BC: v4.0.0 by jkowalleck · Pull Request #589 · CycloneDX/cyclonedx-php-library

jkowalleck · 2026-01-08T12:29:24Z

BREAKING changes
- Removed deprecated symbols
- Changed constructor of CycloneDX\Contrib\License\Factories\LicenseFactory
- Changed dependencies
Removed
- Class CycloneDX\Core\Factories\LicenseFactory
  Use CycloneDX\Contrib\License\Factories\LicenseFactory instead.
- Class CycloneDX\Core\Utils\BomUtility
  Use CycloneDX\Contrib\Bom\Utils\BomUtils instead.
- Method CycloneDX\Core\Validation\BaseValidator::getSpec()
Changed
- CycloneDX\Contrib\License\Factories\LicenseFactory::__construct() parameters are no longer autopopulated
  Downstream implementations have to populate the parameters on their own, now.
- CycloneDX\Core\Models\Component::setPackageUrl() accepts ?string
  Downstream implementations may use package-url/packageurl-php for generation.
- CycloneDX\Core\Models\Component::getPackageUrl() returns ?string
  Downstream implementations may use package-url/packageurl-php for parsing.
- CycloneDX\Core\Validation\BaseValidator::__construct() parameter is type CycloneDX\Core\Spec\Version
  Was internal type CycloneDX\Core\Spec\_SpecProtocol.
Dependencies
- No longer depends on, but suggests composer/spdx-licenses:^1.5
  May be used when utilizing CycloneDX\Contrib\License\Factories\LicenseFactory.
- No longer depend on package-url/packageurl-php

Provide feedback