6.9.2-beta.0

v6.9.2-beta.0

6.9.2-beta.0

6.9.0

Changed

• Updated SPDX license list to v3.24.0 (via #1077)

---

What's Changed

• feat: update SPDX license list to v3.24.0 by @jkowalleck in #1077

Full Changelog: v6.8.2...v6.9.0

6.8.2

Fixed

• Added Factories.PackageUrlFactory's generic type's default back in (via #1076)

---

What's Changed

• fix: PackageUrlFactory generic default by @jkowalleck in #1076

Full Changelog: v6.8.1...v6.8.2

6.8.1

Fixed

• Hardened Factories.FromNodePackageJson.PackageUrlFactory's default package repository detection (#1073 via #1074)

---

What's Changed

• chore(deps-dev): bump npm-run-all2 from 5.0.2 to 6.1.2 by @dependabot in #1071
• fix: hardenFactories.FromNodePackageJson.PackageUrlFactory's default package repository detection by @jkowalleck in #1074

Full Changelog: v6.8.0...v6.8.1

6.8.0

Added

• Explicitly export own first-level submodules via package manifest (#87 via #1066)
  When used with bundlers/packers downstream, this might enable better tree shaking due to scoped imports.

Refactor

• Ease internal tree shaking (via #1066)

---

What's Changed

• feat: NodeJS exports submodules as subpaths by @jkowalleck in #1066
• chore: modernize npm-run-all by @jkowalleck in #1069
• chore(deps) bumped some dev-deps by @jkowalleck in #1067
• chore: use rimraf instead of own by @jkowalleck in #1068

Full Changelog: v6.7.2...v6.8.0

6.7.2

Changed

• The provided XML validation capabilities were explicitly hardened (via #1064; concerns #1061)
  This is considered a security measure concerning XML external entity (XXE) injection.

---

What's Changed

• refactor: XML validator explicitely harden against XXE injections by @jkowalleck in #1064

Full Changelog: v6.7.1...v6.7.2

6.7.1

Security Fixes

This release contains a security fix for the following CVE GHSA-38gf-rh2w-gmj7.

(Release v6.7.0 got yanked for security reasons, and should not be used. Please upgrade to ^6.7.1)

Changed

Reverted v6.7.0, back to v6.6.1 -- fixes SecurityAdvisory GHSA-38gf-rh2w-gmj7

---

What's Changed

Full Changelog: v6.6.1...v6.7.1

6.6.1

Fixed

• JSON validator allow arbitrary $schema (#1059 via #1060)

---

What's Changed

• ci: modernize artifact action by @jkowalleck in #1056
• chore: test node22 by @jkowalleck in #1057
• fix: JsvonValidator allow arbitrary $schema by @jkowalleck in #1060

Full Changelog: v6.6.0...v6.6.1

6.6.0

Changed

• Serializers and License-Normalizers will take license acknowledgement into account (#1051 via #1052)

Added

• Namespace Enums
  • New enum LicenseAcknowledgement (#1051 via #1052)
• Namespace Models
  • Class LicenseExpression got new property acknowledgement (#1051 via #1052)
  • Class NamedLicense got new property acknowledgement (#1051 via #1052)
  • Class SpdxLicense got new property acknowledgement (#1051 via #1052)

---

What's Changed

• feat: license acknowledgement by @jkowalleck in #1052

Full Changelog: v6.5.1...v6.6.0

6.5.1

• Dependencies
  • Bumped the range of optional requirement ajv-formats to ^3.0.1, was ^2.1.1 (via #1037)
    This should fix JSON-validation for time/date.

---

What's Changed

• chore: add editorconfig checks to eslint by @jkowalleck in #1043
• Chore/migtate from eslint config standard with typescript to eslint config love by @jkowalleck in #1045
• chore: add the transitive peer dependencies by @jkowalleck in #1047
• chore(deps): bump ajv-formats from 2.1.1 to 3.0.1 in the ajv group by @dependabot in #1037

Full Changelog: v6.5.0...v6.5.1