Sourced from @​cyclonedx/cdxgen's releases.

Release v11.8.0

What's Changed

Breaking Changes 🛠

• pin direct dependencies + simplify pnpm install steps by @​prabhu in CycloneDX/cdxgen#2260
• In source arborist with ESM conversion by @​prabhu in CycloneDX/cdxgen#2274

🐛 Bug Fixes

• Re-added php and ruby to the binary SBOMs by @​malice00 in CycloneDX/cdxgen#2277
• Added support for changed (bug?) format with oras 1.3.0 by @​malice00 in CycloneDX/cdxgen#2281
• fix(piptree): prevent UnboundLocalError by logging path (not current_path) in cycle check by @​OfekShimko in CycloneDX/cdxgen#2359

🧼 Code Refactoring

• Simplified safeSpawnSync invocations by @​prabhu in CycloneDX/cdxgen#2235

🧪 Testing

• Set explicit versions for older Node by @​malice00 in CycloneDX/cdxgen#2288

🏗️ Build System

• Added usage of Nexus for RubyGems when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2225
• Removed 'php' to get rid of the error during the build by @​malice00 in CycloneDX/cdxgen#2232
• Added usage of Nexus for downloading NodeJS distributions & source (npm, nvm) when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2230
• Added usage of Nexus for downloading Ruby source (rbenv) when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2231
• Reverting the Debian repos on self-hosted was not correct by @​malice00 in CycloneDX/cdxgen#2237
• Added usage of Nexus for downloading binaries (releases) from GitHub when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2239
• Added usage of Nexus for downloading Swift when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2241
• Added usage of Nexus for downloading Composer when running on self-hosted runners by @​malice00 in CycloneDX/cdxgen#2240
• Added action 'pnpm/action-setup' to install pnpm by @​malice00 in CycloneDX/cdxgen#2247
• Bazel can also be downloaded from Nexus when running on self-hosted by @​malice00 in CycloneDX/cdxgen#2283
• Found some more binary downloads that can be proxied by @​malice00 in CycloneDX/cdxgen#2284
• Replaced more 'pnpm install' commands with shorter script by @​malice00 in CycloneDX/cdxgen#2286
• Switched actions to use '.nvmrc' file for Node version by @​malice00 in CycloneDX/cdxgen#2296
• Set explicit versions in workflows for bun and deno by @​malice00 in CycloneDX/cdxgen#2315

📦 Dependency Updates

• chore(deps): update github/codeql-action action to v3.30.0 by @​renovate[bot] in CycloneDX/cdxgen#2234
• chore(deps): update actions/setup-go action to v6 by @​renovate[bot] in CycloneDX/cdxgen#2245
• chore(deps): update dependency go to v1.25.1 by @​renovate[bot] in CycloneDX/cdxgen#2244
• chore(deps): pin pnpm/action-setup action to a7487c7 by @​renovate[bot] in CycloneDX/cdxgen#2248
• chore(deps): update actions/setup-python action to v6 by @​renovate[bot] in CycloneDX/cdxgen#2246
• chore(deps): update actions/setup-node action to v5 by @​renovate[bot] in CycloneDX/cdxgen#2243
• chore(deps): update cachix/install-nix-action action to v31.6.1 by @​renovate[bot] in CycloneDX/cdxgen#2250
• chore(deps): update github/codeql-action action to v3.30.1 - autoclosed by @​renovate[bot] in CycloneDX/cdxgen#2252
• chore(deps): update softprops/action-gh-release action to v2.3.3 by @​renovate[bot] in CycloneDX/cdxgen#2253
• chore(deps): update dependency @​biomejs/biome to v2.2.3 by @​renovate[bot] in CycloneDX/cdxgen#2251
• chore(deps): update dependency prebuild to v13.0.1 by @​renovate[bot] in CycloneDX/cdxgen#2266
• chore(deps): update github/codeql-action action to v3.30.2 by @​renovate[bot] in CycloneDX/cdxgen#2271
• chore(deps): update oras-project/setup-oras action to v1.2.4 by @​renovate[bot] in CycloneDX/cdxgen#2272
• chore(deps): update sbt/setup-sbt action to v1.1.13 by @​renovate[bot] in CycloneDX/cdxgen#2273
• chore(deps): update dependency statuses to v2.0.2 by @​renovate[bot] in CycloneDX/cdxgen#2268
• chore(deps): update dependency lru-cache to v11.2.1 by @​renovate[bot] in CycloneDX/cdxgen#2269
• chore(deps): update dependency tar-fs to v3.1.0 by @​renovate[bot] in CycloneDX/cdxgen#2275
• chore(deps): update dependency lru-cache to v11.2.1 by @​renovate[bot] in CycloneDX/cdxgen#2279
• chore(deps): pin shivammathur/setup-php action to ec406be by @​renovate[bot] in CycloneDX/cdxgen#2278

... (truncated)

• d8895c2 chore(deps): update dependency python to 3.13 (#2353)
• 742e357 fix(piptree): prevent UnboundLocalError by logging path (not current_path) in...
• 673f794 chore(deps): update ruby/setup-ruby action to v1.261.0 (#2358)
• 124d017 chore(deps): update pnpm to v10.17.0 (#2299)
• 91f0b03 chore(deps): update node.js to v24.8.0 (#2342)
• 339f12a Added minimum release age for dependencies in pnpm (#2356)
• 1785f35 chore(deps): update dependency deno to v2.5.1 (#2307)
• f74cf0b chore(deps): update dependency bun to v1.2.22 (#2306)
• c4be337 fix(deps): update dependency got to v14.4.9 (#2354)
• c448cc9 chore(deps): update ruby docker tag to v3.4.6 (#2341)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)