feat!: emit defaults to CycloneDX1.6 (#1333)

fixes #1329 --------- Signed-off-by: Jan Kowalleck <[email protected]>
CycloneDX · Jan 23, 2025 · 8175f47 · 8175f47
1 parent 72122e1
commit 8175f47
Show file tree

Hide file tree

Showing 4 changed files with 1,072 additions and 707 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -7,13 +7,16 @@ All notable changes to this project will be documented in this file.
 <!-- unreleased changes go here -->
 
 * BREAKING Changes
+  * Option `specVersion` defaults to `"1.6"`, was `"1.4"` ([#1329] via [#1333])
   * Emit `.metadata.tools` as components ([#1330] via [#1331])  
     This affects only CycloneDX spec-version 1.5 and later.
 * Build
   * Use _TypeScript_ `v5.7.3` now, was `v5.6.3` (via [#1351])
 
+[#1329]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/1329
 [#1330]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/1330
 [#1331]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1331
+[#1333]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1333
 [#1351]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1351
 
 ## 3.17.0 - 2025-01-10

diff --git a/README.md b/README.md
@@ -46,7 +46,7 @@ new CycloneDxWebpackPlugin(options?: object)
 
 | Name | Type | Default | Description |
 |:-----|:----:|:-------:|:------------|
-| **`specVersion`** | `{string}`<br/> one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"` | `"1.4"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
+| **`specVersion`** | `{string}`<br/> one of: `"1.2"`, `"1.3"`, `"1.4"`, `"1.5"`, `"1.6"` | `"1.6"` |  Which version of [CycloneDX-spec] to use.<br/> Supported values depend on the installed dependency [CycloneDX-javascript-library]. |
 | **`reproducibleResults`** | `{boolean}` | `false` | Whether to go the extra mile and make the output reproducible.<br/> Reproducibility might result in loss of time- and random-based-values. |
 | **`validateResults`** | `{boolean}` | `true` | Whether to validate the BOM result.<br/> Validation is skipped, if requirements not met. Requires [transitive optional dependencies](https://github.com/CycloneDX/cyclonedx-javascript-library#optional-dependencies). |
 | **`outputLocation`** | `{string}` | `"./cyclonedx"` | Path to write the output to. The path is relative to _webpack_'s overall output path. |

diff --git a/src/plugin.ts b/src/plugin.ts
@@ -152,7 +152,7 @@ export class CycloneDxWebpackPlugin {
   collectEvidence: boolean
 
   constructor ({
-    specVersion = CDX.Spec.Version.v1dot4,
+    specVersion = CDX.Spec.Version.v1dot6,
     reproducibleResults = false,
     validateResults = true,
     outputLocation = './cyclonedx',