Environment variable BOM_REPRODUCIBLE causes bom result to be more consistent
over multiple runs by omitting time/rand-based values, and sorting lists. (via #288)
Method Component.compare() compares self by purl or group/name/version. (via #288)
Method ExternalReference.compare() compares self by type/url. (via #288)
Method Hash.compare() compares self by algorithm/value. (via #288)
JSDoc for ExternalReference, ExternalReferenceList, Hash, HashList. (via #288)
Fixed
ExternalReference.url is now correctly treated as mandatory. (via #288)
Hash.value is now correctly treated as mandatory. (via #288)
ExternalReferenceList.isEligibleHomepage now returns the correct result, was inverted. (via #288)
Changed
Private properties of ExternalReference, ExternalReferenceList, Hash, HashList
became inaccessible. (#233 via #288)
Environment variable BOM_REPRODUCIBLE causes bom result to be more consistent
over multiple runs by omitting time/rand-based values, and sorting lists. (via #288)
Method Component.compare() compares self by purl or group/name/version. (via #288)
Method ExternalReference.compare() compares self by type/url. (via #288)
Method Hash.compare() compares self by algorithm/value. (via #288)
JSDoc for ExternalReference, ExternalReferenceList, Hash, HashList. (via #288)
Fixed
ExternalReference.url is now correctly treated as mandatory. (via #288)
Hash.value is now correctly treated as mandatory. (via #288)
ExternalReferenceList.isEligibleHomepage now returns the correct result, was inverted. (via #288)
Changed
Private properties of ExternalReference, ExternalReferenceList, Hash, HashList
became inaccessible. (#233 via #288)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps @cyclonedx/bom from 3.1.1 to 3.10.0.
Release notes
Sourced from
@cyclonedx/bom's releases.... (truncated)
Changelog
Sourced from
@cyclonedx/bom's changelog.... (truncated)
Commits
f5a7c1b3.10.01f6cef1prepare v3.10.095faad9feat: Consider optional element "comment" when serializing ExternalReference ...7ea9cb5node18 support (#300)98080743.9.0fd19659prepare v3.9.031667e4add dependencies (#296)d3f7c19HISTORY tidyed757433.8.128dc45eprep v3.8.1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)