10.0.0

BREAKING changes

• Removed deprecated symbols
• Removed PackageUrl factories
• No longer use external standards' implementations directly

Removed

• Entrypoint Builders (via #1377)
• Entrypoint Factories (via #1377)
• Entrypoint Utils (via #1377)
• Entrypoint Contrib/PackageUrl (via #1378)
• Deprecated symbol Builders (#1346 via #1377)
• Deprecated symbol Builders.FromNodePackageJson (#1346 via #1377)
• Deprecated symbol Builders.FromNodePackageJson.ToolBuilder (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Builders.ToolBuilder instead.
• Deprecated symbol Builders.FromNodePackageJson.ComponentBuilder (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Builders.ComponentBuilder instead.
• Deprecated symbol Factories (#1346 via #1377)
• Deprecated symbol Factories.FromNodePackageJson (#1346 via #1377)
• Deprecated symbol Factories.FromNodePackageJson.ExternalReferenceFactory (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory instead.
• Deprecated symbol Factories.FromNodePackageJson.PackageUrlFactory (#1346 via #1377)
  Use packageurl-js downstream.
• Deprecated symbol Factories.LicenseFactory (#1346, #1348 via #1377, #1378)
  Use Contrib.License.Factories.LicenseFactory instead.
• Deprecated symbol Factories.PackageUrlFactory (#1346 via #1377)
  Use packageurl-js downstream.
• Deprecated symbol Types.NodePackageJson (#1346, #1348 via #1377, #1378)
  Use Contrib.FromNodePackageJson.Types.NodePackageJson instead.
• Deprecated symbol Types.assertNodePackageJson (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Types.assertNodePackageJson instead.
• Deprecated symbol Types.isNodePackageJson (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Types.isNodePackageJson instead.
• Deprecated symbol Utils (#1346 via #1377)
• Deprecated symbol Utils.BomUtility (#1346 via #1377)
• Deprecated symbol Utils.BomUtility.randomSerialNumber (#1346 via #1377)
  Use Contrib.Bom.Utils.randomSerialNumber instead.
• Deprecated symbol Utils.LicenseUtility (#1346 via #1377)
• Deprecated symbol Utils.LicenseUtility.FsUtils (#1346 via #1377)
  Use Contrib.License.Utils.FsUtils instead.
• Deprecated symbol Utils.LicenseUtility.PathUtils (#1346 via #1377)
• Use Contrib.License.Utils.PathUtils instead.
• Deprecated symbol Utils.LicenseUtility.FileAttachment (#1346 via #1377)
  Use Contrib.License.Utils.FileAttachment instead.
• Deprecated symbol Utils.LicenseUtility.ErrorReporter (#1346 via #1377)
  Use Contrib.License.Utils.ErrorReporter instead.
• Deprecated symbol Utils.LicenseUtility.LicenseEvidenceGatherer (#1346 via #1377)
  Use Contrib.License.Utils.LicenseEvidenceGatherer instead.
• Deprecated symbol Utils.NpmjsUtility (#1346 via #1377)
• Deprecated symbol Utils.NpmjsUtility.parsePackageIntegrity (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Utils.parsePackageIntegrity instead.
• Deprecated symbol Utils.NpmjsUtility.defaultRegistryMatcher (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Utils.defaultRegistryMatcher instead.
• Symbol Contrib.PackageUrl.Factories.PackageUrlFactory (#1348 via #1378)
  Use packageurl-js downstream. You can use these example as inspiration:
  • https://github.com/CycloneDX/cyclonedx-node-yarn/blob/c35d9b7c2b5a50aae46d435cda8e095ca415c622/src/factories.ts
  • https://github.com/CycloneDX/cyclonedx-node-npm/blob/002211b6f860222fd4cba0e13af6c131b157c27c/src/factories.ts
• Symbol Contrib.FromNodePackageJson.Factories.PackageUrlFactory (#1348 via #1378)
  Use packageurl-js downstream.
• Symbol SPDX.isValidSpdxLicenseExpression (#1348 via #1382)
  Use package spdx-expression-parse instead.

Changed

• Component.purl is a string now, was PackaheUrl (#1348 via #1379)
• Constructor of Contrib.License.Factories.LicenseFactory got an injectable argument spdxExpressionValidate for validating SPDX License Expressions (#1348 via #1382)
  Suggested implementation is spdx-expression-parse.
• Pulled SPDX license IDs v1.0-3.28.0 (#1386 via #1395)
• Hardened schema validators (via #1396)

Dependencies

• Dependency packageurl-js became a suggested (optional peer-dependency) library (#1348 via #1378)
  You may use it to craft and parse PackageURLs downstream.
• Dependency spdx-expression-parse became a suggested (optional peer-dependency) library (#1348 via #1382)
  Used as an injectable in Contrib.License.Factories.LicenseFactory.constructor.

Chore

• Set dev-engines in package.json (#1301 via #1380)

---

What's Changed

• feat!: remove deprecated reexports by @jkowalleck in #1377
• feat!: Component.purl as string by @jkowalleck in #1379
• feat!: remove package url factory by @jkowalleck in #1378
• chore: dev engines by @jkowalleck in #1380
• tests: fix browser tests by @jkowalleck in #1381
• feat!: remove spdx expression validation by @jkowalleck in #1382
• v10.0.0 by @jkowalleck in #1376
• chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies by @dependabot[bot] in #1392
• feat: pulled SPDX license IDs v1.0-3.28.0 by @jkowalleck in #1395
• feat: harden schema validators by @jkowalleck in #1396

Full Changelog: v9.5.0...v10.0.0