Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump cyclonedx from 2.10.0 to 3.0.1 #295

Merged
merged 1 commit into from
Dec 29, 2023
Merged

Bump cyclonedx from 2.10.0 to 3.0.1 #295

merged 1 commit into from
Dec 29, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 29, 2023

Bumps cyclonedx from 2.10.0 to 3.0.1.

Release notes

Sourced from cyclonedx's releases.

3.0.1

Fixed a bug where CycloneDX on Linux systems searched for the dotnet executable in the wrong location, throwing a System.ComponentModel.Win32Exception [sic] right at the start.

3.0.0

Changelog

Breaking Changes

  • The flag --disable-github-licenses is now deprecated and set as the default launch setting. If you want to enable GitHub license resolution, you must activate it by setting -enable-github-licenses.

  • Generated SBOMs are now of CycloneDX-Version 1.5

Deprecated Arguments

The following arguments are deprecated and will be replaced soon:

  • -d is now replaced by -ed
  • -r is now replaced by -sr
  • -f is now replaced by -fn
  • --out is now replaced by --output

The argument -v has been removed directly.

Features

  • Introducing a new flag: -ipr or --include-project-references, which adds project references to the bom output.
  • The --output flag is not mandatory anymore but defaults to the working directory.

Bugfixes

  • The --exclude-dev flag now also removes dev dependencies from the dependency graph.
  • Fixed an error where .NET Standard was treated as a package dependency, causing a failure.
  • Fixed an error where a package reference, shadowed by a project reference, leads to a failure.

Notes

  • Changed the command line from McMaster.Extensions.CommandLineUtils to System.CommandLine.
Commits
  • 34cc4e5 fix: #806 CommandService couldn't find dotnet executable's path on linux
  • 35d161f Format README.md
  • 8c95746 Update argument list in README.md
  • f357193 Change version to 3.0.0
  • e9f8ca3 chore!: -dgl is now default, instead one can use -egl to enable github licenc...
  • 7ccefb4 chore!: re-add --out as deprecated, --output uses working path as default now...
  • dce2705 Merge pull request #793 from CycloneDX/dependabot/nuget/Moq-4.20.70
  • ba07525 Bump Moq from 4.20.69 to 4.20.70
  • 06d7dee Merge pull request #792 from CycloneDX/dependabot/github_actions/actions/setu...
  • f0669de Merge pull request #769 from CycloneDX/dependabot/github_actions/actions/chec...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump cyclonedx from 2.10.0 to 3.0.1
b5f101f 
Bumps [cyclonedx](https://github.com/CycloneDX/cyclonedx-dotnet) from 2.10.0 to 3.0.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-dotnet/releases)
- [Commits](CycloneDX/cyclonedx-dotnet@v2.10.0...v3.0.1)

---
updated-dependencies:
- dependency-name: cyclonedx
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from Bertk as a code owner December 29, 2023 06:20
@dependabot dependabot bot added .NET Pull requests that update .net code type: dependencies Pull requests that update a dependency file labels Dec 29, 2023
@Bertk Bertk merged commit b85cafd into main Dec 29, 2023
13 checks passed
@dependabot dependabot bot deleted the dependabot/nuget/cyclonedx-3.0.1 branch December 29, 2023 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bertk Bertk Bertk approved these changes

Assignees
No one assigned
Labels
.NET Pull requests that update .net code type: dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Bertk