From 83b54aa581f8bfe0e21733295e3f651f0dd9f21a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 15:46:32 +0200 Subject: [PATCH 01/12] chore(deps-dev): update mypy requirement from 1.11.0 to 1.11.1 (#655) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version.
Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

Mypy now supports the new type parameter syntax introduced in Python 3.12 (PEP 695). This feature is still experimental and must be enabled with the --enable-incomplete-feature=NewGenericSyntax flag, or with enable_incomplete_feature = NewGenericSyntax in the mypy configuration file. We plan to enable this by default in the next mypy feature release.

This example demonstrates the new syntax:

# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...

reveal_type(f(1)) # Revealed type is 'int'

Generic class

class C[T]: def init(self, x: T) -> None: self.x = x

c = C('a') reveal_type(c.x) # Revealed type is 'str'

Type alias

type A[T] = C[list[T]]

This feature was contributed by Jukka Lehtosalo.

Support for functools.partial

Mypy now type checks uses of functools.partial. Previously mypy would accept arbitrary arguments.

This example will now produce an error:

from functools import partial
</tr></table>

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 95095fb1..00344ba1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,7 +92,7 @@ flake8-use-fstring = "1.4" pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" -mypy = "1.11.0" +mypy = "1.11.1" tox = "4.16.0" xmldiff = "2.7.0" bandit = "1.7.9" From e927bb107f9cb804782652628d785522d51a0c8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:38:32 +0200 Subject: [PATCH 02/12] chore(deps-dev): update tox requirement from 4.16.0 to 4.17.1 (#662) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version.
Release notes

Sourced from tox's releases.

4.17.1

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/tox/compare/4.17.0...4.17.1

Changelog

Sourced from tox's changelog.

v4.17.1 (2024-08-07)

Bugfixes - 4.17.1

- Support for running ``-e <major>.<minor>`` has
been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`)
- ``base_python`` now accepts absolute paths to interpreter executable -
by :user:`paveldikov`. (:issue:`3191`)

v4.17.0 (2024-08-05)

Features - 4.17.0

  • Add graalpy prefix as a supported base python (:issue:3312)
  • Add :ref:on_platform core configuration holding the tox platform and do not install package when exec an environment
    • by :user:gaborbernat. (:issue:3315)

Bugfixes - 4.17.0

- Add table with default environment variables per OS
(:issue:`2753`)

v4.16.0 (2024-07-02)

Bugfixes - 4.16.0

    • Add windir to the default list of Windows pass_env environment variables. - by :user:kurtmckee (:issue:3302)

Improved Documentation - 4.16.0

- - Fix typo in configuration example and fix broken link to
code style guide. - by :user:`srenfo` (:issue:`3297`)

v4.15.1 (2024-06-05)

Features - 4.15.1

- Fix ``skip_missing_interpreters`` option for ``package =
wheel`` (:issue:`3269`)

Bugfixes - 4.15.1
  • Fix section substitution with setenv. (:issue:3262)
  • Allow ConfigSet.add_config to receive parameterized generics for of_type. (:issue:3288)

v4.15.0 (2024-04-26)

Features - 4.15.0

- Add support for multiple appending override options (-x,
--override) on command line - by :user:`amitschang`. (:issue:`3261`)
&lt;/tr&gt;&lt;/table&gt;
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/352a3dd778fa9ecb1ddb339c37536a79fef1c121"><code>352a3dd</code></a>
release 4.17.1</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fafce99fcb3d9943a10b219c16de299a82e8d491"><code>fafce99</code></a>
fix(tox_env.python): do not process absolute paths to interpreter as
PythonSp...</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fdc9eb0355f3f58ca700147dc15e4c6894595bdf"><code>fdc9eb0</code></a>
Restore limited &lt;major&gt;.&lt;minor&gt; environment
name support (<a
href="https://redirect.github.com/tox-dev/tox/issues/3319">#3319</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/2f7c60ec71d47f4099394af11999a840bc97c9a9"><code>2f7c60e</code></a>
release 4.17.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/5425133459e9c0194c536eac332c06178ac0700e"><code>5425133</code></a>
Add on platform constat to core (<a
href="https://redirect.github.com/tox-dev/tox/issues/3315">#3315</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/2cf190ae5acc83488a9daef45e51cf964190e66d"><code>2cf190a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/tox/issues/3306">#3306</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/17435df3c962576f72a2548a5c00ec133e9161f9"><code>17435df</code></a>
Add GraalPy and test both GraalPy and Jython env identifiers (<a
href="https://redirect.github.com/tox-dev/tox/issues/3312">#3312</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/e6b9803d77c352aaf38e9d69c6d99d5d773b0617"><code>e6b9803</code></a>
Table with list of default env vars per OS (<a
href="https://redirect.github.com/tox-dev/tox/issues/3291">#3291</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/33f6c23a19e42b449ea8afbeff29060c997e2010"><code>33f6c23</code></a>
Fix user guide system overview so nodes don't overlap. (<a
href="https://redirect.github.com/tox-dev/tox/issues/3307">#3307</a>)</li>
<li>See full diff in <a
href="https://github.com/tox-dev/tox/compare/4.16.0...4.17.1">compare
view</a></li>
</ul>
</details>

<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 00344ba1..b7b1d302 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,7 @@ pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.11.1" -tox = "4.16.0" +tox = "4.17.1" xmldiff = "2.7.0" bandit = "1.7.9" From 9ba4cdeb1a723ae06d2f7a7ac7ba9786760bacc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:38:42 +0200 Subject: [PATCH 03/12] chore(deps-dev): update flake8 requirement from 7.1.0 to 7.1.1 (#661) Updates the requirements on [flake8](https://github.com/pycqa/flake8) to permit the latest version.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b7b1d302..cc436251 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -83,7 +83,7 @@ xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" coverage = "7.6.0" -flake8 = { version="7.1.0", python=">=3.8.1" } +flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.4.26", python=">=3.8.1" } flake8-isort = "6.1.1" From 99bcdd2646868f0ca1dacdd504ae560209b05a39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:49:13 +0200 Subject: [PATCH 04/12] chore(deps-dev): update coverage requirement from 7.6.0 to 7.6.1 (#660) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version.
Changelog

Sourced from coverage's changelog.

Version 7.6.1 — 2024-08-04

  • Fix: coverage used to fail when measuring code using :func:runpy.run_path <python:runpy.run_path> with a :class:Path <python:pathlib.Path> argument. This is now fixed, thanks to Ask Hjorth Larsen <pull 1819_>_.

  • Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl <pull 1828_>_.

  • Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828

.. _changes_7-6-0:

Version 7.6.0 — 2024-07-11

  • Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_> (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

  • The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

  • Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

  • Python 3.13.0b3 is supported.

.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809

.. _changes_7-5-4:

Version 7.5.4 — 2024-06-22

... (truncated)

Commits
  • 29f5898 docs: sample HTML for 7.6.1
  • 9b829f1 docs: prep for 7.6.1
  • ebbb6a2 build: wheels for 3.13rc1
  • 3872525 chore: make upgrade
  • 7a27f40 test: fix a test on free-threading, use abiflags to get site-packages path co...
  • 2b53664 build: include gil/nogil in the version banner
  • da1682f docs: changelog and contributor for #1828
  • dc819ff test: two tests for #1828
  • 9aaa404 fix: properly handle backslash before multi-line string (#1828)
  • 9c50270 chore: make upgrade
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index cc436251..43af8c31 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -82,7 +82,7 @@ xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" -coverage = "7.6.0" +coverage = "7.6.1" flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.4.26", python=">=3.8.1" } From c59036e06ddc97284f82efbbc168dc2d89d090d1 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Wed, 14 Aug 2024 15:32:16 +0200 Subject: [PATCH 05/12] feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) The code mistreated hashes for Blake2b and SHA3. Code for explicitly handling SHA1 & BLAKE3 was added, as those have no variants defined in the CycloneDX specification. fixes #652 --------- Signed-off-by: Michael Schlenker Co-authored-by: Michael Schlenker Co-authored-by: Jan Kowalleck --- cyclonedx/model/__init__.py | 29 +++++++++++++++++++++++++++-- tests/test_model.py | 17 +++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py index 4edb50e1..61ba9beb 100644 --- a/cyclonedx/model/__init__.py +++ b/cyclonedx/model/__init__.py @@ -418,6 +418,11 @@ def from_composite_str(composite_hash: str) -> 'HashType': Composite Hash string of the format `HASH_ALGORITHM`:`HASH_VALUE`. Example: `sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b`. + Valid case insensitive prefixes are: + `md5`, `sha1`, `sha256`, `sha384`, `sha512`, `blake2b256`, `blake2b384`, `blake2b512`, + `blake2256`, `blake2384`, `blake2512`, `sha3-256`, `sha3-384`, `sha3-512`, + `blake3`. + Raises: `UnknownHashTypeException` if the type of hash cannot be determined. @@ -432,17 +437,37 @@ def from_composite_str(composite_hash: str) -> 'HashType': alg=HashAlgorithm.MD5, content=parts[1].lower() ) + elif algorithm_prefix[0:4] == 'sha3': + return HashType( + alg=getattr(HashAlgorithm, f'SHA3_{algorithm_prefix[5:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix == 'sha1': + return HashType( + alg=HashAlgorithm.SHA_1, + content=parts[1].lower() + ) elif algorithm_prefix[0:3] == 'sha': + # This is actually SHA2... return HashType( alg=getattr(HashAlgorithm, f'SHA_{algorithm_prefix[3:]}'), content=parts[1].lower() ) + elif algorithm_prefix[0:7] == 'blake2b': + return HashType( + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[7:]}'), + content=parts[1].lower() + ) elif algorithm_prefix[0:6] == 'blake2': return HashType( - alg=getattr(HashAlgorithm, f'BLAKE2b_{algorithm_prefix[6:]}'), + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[6:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix[0:6] == 'blake3': + return HashType( + alg=HashAlgorithm.BLAKE3, content=parts[1].lower() ) - raise UnknownHashTypeException(f'Unable to determine hash type from {composite_hash!r}') def __init__( diff --git a/tests/test_model.py b/tests/test_model.py index 7b9ab794..76959f33 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -262,6 +262,23 @@ def test_hash_type_from_hashlib_alg_throws_on_unknown(self) -> None: HashAlgorithm.SHA_256, '806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b'), ('MD5', 'MD5:dc26cd71b80d6757139f38156a43c545', HashAlgorithm.MD5, 'dc26cd71b80d6757139f38156a43c545'), + ('sha3-256', 'sha3-256:f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101', + HashAlgorithm.SHA3_256, 'f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101'), + ('sha1', 'sha1:b82b9f695a3ae28053cb3776d2132ab625798055', + HashAlgorithm.SHA_1, 'b82b9f695a3ae28053cb3776d2132ab625798055'), + # Name format as used by 'openssl dgst and the Blake2 RFC' + ('blake2b512', + 'blake2b512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), + ('blake2512', + 'blake2512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), ) def test_hash_type_from_composite_str(self, composite: str, e_alg: HashAlgorithm, e_content: str) -> None: h = HashType.from_composite_str(composite) From 35368c58a8b21be771c6df5d4be66e98ce6bd22b Mon Sep 17 00:00:00 2001 From: semantic-release Date: Wed, 14 Aug 2024 13:35:10 +0000 Subject: [PATCH 06/12] chore(release): 7.6.0 Automatically generated by python-semantic-release Signed-off-by: semantic-release --- CHANGELOG.md | 19 +++++++++++++++++++ cyclonedx/__init__.py | 2 +- docs/conf.py | 2 +- pyproject.toml | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3722703..525b95e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,25 @@ +## v7.6.0 (2024-08-14) + +### Feature + +* feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) + +The code mistreated hashes for Blake2b and SHA3. +Code for explicitly handling SHA1 & BLAKE3 was added, as those have no +variants defined in the CycloneDX specification. + +fixes #652 + +--------- + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1)) + + ## v7.5.1 (2024-07-08) ### Fix diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index 26e82d7b..94522e30 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -20,4 +20,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "7.5.1" # noqa:Q000 +__version__ = "7.6.0" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index ebe26020..ffa0cd72 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '7.5.1' +release = '7.6.0' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 43af8c31..e780effa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "7.5.1" +version = "7.6.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ", From 61ce5b7ab5404125040654556888864fd6b1229c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 18 Aug 2024 14:55:45 +0200 Subject: [PATCH 07/12] chore(deps-dev): update tox requirement from 4.17.1 to 4.18.0 (#664) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version.
Release notes

Sourced from tox's releases.

4.18.0

What's Changed

Full Changelog: https://github.com/tox-dev/tox/compare/4.17.1...4.18.0

Changelog

Sourced from tox's changelog.

v4.18.0 (2024-08-13)

Features - 4.18.0

- Suppress spinner in parallel runs in CI - by :user:`ziima`.
(:issue:`3318`)

Bugfixes - 4.18.0

  • Boost temporary directories cleanup in tests - by :user:ziima. (:issue:3278)
  • Fix absolute base python paths conflicting - by :user:gaborbernat. (:issue:3325)

v4.17.1 (2024-08-07)

Bugfixes - 4.17.1

- Support for running ``-e <major>.<minor>`` has
been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`)
- ``base_python`` now accepts absolute paths to interpreter executable -
by :user:`paveldikov`. (:issue:`3191`)

v4.17.0 (2024-08-05)

Features - 4.17.0

  • Add graalpy prefix as a supported base python (:issue:3312)
  • Add :ref:on_platform core configuration holding the tox platform and do not install package when exec an environment
    • by :user:gaborbernat. (:issue:3315)

Bugfixes - 4.17.0

- Add table with default environment variables per OS
(:issue:`2753`)

v4.16.0 (2024-07-02)

Bugfixes - 4.16.0

    • Add windir to the default list of Windows pass_env environment variables. - by :user:kurtmckee (:issue:3302)

Improved Documentation - 4.16.0

- - Fix typo in configuration example and fix broken link to
code style guide. - by :user:`srenfo` (:issue:`3297`)

v4.15.1 (2024-06-05)

Features - 4.15.1

- Fix ``skip_missing_interpreters`` option for ``package =
wheel`` (:issue:`3269`)
&lt;/tr&gt;&lt;/table&gt;
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/ea72694813a34573f75cbbe284792c4fa96c73c2"><code>ea72694</code></a>
release 4.18.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/3b3628d451111ffc87f009a82eb65b53070377ec"><code>3b3628d</code></a>
Fix <a
href="https://redirect.github.com/tox-dev/tox/issues/3318">#3318</a>
- Suppress spinner in parallel runs in CI (<a
href="https://redirect.github.com/tox-dev/tox/issues/3321">#3321</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/1ee4a3335b1195c85b2fe0db120355dd50324f79"><code>1ee4a33</code></a>
Fix absolute base python paths conflicting (<a
href="https://redirect.github.com/tox-dev/tox/issues/3325">#3325</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/add99edff0ac34520d637d0ce60f8902b1a95b55"><code>add99ed</code></a>
Fix <a
href="https://redirect.github.com/tox-dev/tox/issues/3278">#3278</a>
- Boost temporary directories cleanup in tests (<a
href="https://redirect.github.com/tox-dev/tox/issues/3323">#3323</a>)</li>
<li>See full diff in <a
href="https://github.com/tox-dev/tox/compare/4.17.1...4.18.0">compare
view</a></li>
</ul>
</details>

<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index e780effa..87d2a456 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,7 @@ pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.11.1" -tox = "4.17.1" +tox = "4.18.0" xmldiff = "2.7.0" bandit = "1.7.9" From 3431d46704cdb050bf321658504b5c7b49f93466 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 25 Aug 2024 14:25:03 +0200 Subject: [PATCH 08/12] chore(deps-dev): update flake8-bugbear requirement from 24.4.26 to 24.8.19 (#666) Updates the requirements on [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) to permit the latest version.
Release notes

Sourced from flake8-bugbear's releases.

24.8.19

  • B910: implement to suggest using Counter() instead of defaultdict(int) (#489)
  • B901: Do not trigger with explicit Generator return type (#481)
  • B008: add some comments, rename b008_extend_immutable_calls (#476)
  • B040: exception with note added not reraised or used (#477)
  • B039, Add ContextVar with mutable literal or function call as default
  • B040: Add Exception with added note not reraised. (#474)
  • Run tests in Python 3.13
  • Type annotated code (#481 + #483)
  • Replace hash with unsafe_hash (#486)
Commits
  • 2f4e42f Update CHANGES + move to version 24.8.19 to release
  • c50e9dc [pre-commit.ci] pre-commit autoupdate (#487)
  • f0eeda8 Replace hash with unsafe_hash (#486)
  • 5939910 Implemented #323: Added new check B910 to suggest using Counter() instead of ...
  • 33993a4 [pre-commit.ci] pre-commit autoupdate (#484)
  • 5ccce79 More types (#483)
  • cfda1e8 Do not trigger B901 with explicit Generator return type (#481)
  • b15feed Set up mypy (#482)
  • 3157b89 add b040: exception with note added not reraised or used (#477)
  • 188eab8 Merge pull request #476 from jakkdl/contextvar_mutable_or_call_default
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 87d2a456..d64e1d41 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -85,7 +85,7 @@ ddt = "1.7.2" coverage = "7.6.1" flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } -flake8-bugbear = { version="24.4.26", python=">=3.8.1" } +flake8-bugbear = { version="24.8.19", python=">=3.8.1" } flake8-isort = "6.1.1" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" From 0bc690976c54c3e9a3d2e628c9edded44d137663 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 22:52:38 +0200 Subject: [PATCH 09/12] chore(deps-dev): update mypy requirement from 1.11.1 to 1.11.2 (#668) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version.
Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

Mypy now supports the new type parameter syntax introduced in Python 3.12 (PEP 695). This feature is still experimental and must be enabled with the --enable-incomplete-feature=NewGenericSyntax flag, or with enable_incomplete_feature = NewGenericSyntax in the mypy configuration file. We plan to enable this by default in the next mypy feature release.

This example demonstrates the new syntax:

# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...

reveal_type(f(1)) # Revealed type is 'int'

Generic class

class C[T]: def init(self, x: T) -> None: self.x = x

c = C('a') reveal_type(c.x) # Revealed type is 'str'

Type alias

type A[T] = C[list[T]]

This feature was contributed by Jukka Lehtosalo.

Support for functools.partial

Mypy now type checks uses of functools.partial. Previously mypy would accept arbitrary arguments.

This example will now produce an error:

from functools import partial
</tr></table>

... (truncated)

Commits
  • 789f02c Bump version to 1.11.2
  • 917cc75 An alternative fix for a union-like literal string (#17639)
  • 7d805b3 Unwrap TypedDict item types before storing (#17640)
  • 32675dd Revert "Fix Literal strings containing pipe characters" (#17638)
  • 778542b Revert "Fix RawExpressionType.accept crash with --cache-fine-grained" (#1...
  • 14ab742 Bump version to 1.11.2+dev
  • See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d64e1d41..625d7999 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,7 +92,7 @@ flake8-use-fstring = "1.4" pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" -mypy = "1.11.1" +mypy = "1.11.2" tox = "4.18.0" xmldiff = "2.7.0" bandit = "1.7.9" From 111cadcbf7a2de69919b008ce02741d66b3e13eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 8 Sep 2024 12:08:48 +0200 Subject: [PATCH 10/12] chore(deps-dev): update tox requirement from 4.18.0 to 4.18.1 (#670) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version.
Release notes

Sourced from tox's releases.

4.18.1

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/tox/compare/4.18.0...4.18.1

Changelog

Sourced from tox's changelog.

v4.18.1 (2024-09-07)

Bugfixes - 4.18.1

- Fix and test the string spec for the ``sys.executable``
interpreter (introduced in :pull:`3325`)
  - by :user:`hroncok` (:issue:`3327`)

Improved Documentation - 4.18.1

  • Changes the tox_env_teardown docstring to explain the hook is called after a tox env was teared down. (:issue:3305)

v4.18.0 (2024-08-13)

Features - 4.18.0

- Suppress spinner in parallel runs in CI - by :user:`ziima`.
(:issue:`3318`)

Bugfixes - 4.18.0

  • Boost temporary directories cleanup in tests - by :user:ziima. (:issue:3278)
  • Fix absolute base python paths conflicting - by :user:gaborbernat. (:issue:3325)

v4.17.1 (2024-08-07)

Bugfixes - 4.17.1

- Support for running ``-e <major>.<minor>`` has
been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`)
- ``base_python`` now accepts absolute paths to interpreter executable -
by :user:`paveldikov`. (:issue:`3191`)

v4.17.0 (2024-08-05)

Features - 4.17.0

  • Add graalpy prefix as a supported base python (:issue:3312)
  • Add :ref:on_platform core configuration holding the tox platform and do not install package when exec an environment
    • by :user:gaborbernat. (:issue:3315)

Bugfixes - 4.17.0

- Add table with default environment variables per OS
(:issue:`2753`)

v4.16.0 (2024-07-02)

Bugfixes - 4.16.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 625d7999..1af2537c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,7 @@ pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.11.2" -tox = "4.18.0" +tox = "4.18.1" xmldiff = "2.7.0" bandit = "1.7.9" From 934d39dfd9fde5391257e3688134a6a6620a8051 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 13:32:32 +0200 Subject: [PATCH 11/12] chore(deps): update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 (#656) Updates the requirements on [sphinx](https://github.com/sphinx-doc/sphinx) to permit the latest version.
Release notes

Sourced from sphinx's releases.

Sphinx 8.0.2

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinx's changelog.

Release 8.0.2 (released Jul 30, 2024)

Bugs fixed

  • Fix the pygments.Formatter.__class_getitem__ patch. Patch by Adam Turner.

Release 8.0.1 (released Jul 30, 2024)

Bugs fixed

  • Patch pygments.Formatter.__class_getitem__ in Pygments 2.17. Patch by Adam Turner.

Release 8.0.0 (released Jul 29, 2024)

Dependencies

  • #12633: Drop Python 3.9 support.

Incompatible changes

.. rst-class:: compact

  • Remove deprecated functions from sphinx.util:

    • Removed sphinx.util.path_stabilize (use sphinx.util.osutil.path_stabilize).
    • Removed sphinx.util.display_chunk (use sphinx.util.display.display_chunk).
    • Removed sphinx.util.status_iterator (use sphinx.util.display.status_iterator).
    • Removed sphinx.util.SkipProgressMessage (use sphinx.util.display.SkipProgressMessage).
    • Removed sphinx.util.progress_message (use sphinx.util.display.progress_message).
    • Removed sphinx.util.epoch_to_rfc1123 (use sphinx.http_date.epoch_to_rfc1123).
    • Removed sphinx.util.rfc1123_to_epoch (use sphinx.http_date.rfc1123_to_epoch).
    • Removed sphinx.util.save_traceback (use sphinx.exceptions.save_traceback).
    • Removed sphinx.util.format_exception_cut_frames

... (truncated)

Commits

You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 7dc0b112..32780572 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,4 @@ m2r2>=0.3.2 -sphinx>=7.2.6,<8 +sphinx>=7.2.6,<9 sphinx-autoapi>=3.0.0,<4 sphinx-rtd-theme>=2.0.0,<3 From 35e00b4ee5a9306b9e97b011025409bcbfcef309 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 18 Sep 2024 15:50:16 +0200 Subject: [PATCH 12/12] fix: file copyright headers (#676) utilizes flake8 plugin to assert the correct headers Signed-off-by: Jan Kowalleck --- .flake8 | 19 +++++++++++++++++++ cyclonedx/__init__.py | 2 ++ cyclonedx/_internal/__init__.py | 2 ++ cyclonedx/_internal/compare.py | 2 ++ cyclonedx/_internal/hash.py | 2 ++ cyclonedx/_internal/time.py | 2 ++ cyclonedx/exception/__init__.py | 2 ++ cyclonedx/exception/factory.py | 2 ++ cyclonedx/exception/model.py | 2 ++ cyclonedx/exception/output.py | 2 ++ cyclonedx/exception/serialization.py | 2 ++ cyclonedx/factory/__init__.py | 2 ++ cyclonedx/factory/license.py | 2 ++ cyclonedx/model/__init__.py | 2 ++ cyclonedx/model/bom.py | 2 +- cyclonedx/model/bom_ref.py | 2 +- cyclonedx/model/component.py | 2 +- cyclonedx/model/contact.py | 2 ++ cyclonedx/model/crypto.py | 2 +- cyclonedx/model/dependency.py | 2 +- cyclonedx/model/impact_analysis.py | 2 +- cyclonedx/model/issue.py | 2 ++ cyclonedx/model/license.py | 4 ++-- cyclonedx/model/release_note.py | 2 +- cyclonedx/model/service.py | 2 ++ cyclonedx/model/vulnerability.py | 2 +- cyclonedx/output/__init__.py | 2 ++ cyclonedx/output/json.py | 2 +- cyclonedx/output/xml.py | 2 +- cyclonedx/schema/__init__.py | 2 ++ cyclonedx/schema/_res/__init__.py | 2 ++ cyclonedx/schema/schema.py | 2 +- cyclonedx/serialization/__init__.py | 2 ++ cyclonedx/spdx.py | 2 ++ cyclonedx/validation/__init__.py | 2 ++ cyclonedx/validation/json.py | 2 ++ cyclonedx/validation/model.py | 2 ++ cyclonedx/validation/xml.py | 2 ++ examples/complex_deserialize.py | 2 +- examples/complex_serialize.py | 2 +- pyproject.toml | 1 + tests/__init__.py | 2 +- tests/_data/__init__.py | 4 +--- tests/_data/models.py | 2 +- tests/test_component.py | 2 +- tests/test_deserialize_json.py | 2 +- tests/test_deserialize_xml.py | 2 +- tests/test_enums.py | 2 ++ tests/test_factory_license.py | 2 +- tests/test_model.py | 2 +- tests/test_model_bom.py | 2 +- tests/test_model_bom_ref.py | 2 +- tests/test_model_component.py | 2 +- tests/test_model_dependency.py | 2 +- tests/test_model_issue.py | 2 +- tests/test_model_license.py | 2 +- tests/test_model_release_note.py | 2 +- tests/test_model_service.py | 2 +- tests/test_model_vulnerability.py | 2 +- tests/test_output.py | 2 +- tests/test_output_json.py | 2 +- tests/test_output_xml.py | 2 +- tests/test_real_world_examples.py | 2 +- tests/test_schema_SchemaVersion.py | 2 +- tests/test_schema__res.py | 2 +- tests/test_spdx.py | 2 +- tests/test_validation.py | 2 +- tests/test_validation_json.py | 2 +- tests/test_validation_xml.py | 2 +- tools/schema-downloader.py | 3 +++ 70 files changed, 117 insertions(+), 44 deletions(-) diff --git a/.flake8 b/.flake8 index 831f1610..459cc557 100644 --- a/.flake8 +++ b/.flake8 @@ -22,3 +22,22 @@ ignore = # > Despite being in the best practice section, this will soon be considered an anti-pattern. # So lets ignore this "suggestion" that is actually an anti-pattern already! W503 + +## https://pypi.org/project/flake8-copyright-validator/ +copyright-text = + '# This file is part of CycloneDX Python Library' + '#' + '# Licensed under the Apache License, Version 2.0 (the "License");' + '# you may not use this file except in compliance with the License.' + '# You may obtain a copy of the License at' + '#' + '# http://www.apache.org/licenses/LICENSE-2.0' + '#' + '# Unless required by applicable law or agreed to in writing, software' + '# distributed under the License is distributed on an "AS IS" BASIS,' + '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.' + '# See the License for the specific language governing permissions and' + '# limitations under the License.' + '#' + '# SPDX-License-Identifier: Apache-2.0' + '# Copyright (c) OWASP Foundation. All Rights Reserved.' diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index 94522e30..3c6cd2df 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/__init__.py b/cyclonedx/_internal/__init__.py index edd63c05..4513dbac 100644 --- a/cyclonedx/_internal/__init__.py +++ b/cyclonedx/_internal/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/compare.py b/cyclonedx/_internal/compare.py index 08ebb75c..226fa615 100644 --- a/cyclonedx/_internal/compare.py +++ b/cyclonedx/_internal/compare.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/hash.py b/cyclonedx/_internal/hash.py index c025eaa2..4fc17f5e 100644 --- a/cyclonedx/_internal/hash.py +++ b/cyclonedx/_internal/hash.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/time.py b/cyclonedx/_internal/time.py index 2f3d50be..8a2a19d4 100644 --- a/cyclonedx/_internal/time.py +++ b/cyclonedx/_internal/time.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/__init__.py b/cyclonedx/exception/__init__.py index ef1ce340..886b63d1 100644 --- a/cyclonedx/exception/__init__.py +++ b/cyclonedx/exception/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/factory.py b/cyclonedx/exception/factory.py index 322e1fc3..2ddbb327 100644 --- a/cyclonedx/exception/factory.py +++ b/cyclonedx/exception/factory.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/model.py b/cyclonedx/exception/model.py index dd476671..cf354ed2 100644 --- a/cyclonedx/exception/model.py +++ b/cyclonedx/exception/model.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/output.py b/cyclonedx/exception/output.py index c3109f13..8b84c20a 100644 --- a/cyclonedx/exception/output.py +++ b/cyclonedx/exception/output.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/serialization.py b/cyclonedx/exception/serialization.py index 565b36c8..2c53beb5 100644 --- a/cyclonedx/exception/serialization.py +++ b/cyclonedx/exception/serialization.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/factory/__init__.py b/cyclonedx/factory/__init__.py index 50e0bf37..ffb3ca2f 100644 --- a/cyclonedx/factory/__init__.py +++ b/cyclonedx/factory/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/factory/license.py b/cyclonedx/factory/license.py index c5e0ffd1..f96cb697 100644 --- a/cyclonedx/factory/license.py +++ b/cyclonedx/factory/license.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py index 61ba9beb..213fdcf2 100644 --- a/cyclonedx/model/__init__.py +++ b/cyclonedx/model/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py index a36a5e10..0d423de8 100644 --- a/cyclonedx/model/bom.py +++ b/cyclonedx/model/bom.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/bom_ref.py b/cyclonedx/model/bom_ref.py index 936092eb..faf47cf4 100644 --- a/cyclonedx/model/bom_ref.py +++ b/cyclonedx/model/bom_ref.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py index 5287030b..89e7020d 100644 --- a/cyclonedx/model/component.py +++ b/cyclonedx/model/component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/contact.py b/cyclonedx/model/contact.py index dc42b1f7..a3cc2ed4 100644 --- a/cyclonedx/model/contact.py +++ b/cyclonedx/model/contact.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/crypto.py b/cyclonedx/model/crypto.py index 8dcab090..e1eda84e 100644 --- a/cyclonedx/model/crypto.py +++ b/cyclonedx/model/crypto.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/dependency.py b/cyclonedx/model/dependency.py index 80582d86..98a5525c 100644 --- a/cyclonedx/model/dependency.py +++ b/cyclonedx/model/dependency.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/impact_analysis.py b/cyclonedx/model/impact_analysis.py index 8e66e7ca..af1f5766 100644 --- a/cyclonedx/model/impact_analysis.py +++ b/cyclonedx/model/impact_analysis.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/issue.py b/cyclonedx/model/issue.py index 1378fcc1..56bb6b76 100644 --- a/cyclonedx/model/issue.py +++ b/cyclonedx/model/issue.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/license.py b/cyclonedx/model/license.py index 1bde1248..58651370 100644 --- a/cyclonedx/model/license.py +++ b/cyclonedx/model/license.py @@ -1,5 +1,5 @@ -# encoding: utf-8 - +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/release_note.py b/cyclonedx/model/release_note.py index f79e16e7..a605350e 100644 --- a/cyclonedx/model/release_note.py +++ b/cyclonedx/model/release_note.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/service.py b/cyclonedx/model/service.py index 3e3be565..46ce6c29 100644 --- a/cyclonedx/model/service.py +++ b/cyclonedx/model/service.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py index 8c9528f4..13bb7b82 100644 --- a/cyclonedx/model/vulnerability.py +++ b/cyclonedx/model/vulnerability.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/output/__init__.py b/cyclonedx/output/__init__.py index d6bcd19a..bbc4e532 100644 --- a/cyclonedx/output/__init__.py +++ b/cyclonedx/output/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/output/json.py b/cyclonedx/output/json.py index 525bd58d..403197b3 100644 --- a/cyclonedx/output/json.py +++ b/cyclonedx/output/json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/output/xml.py b/cyclonedx/output/xml.py index ffc94e89..604b6297 100644 --- a/cyclonedx/output/xml.py +++ b/cyclonedx/output/xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/schema/__init__.py b/cyclonedx/schema/__init__.py index 7b454948..0b74ec7d 100644 --- a/cyclonedx/schema/__init__.py +++ b/cyclonedx/schema/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/schema/_res/__init__.py b/cyclonedx/schema/_res/__init__.py index 201fb24c..8ce859cc 100644 --- a/cyclonedx/schema/_res/__init__.py +++ b/cyclonedx/schema/_res/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/schema/schema.py b/cyclonedx/schema/schema.py index 79ae2eff..1dc7db27 100644 --- a/cyclonedx/schema/schema.py +++ b/cyclonedx/schema/schema.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/serialization/__init__.py b/cyclonedx/serialization/__init__.py index 87aa5e79..427d0bf6 100644 --- a/cyclonedx/serialization/__init__.py +++ b/cyclonedx/serialization/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/spdx.py b/cyclonedx/spdx.py index 480165ae..8f7e30b1 100644 --- a/cyclonedx/spdx.py +++ b/cyclonedx/spdx.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/__init__.py b/cyclonedx/validation/__init__.py index b7dda3f1..44c9634e 100644 --- a/cyclonedx/validation/__init__.py +++ b/cyclonedx/validation/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/json.py b/cyclonedx/validation/json.py index 8a7dab8a..ebdd01e0 100644 --- a/cyclonedx/validation/json.py +++ b/cyclonedx/validation/json.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/model.py b/cyclonedx/validation/model.py index c427e60f..1f8b6061 100644 --- a/cyclonedx/validation/model.py +++ b/cyclonedx/validation/model.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/xml.py b/cyclonedx/validation/xml.py index 0adff2dc..2ba79890 100644 --- a/cyclonedx/validation/xml.py +++ b/cyclonedx/validation/xml.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/examples/complex_deserialize.py b/examples/complex_deserialize.py index e112a719..d139aa01 100644 --- a/examples/complex_deserialize.py +++ b/examples/complex_deserialize.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/examples/complex_serialize.py b/examples/complex_serialize.py index ccf47d76..477e7ee5 100644 --- a/examples/complex_serialize.py +++ b/examples/complex_serialize.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/pyproject.toml b/pyproject.toml index 1af2537c..d64d5298 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -86,6 +86,7 @@ coverage = "7.6.1" flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.8.19", python=">=3.8.1" } +flake8-copyright-validator = "0.0.1" flake8-isort = "6.1.1" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" diff --git a/tests/__init__.py b/tests/__init__.py index 02a82d2f..48760b1a 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/_data/__init__.py b/tests/_data/__init__.py index 308d97e7..671a2188 100644 --- a/tests/_data/__init__.py +++ b/tests/_data/__init__.py @@ -1,6 +1,4 @@ -# encoding: utf-8 - -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/_data/models.py b/tests/_data/models.py index 150739a0..c0c092f1 100644 --- a/tests/_data/models.py +++ b/tests/_data/models.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_component.py b/tests/test_component.py index 625863d0..05ee373f 100644 --- a/tests/test_component.py +++ b/tests/test_component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_deserialize_json.py b/tests/test_deserialize_json.py index 9c5ad40e..de4e3940 100644 --- a/tests/test_deserialize_json.py +++ b/tests/test_deserialize_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_deserialize_xml.py b/tests/test_deserialize_xml.py index f2a3ad9c..ab5a990a 100644 --- a/tests/test_deserialize_xml.py +++ b/tests/test_deserialize_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_enums.py b/tests/test_enums.py index ba5c6c5f..c963c499 100644 --- a/tests/test_enums.py +++ b/tests/test_enums.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/tests/test_factory_license.py b/tests/test_factory_license.py index 05e6bd3a..f7fd7b99 100644 --- a/tests/test_factory_license.py +++ b/tests/test_factory_license.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model.py b/tests/test_model.py index 76959f33..50f0c893 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_bom.py b/tests/test_model_bom.py index 925846c7..60e22c69 100644 --- a/tests/test_model_bom.py +++ b/tests/test_model_bom.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_bom_ref.py b/tests/test_model_bom_ref.py index 05047b92..ccdc9c73 100644 --- a/tests/test_model_bom_ref.py +++ b/tests/test_model_bom_ref.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_component.py b/tests/test_model_component.py index 8ad7014c..c25fdc91 100644 --- a/tests/test_model_component.py +++ b/tests/test_model_component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_dependency.py b/tests/test_model_dependency.py index 1b0d2f64..77f68b79 100644 --- a/tests/test_model_dependency.py +++ b/tests/test_model_dependency.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_issue.py b/tests/test_model_issue.py index 54816995..2ae4a666 100644 --- a/tests/test_model_issue.py +++ b/tests/test_model_issue.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_license.py b/tests/test_model_license.py index 1ccfa534..11443e48 100644 --- a/tests/test_model_license.py +++ b/tests/test_model_license.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_release_note.py b/tests/test_model_release_note.py index fbbb4e94..4bf6eca6 100644 --- a/tests/test_model_release_note.py +++ b/tests/test_model_release_note.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_service.py b/tests/test_model_service.py index c4aeb356..c66c2521 100644 --- a/tests/test_model_service.py +++ b/tests/test_model_service.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_vulnerability.py b/tests/test_model_vulnerability.py index aec56b74..e18f6003 100644 --- a/tests/test_model_vulnerability.py +++ b/tests/test_model_vulnerability.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output.py b/tests/test_output.py index ac3d52b4..9d13855b 100644 --- a/tests/test_output.py +++ b/tests/test_output.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output_json.py b/tests/test_output_json.py index 1c9509a3..4bcbe2a2 100644 --- a/tests/test_output_json.py +++ b/tests/test_output_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output_xml.py b/tests/test_output_xml.py index fd5ff365..ea69b901 100644 --- a/tests/test_output_xml.py +++ b/tests/test_output_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_real_world_examples.py b/tests/test_real_world_examples.py index cc60bf9b..757d33eb 100644 --- a/tests/test_real_world_examples.py +++ b/tests/test_real_world_examples.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_schema_SchemaVersion.py b/tests/test_schema_SchemaVersion.py index 50e0c30c..0c7fab6f 100644 --- a/tests/test_schema_SchemaVersion.py +++ b/tests/test_schema_SchemaVersion.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_schema__res.py b/tests/test_schema__res.py index 930d3709..0107949b 100644 --- a/tests/test_schema__res.py +++ b/tests/test_schema__res.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_spdx.py b/tests/test_spdx.py index 6cf244ef..a174e5c0 100644 --- a/tests/test_spdx.py +++ b/tests/test_spdx.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation.py b/tests/test_validation.py index 8755191a..7465cf78 100644 --- a/tests/test_validation.py +++ b/tests/test_validation.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation_json.py b/tests/test_validation_json.py index 7a297189..1c9c4016 100644 --- a/tests/test_validation_json.py +++ b/tests/test_validation_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation_xml.py b/tests/test_validation_xml.py index e5d91479..1e40f735 100644 --- a/tests/test_validation_xml.py +++ b/tests/test_validation_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tools/schema-downloader.py b/tools/schema-downloader.py index 99def578..9292dd9e 100644 --- a/tools/schema-downloader.py +++ b/tools/schema-downloader.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,6 +13,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. import re from os.path import dirname, join