chore(deps): bump github.com/protobom/protobom from 0.4.4 to 0.5.0

[dependabot[bot]]

Bumps github.com/protobom/protobom from 0.4.4 to 0.5.0.

Release notes

Sourced from github.com/protobom/protobom's releases.

v0.5.0

Protobom v0.5.0 :tada:

This new version of protobom is an important one as it packs several important features planned in our roadmap:

The First Set of Options is Now in Effect!

The first options for serializing and deserializing data are now implemented. Check the module documentation to check out the new knobs your applications can use to control how protobom reads and writes data.

Protobom Mods

We now have the first implementation of protobom mods. A mod is like a feature flag, when enabled they activate little "hacks" that implement behaviors in the serializers and unserializers that are required to avoid losing data, better compatibility or other quality of life reasons but may break with the spirit of the neutral representation of the project. Check out the go docs to see the list of initial mods.

Capture of Original Document Metadata

As of this version, when reading an SBOM, Protobom will now capture metadata about the original document including the original format, source path, hashes, and size. This is enabled by default but can be controlled via the reader options

SBOM Data Sinks

The reader and writer now support data sinks: applications can register additional write streams that receive a copy of all the SBOM data streams as they are read or written.

Support for Properties

Protobom now supports properties in the Node. This lets protobom capture properties as it reads cyclonedx documents. Additionally using the first protobom mod ever implemented, applications can enable a feature in the SPDX serializer to render the properties in SPDX annotations avoiding data loss when writing to SPDX.

Bug Fixes and Other Quality Improvements

This release also fixes a number of bugs reported over the release cycle and improves the reliability of our protocol buffer definitions thanks to new linters and improvements to the code generation toolchain.

As always, infinite thanks to our contributors, bug reporters and the amazing Protobom community! :metal:

What's Changed

• Formalize SPDX 2.3 namespace behavior by @​puerco in protobom/protobom#260
• build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 by @​dependabot in protobom/protobom#267
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 in the actions group by @​dependabot in protobom/protobom#268
• Protobom mods by @​puerco in protobom/protobom#264
• SPDX 2.3: Add support for License Declared by @​puerco in protobom/protobom#262
• Implement protobuf linting, formatting, and breaking change detection by @​jhoward-lm in protobom/protobom#269
• Support Properties in the Node by @​puerco in protobom/protobom#263
• fix: spdx 23 serializer handle Authors by @​ashearin in protobom/protobom#272
• build(deps): bump the actions group with 3 updates by @​dependabot in protobom/protobom#277
• Support properties in annotations through SPDX mod :tada: by @​puerco in protobom/protobom#276
• Fix panic in WithMod when initializing by @​puerco in protobom/protobom#275
• feat: capture document origin information by @​ashearin in protobom/protobom#274
• Support for SBOM data sinks by @​puerco in protobom/protobom#278
• Support properties/annotations mod when reading by @​puerco in protobom/protobom#280
• fix: encode source data hash as string by @​ashearin in protobom/protobom#281
• Refactor source reader by @​puerco in protobom/protobom#279

... (truncated)

Commits

• ae2173a Merge pull request #279 from puerco/refactor-source-reader
• ab7c9f2 Implement byte counter sink using bytes.buffer
• e57464b Add TrackSource option
• 9dbe73f Rewrite data source test to check for assignmentes only
• bd1d825 Refactor document data source with sinks
• 4c8262c Merge pull request #281 from ashearin/fix-sd-hash-encoding
• 891dc7f fix: encode source data hash as string
• 3d94feb Merge pull request #280 from puerco/properties-spdx-read
• 4903a56 SPDX: Enable detection of properties by defaut
• 3f79f3e SPDX23: Add test to check read properties
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)