Releases: espressif/esp-idf-sbom
Releases · espressif/esp-idf-sbom
Version 0.21.1
v0.21.1 (2025-12-29)
Bug Fixes
- add NONE to severity color map
- exclude DuckDB related CVE
Version 0.21.0
v0.21.0 (2025-07-19)
New Features
- add a JSON schema for a vulnerability report in JSON format
Bug Fixes
- handle version comparison when version ranges are not available
- use stricter validation of CPE string binding
- url encode cpe value before querying NVD REST API
Version 0.20.1
v0.20.1 (2025-03-18)
Bug Fixes
- bump python to 3.13 in release_pypi.yml
Version 0.20.0
v0.20.0 (2025-03-18)
New Features
- add support for embedded manifests
Bug Fixes
- use version comparison as a fallback to CPE match strings
- evaluate CPE attribute relations correctly
- avoid calling git-grep if neither cpe nor keyword is present
- clone and fetch only the master branch
Version 0.19.1
v0.19.1 (2024-10-18)
Bug Fixes
- include all used components in the project's SPDX dependencies
Version 0.19.0
v0.19.0 (2024-10-14)
New Features
- enable keyword search in CVE description
Version 0.18.0
v0.18.0 (2024-09-10)
New Features
- allow usage of local NVD mirror for vulnerability scanning
Bug Fixes
- skip manifest validation in pre-commit if a git rebase is in progress
- exclude files from sub-package if it's not included
- properly manage input paths for the manifest license sub-command
- include missing dependencies for the SPDX project package
Version 0.17.1
v0.17.1 (2024-07-11)
Bug Fixes
- correct global variable annotation for Python versions prior to 3.8
- ensure pyparsing usage remains compatible with version 2.2.2 or newer
Version 0.17.0
v0.17.0 (2024-07-10)
New Features
- add a global list of excluded CVEs
- allow conditional expressions in manifest files
- introduce virtual package support
Version 0.16.0
v0.16.0 (2024-06-19)
New Features
- introduce -n/--name option to enable querying NVD by package name
Bug Fixes
- skip unregistered components