@cyclonedx/cyclonedx-library 9.0.0 → 9.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cyclonedx-library",
-  "version": "9.0.0",
+  "version": "9.2.0",
   "description": "Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).",
   "license": "Apache-2.0",
   "keywords": [
@@ -88,7 +88,7 @@
     "ajv-formats": "^3.0.1",
     "ajv-formats-draft2019": "^1.6.1",
     "libxmljs2": "^0.35||^0.37",
-    "xmlbuilder2": "^3.0.2"
+    "xmlbuilder2": "^3.0.2||^4.0.0"
   },
   "peerDependenciesMeta": {
     "ajv": {
@@ -112,20 +112,21 @@
     "ajv-formats": "^3.0.1",
     "ajv-formats-draft2019": "^1.6.1",
     "libxmljs2": "^0.35||^0.37",
-    "xmlbuilder2": "^3.0.2",
+    "xmlbuilder2": "^3.0.2||^4.0.0",
     "@types/mocha": "^10",
     "@types/node": "ts5.7",
     "@types/spdx-expression-parse": "^3",
     "c8": "^10",
+    "copyfiles": "^2.4.1",
     "deepmerge": "^4.2.2",
     "fast-glob": "^3.3.1",
-    "memfs": "4.39.0",
-    "mocha": "11.7.2",
+    "memfs": "^4.46.1",
+    "mocha": "11.7.4",
     "npm-run-all2": "^8",
     "rimraf": "^6",
     "ts-loader": "9.5.4",
-    "typescript": "5.9.2",
-    "webpack": "5.101.3",
+    "typescript": "5.9.3",
+    "webpack": "5.102.1",
     "webpack-cli": "6.0.1",
     "webpack-node-externals": "3.0.0"
   },
@@ -209,6 +210,7 @@
     "build:web": "webpack build",
     "prebuild:d": "rimraf dist.d",
     "build:d": "tsc -b ./tsconfig.d.json",
+    "postbuild:d": "copyfiles -u 1 src/**/*.d.ts dist.d",
     "test": "run-p --aggregate-output -lc test:\\*",
     "test:node": "c8 mocha -p",
     "test:web": "node -e 'console.log(\"TODO: write web test\")'",

package/res/schema/README.md

@@ -4,7 +4,7 @@ some schema for offline use as download via [script](../../tools/schema-download
 original sources: <https://github.com/CycloneDX/specification/blob/master>
 
 Currently using version
-[8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7](https://github.com/CycloneDX/specification/commit/8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7)
+[4b3f59453366e27c8073fd24e98bf21ef8892c8e](https://github.com/CycloneDX/specification/commit/4b3f59453366e27c8073fd24e98bf21ef8892c8e)
 
 | file | note |
 |------|------|
@@ -15,11 +15,13 @@ Currently using version
 | [`bom-1.4.SNAPSHOT.xsd`](bom-1.4.SNAPSHOT.xsd) | applied changes: 1 |
 | [`bom-1.5.SNAPSHOT.xsd`](bom-1.5.SNAPSHOT.xsd) | applied changes: 1 |
 | [`bom-1.6.SNAPSHOT.xsd`](bom-1.6.SNAPSHOT.xsd) | applied changes: 1 |
+| [`bom-1.7.SNAPSHOT.xsd`](bom-1.7.SNAPSHOT.xsd) | applied changes: 1 |
 | [`bom-1.2.SNAPSHOT.schema.json`](bom-1.2.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.3.SNAPSHOT.schema.json`](bom-1.3.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.4.SNAPSHOT.schema.json`](bom-1.4.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.5.SNAPSHOT.schema.json`](bom-1.5.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.6.SNAPSHOT.schema.json`](bom-1.6.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
+| [`bom-1.7.SNAPSHOT.schema.json`](bom-1.7.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.2-strict.SNAPSHOT.schema.json`](bom-1.2-strict.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`bom-1.3-strict.SNAPSHOT.schema.json`](bom-1.3-strict.SNAPSHOT.schema.json) | applied changes: 2,3,4,5,6 |
 | [`spdx.SNAPSHOT.xsd`](spdx.SNAPSHOT.xsd) | |

package/res/schema/bom-1.4.SNAPSHOT.schema.json

@@ -1636,7 +1636,7 @@
                       "$ref": "#/definitions/version"
                     },
                     "range": {
-                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
                       "$ref": "#/definitions/range"
                     },
                     "status": {
@@ -1679,7 +1679,7 @@
       "maxLength": 1024
     },
     "range": {
-      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
       "type": "string",
       "minLength": 1,
       "maxLength": 1024

package/res/schema/bom-1.4.SNAPSHOT.xsd

@@ -1993,7 +1993,7 @@ limitations under the License.
                                                                 </xs:element>
                                                                 <xs:element name="range" type="xs:normalizedString" minOccurs="1" maxOccurs="1">
                                                                     <xs:annotation>
-                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst</xs:documentation>
+                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec</xs:documentation>
                                                                     </xs:annotation>
                                                                 </xs:element>
                                                             </xs:choice>

package/res/schema/bom-1.5.SNAPSHOT.schema.json

@@ -2281,7 +2281,7 @@
                       "$ref": "#/definitions/version"
                     },
                     "range": {
-                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
                       "$ref": "#/definitions/range"
                     },
                     "status": {
@@ -2323,7 +2323,7 @@
       "maxLength": 1024
     },
     "range": {
-      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
       "type": "string",
       "minLength": 1,
       "maxLength": 1024

package/res/schema/bom-1.5.SNAPSHOT.xsd

@@ -2433,12 +2433,12 @@ limitations under the License.
             </xs:enumeration>
             <xs:enumeration value="incomplete_first_party_proprietary_only">
                 <xs:annotation>
-                    <xs:documentation>The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.</xs:documentation>
+                    <xs:documentation>The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="incomplete_first_party_opensource_only">
                 <xs:annotation>
-                    <xs:documentation>The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.</xs:documentation>
+                    <xs:documentation>The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="incomplete_third_party_only">
@@ -3644,7 +3644,7 @@ limitations under the License.
                                                                 </xs:element>
                                                                 <xs:element name="range" type="xs:normalizedString" minOccurs="1" maxOccurs="1">
                                                                     <xs:annotation>
-                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst</xs:documentation>
+                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec</xs:documentation>
                                                                     </xs:annotation>
                                                                 </xs:element>
                                                             </xs:choice>

package/res/schema/bom-1.6.SNAPSHOT.schema.json

@@ -25,7 +25,7 @@
       "type": "string",
       "title": "CycloneDX Specification Version",
       "description": "The version of the CycloneDX specification the BOM conforms to.",
-      "examples": ["1.6.1"]
+      "examples": ["1.6"]
     },
     "serialNumber": {
       "type": "string",
@@ -2237,7 +2237,7 @@
         "aggregate": {
           "$ref": "#/definitions/aggregateType",
           "title": "Aggregate",
-          "description": "Specifies an aggregate type that describe how complete a relationship is."
+          "description": "Specifies an aggregate type that describes how complete a relationship is."
         },
         "assemblies": {
           "type": "array",
@@ -2928,7 +2928,7 @@
                     },
                     "range": {
                       "title": "Version Range",
-                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
                       "$ref": "#/definitions/versionRange"
                     },
                     "status": {
@@ -2983,7 +2983,7 @@
       ]
     },
     "versionRange": {
-      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst",
+      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
       "type": "string",
       "minLength": 1,
       "maxLength": 4096,

package/res/schema/bom-1.6.SNAPSHOT.xsd

@@ -76,7 +76,7 @@ limitations under the License.
     <xs:simpleType name="versionRangeType">
         <xs:annotation>
             <xs:documentation xml:lang="en"><![CDATA[
-                A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst
+                A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec
 
                 Example values:
                 - "vers:cargo/9.0.14"
@@ -2672,7 +2672,7 @@ limitations under the License.
             <xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation>
-                        opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection.
+                        Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection.
                     </xs:documentation>
                 </xs:annotation>
             </xs:element>
@@ -2715,7 +2715,7 @@ limitations under the License.
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
             <xs:element name="aggregate" type="bom:aggregateType" default="not_specified">
                 <xs:annotation>
-                    <xs:documentation>Specifies an aggregate type that describe how complete a relationship is.</xs:documentation>
+                    <xs:documentation>Specifies an aggregate type that describes how complete a relationship is.</xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:element name="assemblies" minOccurs="0" maxOccurs="1">
@@ -2810,12 +2810,12 @@ limitations under the License.
             </xs:enumeration>
             <xs:enumeration value="incomplete_first_party_proprietary_only">
                 <xs:annotation>
-                    <xs:documentation>The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.</xs:documentation>
+                    <xs:documentation>The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="incomplete_first_party_opensource_only">
                 <xs:annotation>
-                    <xs:documentation>The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.</xs:documentation>
+                    <xs:documentation>The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="incomplete_third_party_only">
@@ -4475,7 +4475,7 @@ limitations under the License.
                                                                 </xs:element>
                                                                 <xs:element name="range" type="bom:versionRangeType" minOccurs="1" maxOccurs="1">
                                                                     <xs:annotation>
-                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst</xs:documentation>
+                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec</xs:documentation>
                                                                     </xs:annotation>
                                                                 </xs:element>
                                                             </xs:choice>