PR's from forks by @DaveTryon (#1000)
- build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] (#990)
- Delay E2E tests until other test projects have built by @DaveTryon (#985)
- Remove suppression of IDE0040 by @DaveTryon (#984)
- Address new warnings from .NET 9 by @DaveTryon (#982)
- Fix problems running E2E tests locally by @DaveTryon (#957)
- Refactor GenerationResult to restore the original behavior of writing JSON arrays for SPDX 2.2 by @pragnya17 (#975)
- Throw validation error if customer attempts to redact SPDX 3.0 SBOM by @pragnya17 (#977)
- build(deps): bump System.Threading.Tasks.Extensions from 4.6.0 to 4.6.1 by @dependabot[bot] (#978)
- build(deps): bump Microsoft.Testing.Extensions.TrxReport from 1.6.2 to 1.6.3 by @dependabot[bot] (#980)
- build(deps): bump actions/setup-dotnet from 4.3.0 to 4.3.1 by @dependabot[bot] (#976)
- Manifest info name should be case insensitive by @pragnya17 (#973)
- Validate manifest info with attributes by @pragnya17 (#961)
- build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot[bot] (#966)
- Parsing SPDX 3.0 packages and validating with NTIA by @pragnya17 (#963)
- Generate singular SBOM based on manifestInfo parameter by @pragnya17 (#959)
- build(deps): bump Microsoft.Testing.Extensions.TrxReport from 1.5.3 to 1.6.2 by @dependabot[bot] (#937)
- build(deps): bump Microsoft.NETFramework.ReferenceAssemblies, NuGet.Configuration and NuGet.Frameworks by @dependabot[bot] (#960)
- API BREAKING CHANGE: Remove back-compat interface shims by @DaveTryon (#952)
- Reenable CodeQL for SDL compliance by @DaveTryon (#951)
- Normalize "SBOM" to "Sbom" through most of the code base by @DaveTryon (#950)
- API changes to support SPDX 3.0 by @pragnya17 (#924)
- Clean apt cache in Dockerfile to reduce image size by @DaveTryon (#939)
- build(deps): bump github/codeql-action from 3.28.8 to 3.28.10 by @dependabot[bot] (#945)
- Bump System.Text.Json from 9.0.0 to 9.0.2 by @DaveTryon (#940)
- build(deps): bump System.Threading.Channels by @dependabot[bot] (#929)
- Pin Microsoft.IO.Redist in net472 tests by @DaveTryon (#921)
Contributors
DaveTryon, grvillic, and 3 other contributors