v11.10.0

v11.10.0 (2026-06-11)

Bug Fixes

• Lossless flattening of dependency graph during JSON serialization (#993, d0e10ca)

• Typing in contrib.bom.utils.BomDependencyGraphFlatMerger (#998, 988a937)

Documentation

• Improve docs of contrib.bom.utils.BomRefDiscriminator (#996, 9beaf5c)

Features

• Add contrib.bom.utils.BomDependencyGraphFlatMerger (#997, 78b8d8b)

• Move output.BomRefDiscriminator to contrib.bom.utils.BomRefDiscriminator (#995, 3bb87aa)

Performance Improvements

• contrib.bom.utils.bomdependencygraphflatmerger._flatten_merge (#999, a8579b8)

---

What's Changed

• feat: move output.BomRefDiscriminator to contrib.bom.utils.BomRefDiscriminator by @jkowalleck in #995
• docs: improve docs of contrib.bom.utils.BomRefDiscriminator by @jkowalleck in #996
• feat: add contrib.bom.utils.BomDependencyGraphFlatMerger by @jkowalleck in #997
• fix: typing in contrib.bom.utils.BomDependencyGraphFlatMerger by @jkowalleck in #998
• perf: contrib.bom.utils.BomDependencyGraphFlatMerger._flatten_merge by @jkowalleck in #999
• fix: lossless flattening of dependency graph during JSON serialization by @jkowalleck in #993

Full Changelog: v11.9.0...v11.10.0

v11.9.0

v11.9.0 (2026-06-08)

Features

• Add support for license expression details (#908, b502381)

---

What's Changed

• chore(deps): bump snok/install-poetry from 1.4.1 to 1.4.2 by @dependabot[bot] in #990
• chore(deps): update m2r2 requirement from >=0.3.2 to >=0.3.4 by @dependabot[bot] in #970
• feat: add support for license expression details by @Churro in #908

Full Changelog: v11.8.0...v11.9.0

v11.8.0

v11.8.0 (2026-06-04)

Documentation

• Update CDX summary (#951, 752b162)

Features

• Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985, 303889b)

• Pull SPDX license IDs v1.1-3.28.0 (#986, 42ff044)

---

What's Changed

• chore: extract glob for pyupgrade to separate script for cross-platform compatibility by @peschuster in #950
• docs: update CDX summary by @jkowalleck in #951
• chore: fix test coverage reporting by @jkowalleck in #956
• chore(deps-dev): update tomli requirement from 2.3.0 to 2.4.1 by @dependabot[bot] in #954
• chore(release): use own GH app for releasing by @jkowalleck in #958
• chore(ci): pin GitHub Actions to immutable SHAs while preserving tag tracking by @Copilot in #961
• chore: add zizmor workflow to harden GitHub Actions security by @Copilot in #968
• Update PULL_REQUEST_TEMPLATE.md by @jkowalleck in #974
• chore: Update CONTRIBUTING.md by @jkowalleck in #975
• chore(ci): comments for pinned actions by @jkowalleck in #984
• feat: add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 by @jkowalleck in #985
• chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 by @dependabot[bot] in #982
• chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 by @dependabot[bot] in #964
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 by @dependabot[bot] in #963
• feat: pull SPDX license IDs v1.1-3.28.0 by @jkowalleck in #986

Full Changelog: v11.7.0...v11.8.0

v11.7.1-alpha.2

v11.7.1-alpha.2 (2026-05-04)

test release during #969

---

Detailed Changes: v11.7.0...v11.7.1-alpha.2

v11.7.1-alpha.1

v11.7.1-alpha.1 (2026-05-04)

test release during #969

---

Full Changelog: v11.7.0...v11.7.1-alpha.1

v11.7.0-rc.4

v11.7.0-rc.4 (2026-04-10)

test release during #961

---

Detailed Changes: v11.7.0-rc.3...v11.7.0-rc.4

v11.7.0-rc.3

v11.7.0-rc.3 (2026-04-10)

test release during #961

---

Detailed Changes: v11.7.0-rc.2...v11.7.0-rc.3

v11.7.0-rc.2

v11.7.0-rc.2 (2026-04-10)

test release during #961

---

Detailed Changes: v11.7.0-rc.1...v11.7.0-rc.2

v11.7.0-rc.1

v11.7.0-rc.1 (2026-04-10)

test release during #961

---

Detailed Changes: v11.7.0...v11.7.0-rc.1

v11.7.0

v11.7.0 (2026-03-17)

Documentation

• Add comprehensive SBOM validation guide (#933, bf596c0)

• Docstrings for schema version classes (#946, 6460b71)

• Modernize RTF setup (#921, af0059d)

Features

• Add properties for licenses according to CycloneDX 1.5 (#947, 375d209)

• Make schema deprecation warnings handle-able (#945, 71edacf)

---

What's Changed

• docs: modernize RTF setup by @jkowalleck in #921
• chore(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #924
• chore(deps): bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #925
• chore(deps-dev): update mypy requirement from 1.19.0 to 1.19.1 by @dependabot[bot] in #929
• chore(deps): Update pyupgrade version to 3.21.2 by @jkowalleck in #930
• chore(ci): modernize GH ci by @jkowalleck in #932
• docs: Add comprehensive SBOM validation guide by @saquibsaifee in #933
• Fix signing command in contribution guide by @stefan6419846 in #943
• docs: docstrings for schema version classes by @jkowalleck in #946
• feat: make schema deprecation warnings handle-able by @jkowalleck in #945
• feat: add properties for licenses according to CycloneDX 1.5 by @peschuster in #947
• chore: force tox environment to utf8 by @peschuster in #949

New Contributors

• @stefan6419846 made their first contribution in #943
• @peschuster made their first contribution in #947

Full Changelog: v11.6.0...v11.7.0