Bump cyclonedx-bom from 3.2.1 to 3.5.0

[dependabot[bot]]

Bumps cyclonedx-bom from 3.2.1 to 3.5.0.

Release notes

Sourced from cyclonedx-bom's releases.

v3.5.0

Feature

• Optionally force bom_ref to be purl rather that the default random UUID format - thanks @​RodneyRichardson (9659d08)

v3.4.0

Feature

• Update purl to match specification when ingesting packages from Conda - thanks to @​RodneyRichardson (072c8f1)

v3.3.0

Feature

• Add Conda MD5 hash to Component.hashes, if available - thanks @​RodneyRichardson (772c517)

v3.2.2

Fix

• Add actively used (transitive) dependencies (#363) (1f45ad9)

Changelog

Sourced from cyclonedx-bom's changelog.

v3.5.0 (2022-06-27)

Feature

• Optionally force bom_ref to be purl rather that the default random UUID format - thanks @​RodneyRichardson (9659d08)

v3.4.0 (2022-06-16)

Feature

• Update purl to match specification when ingesting packages from Conda - thanks to @​RodneyRichardson (072c8f1)

v3.3.0 (2022-06-16)

Feature

• Add Conda MD5 hash to Component.hashes, if available - thanks @​RodneyRichardson (772c517)

v3.2.2 (2022-06-02)

Fix

• Add actively used (transitive) dependencies (#363) (1f45ad9)

Commits

• d5465ec 3.5.0
• 9659d08 feat: optionally force bom_ref to be purl rather that the default random ...
• b9b3a01 Update README.md with purl-bom-ref parameter.
• d609ec3 Add CLI option to use purl as bom-ref.
• b1f9895 Remove unnecessary str() cast.
• 23d10bf Merge branch 'CycloneDX:master' into use-explicit-bom-ref
• 7139bb0 chore: Bump flake8-bugbear from 22.4.25 to 22.6.22 (#376)
• f89f706 Merge branch 'master' into use-explicit-bom-ref
• a9bbe5e chore: Bump cyclonedx-python-lib from 2.4.0 to 2.5.2 (#373)
• cf7c625 3.4.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)