Lib4sbom

Updates in this release

Fixes
- fix: Handle missing version (fixes 8)
- fix: Handle optional dependsOn in CycloneDX relationships
- fix: Incorrect version of specVersion for non 1.5 documents

Updates in this release
New features
- feat: Add support for CycloneDX version 1.5 (fixes 6)
- feat: Add support for package attribution (SPDX)
- feat: Update license list to version 3.21
- feat: update version
Fixes
- doc: Update README
- fix: Additional checking of dependencies
- fix: Handle duplicate packages in CycloneDX (fixes 3)
- fix: optional license in component evidence
- fix: parsing originator in SPDX JSON file (fixes 4)
- fix: Retain deprecated ids
- fix: Linting (fixes 7)
- Merge pull request 5 from rh0dy/main

Updates in this release

New features

- Add package purpose processing
- Check OSI Approved license
- Check valid URL in package metadata
- Include download location in CycloneDX SBOM
- Include email address with supplier when parsing CycloneDX
- Update license synonyms

Fixes

- Update documentation
- Allow .json files as SPDX file
- Copyright text in tag value format
- Ensure operators in license expression are uppercase
- Ensure supplier and contributor names are non-zero length
- Handle component with no version
- Handle file creation error
- Handle SPDX package purpose ambiquity for OPERATING-SYSTEM
- Handling of : in version and copyright strings
- Ignore deprecated licenses
- Improve parsing of relationships
- Minor updates to CycloneDX generator
- Fix overwriting download location attribute
- Parse package purpose
- Refactor license matching
- Correct storage of SBOM file component name
- Correct type for homepage component
- Refactor text handling for SPDX Tag value SBOMs

Updates in this release

New Features

- Support SPDX license expressions
- Update license synonym processing
- Add more license synonyms
- Update SPDX license data to 3.20

Fixes

- Handle file as CycloneDX type
- Handle version as optional attribute in CycloneDX document
- Capture filetypes in SPDX JSON file
- Fix failing test
- Small corrections for licenses and comment handling

Updates in this release

New features

- Update CycloneDX generation
- Update SPDX Licenses to version 3.20

Fixes

- Add licence information to file
- Correct handling of relationships between file components
- CycloneDX component handling
- Default setting for relationship id
- Handle non-semantic version strings
- Handle SPDX PACKAGE_MANAGER as alternative to PACKAGE-MANAGER
- Handling of package originator
- Handling of supplier in CycloneDX
- Improve relationship formatting
- Minor fixes with supplier and license handling
- Rationalise dependency generation
- Remove all reference to XML format
- Remove duplicated dependencies and improve supplier and licence processing
- Remove duplicate relationships in CycloneDX
- Remove old code
- Report non-SPDX licenses
- Resolve relationship generation for files
- Tidy up SPDX Generator
- Update handling of package descriptions
- Update documentaion

Bug fix handling author data in CycloneDX metadata