⚠️ BREAKING changes

• Removed deprecated symbols
• Changed constructor of CycloneDX\Contrib\License\Factories\LicenseFactory
• Changed dependencies

Removed

• Class CycloneDX\Core\Factories\LicenseFactory (#571 via #587)
  Use CycloneDX\Contrib\License\Factories\LicenseFactory instead.
• Class CycloneDX\Core\Utils\BomUtility (#571 via #587)
  Use CycloneDX\Contrib\Bom\Utils\BomUtils instead.
• Method CycloneDX\Core\Validation\BaseValidator::getSpec() (#590 via #591)

Changed

• CycloneDX\Contrib\License\Factories\LicenseFactory::__construct() parameters are no longer autopopulated (#571 via #587)
  Downstream implementations have to populate the parameters on their own, now.
• CycloneDX\Core\Models\Component::setPackageUrl() accepts ?string (#571 via #588)
  Downstream implementations may use package-url/packageurl-php for generation.
• CycloneDX\Core\Models\Component::getPackageUrl() returns ?string (#571 via #588)
  Downstream implementations may use package-url/packageurl-php for parsing.
• CycloneDX\Core\Validation\BaseValidator::__construct() parameter is type CycloneDX\Core\Spec\Version (#590 via #591)
  Was internal type CycloneDX\Core\Spec\_SpecProtocol.

Dependencies

• No longer depends on, but suggests composer/spdx-licenses:^1.5 (#571 via #587)
  May be used when utilizing CycloneDX\Contrib\License\Factories\LicenseFactory.
• No longer depend on, but suggests package-url/packageurl-php (#571 via #588)
  May be used for parsing and crafting PackageURL strings downstream.

What's Changed

• BC: removed deprecated symbols by @jkowalleck in #587
• BC: PackageUrl as string by @jkowalleck in #588
• Feat/base validator store version by @jkowalleck in #591
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.92.3 to 3.92.5 in /tools/php-cs-fixer by @dependabot[bot] in #592
• chore(deps): bump phpunit for github.com/advisories/GHSA-vvj3-c3rp-c85p by @jkowalleck in #598
• tools(deps-dev): Update vimeo/psalm requirement from 6.14.3 to 6.15.0 in /tools/psalm by @dependabot[bot] in #595
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.9.5 to 0.9.6 in /tools/composer-unused by @dependabot[bot] in #596
• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.48.2 to 2.49.0 in /tools/composer-normalize by @dependabot[bot] in #599
• BC: v4.0.0 by @jkowalleck in #589
• chore: prep v4.0.0 by @jkowalleck in #604
• tools(deps-dev): Update vimeo/psalm requirement from 6.15.0 to 6.15.1 in /tools/psalm by @dependabot[bot] in #602
• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.49.0 to 2.50.0 in /tools/composer-normalize by @dependabot[bot] in #601
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.92.5 to 3.94.0 in /tools/php-cs-fixer by @dependabot[bot] in #600
• docs: hint for parsing PURL by @jkowalleck in #605

Full Changelog: v3.10.0...v4.0.0

Added

• Officially support PHP 8.5 (#566 via #574)

What's Changed

• docs: modernize RTD setup by @jkowalleck in #575
• docs: modernize RTD setup by @jkowalleck in #576
• gh-actions(deps): Bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #578
• gh-actions(deps): Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #579
• gh-actions(deps): Bump actions/cache from 4 to 5 by @dependabot[bot] in #581
• chore: PR template by @jkowalleck in #585
• tools(deps-dev): Update vimeo/psalm requirement from 6.13.1 to 6.14.3 in /tools/psalm by @dependabot[bot] in #584
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.91.0 to 3.92.3 in /tools/php-cs-fixer by @dependabot[bot] in #583
• feat: support php 8.5 by @jkowalleck in #574
• chore: prep v3.10.0 by @jkowalleck in #586

Full Changelog: v3.9.0...v3.10.0

Added

• new Entry point \CycloneDX\Contrib (via #569)

Changed

• Moved non‑standard implementations to Contrib area (#571 via #569)

Deprecated

• Certain exports have been deprecated; downstream imports should be updated to the new locations (#571 via #569)
  Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.

Refactored

• The following symbols were moved (#571 via #569)
  The symbols are still import-able through their old location.
  • OLD -> NEW
  • \CycloneDX\Core\Factories\LicenseFactory -> \CycloneDX\Contrib\License\Factories\LicenseFactory
  • \CycloneDX\Core\Utils\BomUtility -> \CycloneDX\Contrib\Bom\Utils\BomUtils

What's Changed

• docs: examples for CDX 1.7 by @jkowalleck in #561
• gh-actions(deps): Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #562
• gh-actions(deps): Bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #563
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.88.2 to 3.89.1 in /tools/php-cs-fixer by @dependabot[bot] in #564
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.89.1 to 3.89.2 in /tools/php-cs-fixer by @dependabot[bot] in #565
• gh-actions(deps): Bump actions/checkout from 5 to 6 by @dependabot[bot] in #567
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.89.2 to 3.91.0 in /tools/php-cs-fixer by @dependabot[bot] in #570
• docs: use phpdocumentor 3.9.1 by @jkowalleck in #572
• feat: prepare "contrib" area by @jkowalleck in #569
• chore: prep v3.9.0 by @jkowalleck in #573

Full Changelog: v3.8.0...v3.9.0

Added

• Support CycloneDX 1.7 (#558 via #559)

What's Changed

• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.48.1 to 2.48.2 in /tools/composer-normalize by @dependabot[bot] in #555
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.87.1 to 3.87.2 in /tools/php-cs-fixer by @dependabot[bot] in #554
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.9.4 to 0.9.5 in /tools/composer-unused by @dependabot[bot] in #557
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.87.2 to 3.88.2 in /tools/php-cs-fixer by @dependabot[bot] in #556
• feat: basic support for CycloneDX 1.7 by @jkowalleck in #559
• chore: prep v3.8.0 by @jkowalleck in #560

Full Changelog: v3.7.0...v3.8.0

Added

• Pulled SPDX license IDs v1.0-3.27.0 (via #553)

What's Changed

• tools(deps-dev): Update vimeo/psalm requirement from 6.12.0 to 6.12.1 in /tools/psalm by @dependabot[bot] in #538
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.75.0 to 3.76.0 in /tools/php-cs-fixer by @dependabot[bot] in #539
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.76.0 to 3.82.2 in /tools/php-cs-fixer by @dependabot[bot] in #540
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.82.2 to 3.84.0 in /tools/php-cs-fixer by @dependabot[bot] in #541
• tools(deps-dev): Update vimeo/psalm requirement from 6.12.1 to 6.13.0 in /tools/psalm by @dependabot[bot] in #542
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.84.0 to 3.85.1 in /tools/php-cs-fixer by @dependabot[bot] in #543
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.9.3 to 0.9.4 in /tools/composer-unused by @dependabot[bot] in #544
• tools(deps-dev): Update vimeo/psalm requirement from 6.13.0 to 6.13.1 in /tools/psalm by @dependabot[bot] in #546
• gh-actions(deps): Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #547
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.85.1 to 3.86.0 in /tools/php-cs-fixer by @dependabot[bot] in #549
• gh-actions(deps): Bump actions/checkout from 4 to 5 by @dependabot[bot] in #548
• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.47.0 to 2.48.1 in /tools/composer-normalize by @dependabot[bot] in #550
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.86.0 to 3.87.1 in /tools/php-cs-fixer by @dependabot[bot] in #551
• feat: Updating SPDX license list to 3.27.0 by @jkowalleck in #553

Full Changelog: v3.6.0...v3.7.0

Added

• Pulled SPDX license IDs v1.0-3.26.0 (via #537)

What's Changed

• tools(deps-dev): Update vimeo/psalm requirement from 6.10.3 to 6.11.0 in /tools/psalm by @dependabot in #535
• tools(deps-dev): Update vimeo/psalm requirement from 6.11.0 to 6.12.0 in /tools/psalm by @dependabot in #536
• feat: Pulled SPDX license IDs v1.0-3.26.0 by @jkowalleck in #537

Full Changelog: v3.5.4...v3.6.0

Maintenance release.

What's Changed

• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.69.0 to 3.69.1 in /tools/php-cs-fixer by @dependabot in #510
• tools(deps-dev): Update vimeo/psalm requirement from 6.7.1 to 6.8.6 in /tools/psalm by @dependabot in #511
• tools(deps-dev): Update vimeo/psalm requirement from 6.8.6 to 6.8.8 in /tools/psalm by @dependabot in #512
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.69.1 to 3.70.0 in /tools/php-cs-fixer by @dependabot in #513
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.70.0 to 3.71.0 in /tools/php-cs-fixer by @dependabot in #514
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.8.11 to 0.9.0 in /tools/composer-unused by @dependabot in #516
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.71.0 to 3.72.0 in /tools/php-cs-fixer by @dependabot in #517
• tools(deps-dev): Update vimeo/psalm requirement from 6.8.8 to 6.8.9 in /tools/psalm by @dependabot in #518
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.72.0 to 3.73.1 in /tools/php-cs-fixer by @dependabot in #521
• tools(deps-dev): Update vimeo/psalm requirement from 6.8.9 to 6.9.4 in /tools/psalm by @dependabot in #520
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.9.0 to 0.9.2 in /tools/composer-unused by @dependabot in #519
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.73.1 to 3.74.0 in /tools/php-cs-fixer by @dependabot in #523
• docs: lib note by @jkowalleck in #524
• tools(deps-dev): Update vimeo/psalm requirement from 6.9.4 to 6.9.6 in /tools/psalm by @dependabot in #522
• tools(deps-dev): Update friendsofphp/php-cs-fixer requirement from 3.74.0 to 3.75.0 in /tools/php-cs-fixer by @dependabot in #526
• tools(deps-dev): Update vimeo/psalm requirement from 6.9.6 to 6.10.0 in /tools/psalm by @dependabot in #525
• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.45.0 to 2.46.0 in /tools/composer-normalize by @dependabot in #527
• tools(deps-dev): Update ergebnis/composer-normalize requirement from 2.46.0 to 2.47.0 in /tools/composer-normalize by @dependabot in #528
• tools(deps-dev): Update vimeo/psalm requirement from 6.10.0 to 6.10.1 in /tools/psalm by @dependabot in #529
• tools(deps-dev): Update vimeo/psalm requirement from 6.10.1 to 6.10.3 in /tools/psalm by @dependabot in #530
• tools(deps-dev): Update icanhazstring/composer-unused requirement from 0.9.2 to 0.9.3 in /tools/composer-unused by @dependabot in #531
• chore: GH workflow permissions by @jkowalleck in #532
• chore: release via softprops action by @jkowalleck in #534

Full Changelog: v3.5.3...v3.5.4

Full Changelog: v3.5.4-alpha1...v3.5.4-alpha3