Merge pull request #773 from Shnatsel/new-release

Shnatsel · web-flow · commit c4c3ba9717e7 · 2024-11-30T01:38:23.000Z
Release cargo-cyclonedx v0.5.7
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cargo-cyclonedx/CHANGELOG.md b/cargo-cyclonedx/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.5.7 - 2024-11-30
+
+### Added
+
+ - Cargo.lock v4 format stabilized in Rust 1.78 is now supported. ([#772]) Previously the SBOM would be generated but package hashes would not be recorded in presence of v4 lockfiles.
+ - The `component.author` field is now set to comma-separated list of authors ([#770]). We'd like to use `component.authors` instead once CycloneDX v1.6 is supported.
+
 ## 0.5.6 - 2024-11-07
 
 ### Added
@@ -148,4 +155,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#727]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/727
 [#746]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/746
 [#755]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/755
-[#762]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/762
+[#762]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/762
+[#770]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/770
+[#772]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/772
diff --git a/cargo-cyclonedx/Cargo.toml b/cargo-cyclonedx/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cargo-cyclonedx"
-version = "0.5.6"
+version = "0.5.7"
 categories = ["command-line-utilities", "development-tools", "development-tools::cargo-plugins"]
 description = "CycloneDX Software Bill of Materials (SBOM) for Rust Crates"
 keywords = ["sbom", "bom", "components", "dependencies", "owasp"]
diff --git a/cargo-cyclonedx/src/generator.rs b/cargo-cyclonedx/src/generator.rs
@@ -246,6 +246,7 @@ impl SbomGenerator {
             .as_ref()
             .map(|s| NormalizedString::new(s));
 
+        // TODO: record in `authors` field rather than `author` when writing v1.6
         if !package.authors.is_empty() {
             component.author = Some(NormalizedString::new(&package.authors.join(", ")));
         }

Original file line number	Diff line number	Diff line change
`@@ -246,6 +246,7 @@ impl SbomGenerator {`
`246`	`246`	`.as_ref()`
`247`	`247`	`.map(\|s\| NormalizedString::new(s));`
`248`	`248`
	`249`	+ // TODO: record in `authors` field rather than `author` when writing v1.6
`249`	`250`	`if !package.authors.is_empty() {`
`250`	`251`	`component.author = Some(NormalizedString::new(&package.authors.join(", ")));`
`251`	`252`	`}`