5.0.1

🚀 CycloneDX .NET v5.0.1 Release Notes

🛠️ Fixes

• VCS URL Normalization – Resolved schema validation errors caused by Git-style URLs (e.g., [email protected]:user/repo.git) by converting them to valid URL formats, enhancing compatibility with tools like Dependency-Track. Thanks to @Alex-Stevens in #910. Issue #890

📦 Dependency Updates

• Upgraded xunit from 2.7.0 to 2.9.3 by @dependabot in #924.
• Upgraded xunit.runner.visualstudio from 2.5.7 to 3.0.1 by @dependabot in #925.

🆕 New Contributors

A big thank you to our first-time contributor:

• @Alex-Stevens in #910

📜 Full Changelog: v5.0.0 → v5.0.1

5.0.0

🚀 CycloneDX .NET v5.0.0 Release Notes

🔥 Breaking Changes

• cyclonedx-dotnet no longer runs on .NET 6 and .NET 7. However, you can still generate SBOMs for applications targeting these versions.

✨ What's New

• Improved Logging – Now logs package and version details when unzipping fails, thanks to @pregress in #922.
• .NET 9 Support – cyclonedx-dotnet now runs on .NET 9 by @nathan-mittelette in #914.

🆕 New Contributors

A big thank you to our first-time contributors:

• @nathan-mittelette in #914
• @pregress in #922

📜 Full Changelog: [v4.2.0 → v5.0.0](v4.2.0...v5.0.0)

4.2.0

• Dockerimage is now based sdk:9.0

4.1.0

What's Changed

• feat: Support X# Project files (#895) by @VolkmarR in #900
• Enable RollForward to run on the latest .NET SDKs by @nil4 in #909
• fix: Exclude unsupported project when collecting project references @petercullen68 in #905

New Contributors

• @VolkmarR made their first contribution in #900
• @petercullen68 made their first contribution in #905

Full Changelog: v4.0.0...v4.1.0

4.0.0

What's Changed

• Potentially Breaking: Update CycloneDX to 8.0.0 and BOM validation to v1_6 by @MarioAllegro in #907
  • Created SBOMs will now be of CycloneDX version 1.6
  • Component.Author will now instead be written into the newly introduced Component.Authors field

New Contributors

• @MarioAllegro made their first contribution in #907

Full Changelog: v3.0.8...v4.0.0

3.0.8

What's Changed

• fix: Also find assembly version info for VB projects by @dhivarson in #870
• fix: CycloneDX should fail when the provided file was not found by @mtsfoni in #883

New Contributors

• @dhivarson made their first contribution in #870

Full Changelog: v3.0.7...v3.0.8

3.0.7

What's Changed

• chore: bump CycloneDX.Core to 7.0.1 by @mtsfoni in #879

Full Changelog: v3.0.6...v3.0.7

3.0.6

• Corrected an issue where an error occurred while reading a read-only .csproj file.
• Resolved an inconsistency in the naming of project-reference components when the assembly name differs from the project name.

What's Changed

• build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.4 to 20.0.15 by @dependabot in #839
• build(deps): bump xunit from 2.6.5 to 2.6.6 by @dependabot in #832
• build(deps): bump System.IO.Abstractions from 20.0.4 to 20.0.15 by @dependabot in #838
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #857
• build(deps): bump xunit.runner.visualstudio from 2.5.6 to 2.5.7 by @dependabot in #855
• build(deps): bump xunit from 2.6.6 to 2.7.0 by @dependabot in #854
• build(deps): bump dotnet/sdk from 8.0 to 8.0.101 by @dependabot in #852
• build(deps): bump NuGet.Protocol from 6.8.0 to 6.9.1 by @dependabot in #851
• build(deps): bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 by @dependabot in #849
• build(deps): bump NuGet.ProjectModel from 6.8.0 to 6.9.1 by @dependabot in #861
• build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 by @dependabot in #863
• build(deps): bump System.IO.Abstractions.TestingHelpers from 20.0.15 to 21.0.2 by @dependabot in #864
• build(deps): bump System.IO.Abstractions from 20.0.15 to 21.0.2 by @dependabot in #862
• When reading a file with a FileStream use FileAccess.Read. Fixes #859 by @mtsfoni in #860
• Fix: #833 Error with includePackageReference when ProjectReference-Graph is at least 2 levels deep. by @mtsfoni in #834

Full Changelog: v3.0.5...v3.0.6

3.0.5

Bug Fixes:

• Fixed a crash, when a referenced project file is missing. This issue can arise if the ProjectReference in the project file is conditional. (Issue #826)
• Fixed a crash, when -rs was used with asset-files and a child project had multiple targets with differing dependencies. (Issue #830)
• When using the -rs setting, dependencies that relied on the root project were under some circumstances incorrectly positioned in the dependency graph.
• With the settings -rs and -ipr, project references were not accurately placed in the dependency graph.

3.0.4

Fixes

A floating version in project references caused a System.ArgumentException and broke the generation process. (#814)