Skip to content

Commit e58bd55

Browse files
ShnatselShnatsel
authored
Merge pull request #857 from Shnatsel/new-cargo-cyclonedx-release
Release cargo-cyclonedx v0.5.9
2 parents fa94e0c + 2ce81ac commit e58bd55

3 files changed

Lines changed: 34 additions & 3 deletions

File tree

Cargo.lock

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cargo-cyclonedx/CHANGELOG.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## 0.5.9 - 2026-03-19
9+
10+
### Added
11+
12+
- Support for the `SOURCE_DATE_EPOCH` environment variable for reproducible builds. When set, the SBOM timestamp is derived from the value of `SOURCE_DATE_EPOCH` and the random serial number is omitted. ([#852])
13+
- The `CARGO_BUILD_TARGET` environment variable is now honored to determine the target platform, matching the behavior of other Cargo tools ([#840])
14+
15+
### Fixed
16+
17+
- Recognize sparse registries (`sparse+http://...`) as custom registries when constructing PURLs ([#853])
18+
- Fixed PURL spec compliance where invalid vcs_url would be produced if package source contains qualifiers such as `?branch=` ([#856])
19+
20+
### Changed
21+
22+
- Make manifest path absolute without resolving symlinks, bringing the behavior in line with `cargo build` and fixing issues on systems where the project path contains symlinks ([#808])
23+
- Avoid writing JSON `null` for more omitted optional fields (`serial_number`, `depends_on`, `diff`, etc.) ([#847]) ([#848]) ([#849])
24+
- SPDX validation errors now include the invalid license expression in the error message ([#844])
25+
- Increased MSRV (minimum supported Rust version) to 1.85 ([#845])
26+
827
## 0.5.8 - 2026-03-12
928

1029
### Fixed
@@ -165,3 +184,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
165184
[#762]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/762
166185
[#770]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/770
167186
[#772]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/772
187+
[#808]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/808
188+
[#826]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/826
189+
[#828]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/828
190+
[#840]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/840
191+
[#844]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/844
192+
[#845]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/845
193+
[#847]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/847
194+
[#848]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/848
195+
[#849]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/849
196+
[#852]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/852
197+
[#853]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/853
198+
[#856]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/853

cargo-cyclonedx/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "cargo-cyclonedx"
3-
version = "0.5.8"
3+
version = "0.5.9"
44
categories = ["command-line-utilities", "development-tools", "development-tools::cargo-plugins"]
55
description = "CycloneDX Software Bill of Materials (SBOM) for Rust Crates"
66
keywords = ["sbom", "bom", "components", "dependencies", "owasp"]

0 commit comments

Comments
 (0)