Changed

• version and purl fields in components list are now optional in CycloneDX SBOMs

Added

• Nix store access to the default sandbox
• Mac OS's Library/Java/JavaVirtualMachines paths to the dependency parsing sandbox

Fixed

• Unclear error when running phylum init with an invalid organization

Added

• phylum exception subcommand for managing suppressions

Fixed

• msbuild lockfile parser allowing missing names and versions

Added

• Support for C#'s packages.*.config lockfile type
• phylum firewall log command to browse firewall activity log

Changed

• Certificate check option name doesn't match configuration option

Fixed

• Gradle manifests incorrectly retained on Windows

Fixed

• pnpm version 5 parser including metadata in package versions
• Platform-specific dependencies ignored by the Gemfile.lock parser

CLI

Fixed

• pip parser failing with whitespace around == in requirement specifier

Extensions API

Fixed

• Add missing organization parameters to global Phylum object endpoints

Fixed

• pip parser failing with whitespace around == in requirement specifier

Fixed

• phylum package showing complete packages as analysis failures

Fixed

• phylum package subcommand showing unprocessed packages as complete
• Packages which cannot be analyzed showing up as having no issues

Changed

• Use suppression_reason instead of deprecated suppressed field

Fixed

• Package subcommand failing to parse API responses