Merge pull request #145 from nikstur/prepare-0.3.0

nikstur · web-flow · commit 58b8950f8c2c · 2024-10-23T18:11:06.000+02:00
Prepare 0.3.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,26 @@
 # Changelog
 
-## 0.3.0 (unreleased)
+## 0.3.0
 
-- `doc` and `man` outputs are not included in the SBOM anymore.
+### Added
+
+- Added the ability to collect SBOMs from vendored dependencies (e.g. from Rust
+  or Go dependencies).
 - Added the option `excludes` to `buildBom` to exclude store paths via regex
   patterns from the final SBOM.
-- Generate CycloneDX v1.5 SBOMs instead of v1.4.
+- Added the option `extraPaths` to `buildBom` to consider extra dependencies
+  but still generating an SBOM for the original derivation.
 - Hashes of fixed output derivations are now included in the SBOM.
+- A derivation's `src` url and hash are now included in the SBOM.
+- Derivations' descriptions are now included in the SBOM.
+
+### Changed
+
+- `doc` and `man` outputs are not included in the SBOM anymore.
+- Generate CycloneDX v1.5 SBOMs instead of v1.4.
+- The created SBOMS are now reproducible because they derive their serial
+  number from a known input instead of randomly generating it.
+
+### Fixed
+
+- Fixed cross-compilation for SBOMs.
diff --git a/rust/transformer/Cargo.lock b/rust/transformer/Cargo.lock
diff --git a/rust/transformer/Cargo.toml b/rust/transformer/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "bombon-transformer"
-version = "0.2.0"
+version = "0.3.0"
 edition = "2021"
 
 [dependencies]
