From 6f0bd12cf6583dce0ba52d323e51470a93021635 Mon Sep 17 00:00:00 2001 From: semantic-release Date: Wed, 12 Jun 2024 08:58:14 +0000 Subject: [PATCH] chore(release): 7.4.1 Automatically generated by python-semantic-release Signed-off-by: semantic-release --- CHANGELOG.md | 2354 +++++++++++++++++++++-------------------- cyclonedx/__init__.py | 2 +- docs/conf.py | 2 +- pyproject.toml | 2 +- 4 files changed, 1198 insertions(+), 1162 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45d5ded2..e7891228 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,42 @@ # CHANGELOG + +## v7.4.1 (2024-06-12) + +### Chore + +* chore: rollback py sem release matcher + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c33a130`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c33a130378b351ce6f67a563d0a2a70e699e6725)) + +### Documentation + +* docs: exclude dep bumps from changelog (#627) + +fixes #616 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`60361f7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/60361f781a1b356f24a553e133e0f58a2ad37a7d)) + +### Fix + +* fix: `cyclonedx.model.Property.value` value is optional (#631) + +`cyclonedx.model.Property.value` value is optional, in accordance with +the spec. + +fixes #630 + +--------- + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ad0f98b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ad0f98b433fd85ba14db6b6288f33d98bc79ee51)) + + ## v7.4.0 (2024-05-23) ### Documentation @@ -22,10 +58,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3f9770a`](https: * fix: allow suppliers with empty-string names (#611) -fixes #600 - ---------- - +fixes #600 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b331aeb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b331aeb4b7261c7b1359c592b2dcda27bd35e369)) @@ -39,17 +75,17 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0d00496`](https: * chore(ci): update GH action versions (#606) - + Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6d1bc5b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6d1bc5b5e3c6cecc8681b7a197d07632819dc994)) ### Fix * fix: json validation allow arbitrary `$schema` value (#613) -fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/612 - ---------- - +fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/612 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`08b7c60`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/08b7c607360b65215d9d29d42ae86e60c6efe49b)) @@ -59,14 +95,14 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`08b7c60`](https: * fix: properly sort components based on all properties (#599) -reverts #587 - as this one introduced errors -fixes #598 -fixes #586 - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> +reverts #587 - as this one introduced errors +fixes #598 +fixes #586 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Paul Horton <paul.horton@owasp.org> ([`8df488c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8df488cb422a6363421fee39714df4e8e8e7a593)) @@ -82,8 +118,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d437c40`](https: * fix: include all fields of `Component` in `__lt__` function for #586 (#587) -Fixes #586. - +Fixes #586. + Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d784685`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d7846850d1ad33184d1d58b59fdf41a778d05900)) @@ -93,8 +129,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d784685`](https://gi * feat: license factory set `acknowledgement` (#593) -add a parameter to `LicenseFactory.make_*()` methods, to set the `LicenseAcknowledgement`. - +add a parameter to `LicenseFactory.make_*()` methods, to set the `LicenseAcknowledgement`. + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7ca2455`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7ca2455018d0e191afaaa2fd136a7e4d5b325ec6)) @@ -104,47 +140,47 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7ca2455`](https: * feat: disjunctive license acknowledgement (#591) - ---------- - + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9bf1839`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bf1839859a244e790e91c3e1edd82d333598d60)) ### Unknown * tests: add meaningful names to validation tests (#588) -When packaging cyclonedx-python-lib for a Linux distribution, it’s -pretty common that some JSON validation tests fail. [1] - -Due to the large number of combinations and the fact that these tests -are consecutively numbered, it has been tedious to figure out which -tests are exactly failing and why. This in turn makes it difficult to -decide which tests to disable or report upstream. - -Append meaningful names to validation tests so that instead of e.g.: - - […]::TestJsonValidator::test_validate_no_none_001 - […]::TestJsonValidator::test_validate_no_none_002 - […]::TestJsonValidator::test_validate_no_none_003 - […]::TestJsonValidator::test_validate_no_none_004 - […]::TestJsonValidator::test_validate_no_none_005 - […]::TestJsonValidator::test_validate_no_none_006 - […]::TestJsonValidator::test_validate_no_none_007 - […]::TestJsonValidator::test_validate_no_none_008 - -the tests are named: - - […]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6 - […]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6 - […]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6 - […]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6 - […]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6 - […]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6 - […]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6 - […]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6 - -[1]: https://aur.archlinux.org/cgit/aur.git/diff/PKGBUILD?h=python-cyclonedx-lib&id=9c6ae556874a633a521407a77a9a85bb31da2047 - +When packaging cyclonedx-python-lib for a Linux distribution, it’s +pretty common that some JSON validation tests fail. [1] + +Due to the large number of combinations and the fact that these tests +are consecutively numbered, it has been tedious to figure out which +tests are exactly failing and why. This in turn makes it difficult to +decide which tests to disable or report upstream. + +Append meaningful names to validation tests so that instead of e.g.: + + […]::TestJsonValidator::test_validate_no_none_001 + […]::TestJsonValidator::test_validate_no_none_002 + […]::TestJsonValidator::test_validate_no_none_003 + […]::TestJsonValidator::test_validate_no_none_004 + […]::TestJsonValidator::test_validate_no_none_005 + […]::TestJsonValidator::test_validate_no_none_006 + […]::TestJsonValidator::test_validate_no_none_007 + […]::TestJsonValidator::test_validate_no_none_008 + +the tests are named: + + […]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6 + […]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6 + […]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6 + […]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6 + […]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6 + […]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6 + […]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6 + […]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6 + +[1]: https://aur.archlinux.org/cgit/aur.git/diff/PKGBUILD?h=python-cyclonedx-lib&id=9c6ae556874a633a521407a77a9a85bb31da2047 + Signed-off-by: Claudia <claui@users.noreply.github.com> ([`ae3f79c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ae3f79cbaeecda94948bff6a64ab797c5ddd934a)) * doc: poor merge resolved @@ -173,143 +209,143 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`1d1c45a`](https://gi * feat!: Support for CycloneDX v1.6 -* added draft v1.6 schemas and boilerplate for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* re-generated test snapshots for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* note `bom.metadata.manufacture` as deprecated - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work on `bom.metadata` for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Deprecated `.component.author`. Added `.component.authors` and `.component.manufacturer` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work to add `.component.omniborid` - but tests deserialisation tests fail due to schema differences (`.component.author` not in 1.6) - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work to get deserialization tests passing - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore(deps): bump `py-serializable` to >=1.0.3 to resolve issues with deserialization to XML - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* imports tidied - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* properly added `.component.swhid` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* add `.component.cryptoProperties` - with test failures for SchemaVersion < 1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* typing and bandit ignores - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* test filtering - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* additional tests to increase code coverage - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* corrected CryptoMode enum - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Added `address` to `organizationalEntity` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Added `address` to `organizationalEntity` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* raise `UserWarning` in `.component.version` has length > 1024 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards and typing - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* add `acknowledgement` to `LicenseExpression` (#582) - - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* more proper way to filter test cases - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* update schema to published versions - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fetch schema 1.6 JSON - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fetch test data for CDX 1.6 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* reformat - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* reformat - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* refactor - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* style - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* refactor - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* docs - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +* added draft v1.6 schemas and boilerplate for v1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* re-generated test snapshots for v1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* note `bom.metadata.manufacture` as deprecated + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work on `bom.metadata` for v1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Deprecated `.component.author`. Added `.component.authors` and `.component.manufacturer` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work to add `.component.omniborid` - but tests deserialisation tests fail due to schema differences (`.component.author` not in 1.6) + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work to get deserialization tests passing + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore(deps): bump `py-serializable` to >=1.0.3 to resolve issues with deserialization to XML + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* imports tidied + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* properly added `.component.swhid` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* add `.component.cryptoProperties` - with test failures for SchemaVersion < 1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* typing and bandit ignores + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* test filtering + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* additional tests to increase code coverage + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* corrected CryptoMode enum + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Added `address` to `organizationalEntity` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Added `address` to `organizationalEntity` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* raise `UserWarning` in `.component.version` has length > 1024 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards and typing + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* add `acknowledgement` to `LicenseExpression` (#582) + + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* more proper way to filter test cases + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* update schema to published versions + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fetch schema 1.6 JSON + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fetch test data for CDX 1.6 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* reformat + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* reformat + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* refactor + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* style + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* refactor + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* docs + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bbdf46`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bbdf461434ab66673a496a8305c2878bf5c88da)) @@ -319,8 +355,8 @@ Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bbdf46`](https * fix: wrong extra name for xml validation (#571) - - + + Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> ([`10e38e2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/10e38e25095de4b2dafbfcd1fd81dce7a9c0f124)) @@ -330,12 +366,12 @@ Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> ([`10e38e2`]( * fix: serialization of `model.component.Diff` (#557) -Fixes #556 - ---------- - -Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Fixes #556 + +--------- + +Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`22fa873`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/22fa8734bf1a3a8789ad7578bfa0c86cf0a49d4a)) @@ -351,8 +387,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6f81dfa`](https: * docs: update architecture description and examples (#550) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a19fd28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a19fd2828355ae031164ef7a0dda2a8ea2365108)) * docs: exclude internal docs from rendering (#545) @@ -386,11 +422,11 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c1776b7`](https: * fix: `model.BomRef` no longer equal to unset peers (#543) - fixes [#539](https://github.com/CycloneDX/cyclonedx-python-lib/issues/539) - - ---------- - + fixes [#539](https://github.com/CycloneDX/cyclonedx-python-lib/issues/539) + + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1fd7fee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1fd7fee9dec888c10087921f2e5a7a60062fb419)) ### Unknown @@ -466,18 +502,18 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b3e9ab7`](https: * feat: allow `lxml` requirement in range of `>=4,<6` (#523) -Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. -- [Release notes](https://github.com/lxml/lxml/releases) -- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) -- [Commits](https://github.com/lxml/lxml/compare/lxml-4.0.0...lxml-5.0.0) - ---- -updated-dependencies: -- dependency-name: lxml - dependency-type: direct:production -... - -Signed-off-by: dependabot[bot] <support@github.com> +Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. +- [Release notes](https://github.com/lxml/lxml/releases) +- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) +- [Commits](https://github.com/lxml/lxml/compare/lxml-4.0.0...lxml-5.0.0) + +--- +updated-dependencies: +- dependency-name: lxml + dependency-type: direct:production +... + +Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`7d12b9a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7d12b9a9f7a2fdc5e6bb12f891c6f4291e20e65e)) ### Unknown @@ -499,8 +535,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`87c72d7`](https: * feat: add function to map python `hashlib` algorithms to CycloneDX (#519) -new API: `model.HashType.from_hashlib_alg()` - +new API: `model.HashType.from_hashlib_alg()` + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`81f8cf5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/81f8cf59b1f40ffbd213789a8b1b621a01e3f631)) @@ -510,94 +546,94 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`81f8cf5`](https: * feat!: v6.0.0 (#492) -### Breaking Changes - -* Removed symbols that were already marked as deprecated (via [#493]) -* Removed symbols in `parser.*` ([#489] via [#495]) -* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) -* Serialization of unsupported enum values might downgrade/migrate/omit them ([#490] via [#496]) - Handling might raise warnings if a data loss occurred due to omitting. - The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. -* Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496]) -* Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505]) - This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering. -* Removed helpers from public API ([#503] via [#506]) - -### Added - -* Basic support for CycloneDX 1.5 ([#404] via [#488]) - * No data models were enhanced nor added, yet. - Pull requests to add functionality are welcome. - * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488]) - * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488]) - -### Tests - -* Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488]) -* Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496]) - -### Misc - -* Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496]) - - ----- - -### API Changes — the details for migration - -* Added new sub-package `exception.serialization` (via [#496]) -* Removed class `models.ComparableTuple` ([#503] via [#506]) -* Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed function `models.get_now_utc` ([#503] via [#506]) -* Removed function `models.sha1sum` ([#503] via [#506]) -* Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493]) - Use kwarg `group` instead. -* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493]) - Use kwarg `licenses` instead. -* Removed deprecated method `model.component.Component.get_namespace()` (via [#493]) -* Removed class `models.dependency.DependencyDependencies` ([#503] via [#506]) -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493]) - Use kwarg `source` instead. -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493]) - Use kwarg `source` instead. -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493]) - Use kwarg `recommendation` instead. -* Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493]) - Use kwarg `score` instead. -* Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) -* Removed deprecated function `output.get_instance()` (via [#493]) - Use function `output.make_outputter()` instead. -* Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Removed class `parser.ParserWarning` ([#489] via [#495]) -* Removed class `parser.BaseParser` ([#489] via [#495]) -* Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488]) - - -[#404]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/404 -[#488]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/488 -[#489]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/489 -[#490]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/490 -[#491]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/491 -[#493]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/493 -[#494]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/494 -[#495]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/495 -[#496]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/496 -[#503]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/503 -[#504]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/504 -[#505]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/505 -[#506]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/506 - ---------- - -Signed-off-by: Johannes Feichtner <johannes@web-wack.at> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: semantic-release <semantic-release> -Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> +### Breaking Changes + +* Removed symbols that were already marked as deprecated (via [#493]) +* Removed symbols in `parser.*` ([#489] via [#495]) +* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) +* Serialization of unsupported enum values might downgrade/migrate/omit them ([#490] via [#496]) + Handling might raise warnings if a data loss occurred due to omitting. + The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. +* Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496]) +* Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505]) + This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering. +* Removed helpers from public API ([#503] via [#506]) + +### Added + +* Basic support for CycloneDX 1.5 ([#404] via [#488]) + * No data models were enhanced nor added, yet. + Pull requests to add functionality are welcome. + * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488]) + * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488]) + +### Tests + +* Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488]) +* Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496]) + +### Misc + +* Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496]) + + +---- + +### API Changes — the details for migration + +* Added new sub-package `exception.serialization` (via [#496]) +* Removed class `models.ComparableTuple` ([#503] via [#506]) +* Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed function `models.get_now_utc` ([#503] via [#506]) +* Removed function `models.sha1sum` ([#503] via [#506]) +* Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493]) + Use kwarg `group` instead. +* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493]) + Use kwarg `licenses` instead. +* Removed deprecated method `model.component.Component.get_namespace()` (via [#493]) +* Removed class `models.dependency.DependencyDependencies` ([#503] via [#506]) +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493]) + Use kwarg `source` instead. +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493]) + Use kwarg `source` instead. +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493]) + Use kwarg `recommendation` instead. +* Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493]) + Use kwarg `score` instead. +* Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) +* Removed deprecated function `output.get_instance()` (via [#493]) + Use function `output.make_outputter()` instead. +* Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Removed class `parser.ParserWarning` ([#489] via [#495]) +* Removed class `parser.BaseParser` ([#489] via [#495]) +* Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488]) + + +[#404]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/404 +[#488]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/488 +[#489]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/489 +[#490]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/490 +[#491]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/491 +[#493]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/493 +[#494]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/494 +[#495]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/495 +[#496]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/496 +[#503]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/503 +[#504]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/504 +[#505]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/505 +[#506]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/506 + +--------- + +Signed-off-by: Johannes Feichtner <johannes@web-wack.at> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: semantic-release <semantic-release> +Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> Co-authored-by: semantic-release <semantic-release> ([`74865f8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/74865f8e498c9723c2ce3556ceecb6a3cfc4c490)) @@ -607,8 +643,8 @@ Co-authored-by: semantic-release <semantic-release> ([`74865f8`](https://g * chore: mograte dev-dependencies to new poetry layout (#482) -see https://python-poetry.org/docs/managing-dependencies/#dependency-groups - +see https://python-poetry.org/docs/managing-dependencies/#dependency-groups + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a85585c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a85585cf5e445ba5e67a027b4d1161911df6467d)) ### Documentation @@ -621,10 +657,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3189e59`](https: * feat: `model.XsUri` migrate control characters according to spec (#498) -fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 - ---------- - +fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e490429`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e49042976f8577af4061c34394db270612488cdf)) @@ -649,8 +685,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f61a730`](https: * feat: guarantee unique `BomRef`s in serialization result (#479) -Incorporate `output.BomRefDiscriminator` on serialization - +Incorporate `output.BomRefDiscriminator` on serialization + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a648775`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a648775bb5195621e17fdbae92950ab6d56a665a)) @@ -687,122 +723,122 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`aae7304`](https: * feat!: v5.0.0 (#440) -BREAKING CHANGES ----------------- -* Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) -* Reworked license related models, collections, and factories ([#365] via [#466]) -* Behavior - * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) - * Fixed tuple comparison when unequal lengths (via [#461]) -* API - * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) - * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) - * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) - * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) - * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) - * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) - The old functionality was integrated into `factory.license.LicenseFactory`. - * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) - * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) - The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` - * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) - * Removed class `module.LicenseChoice` ([#365] via [#466]) - Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead - * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) - * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) - - -Fixed ----------------- -* Serialization of multy-licenses ([#365] via [#466]) -* Detect unused "dependent" components in `model.bom.validate()` (via [#464]) - - -Changed ----------------- -* Updated latest supported list of supported SPDX license identifiers (via [#433]) -* Shipped schema files are moved to a protected space (via [#433]) - These files were never intended for public use. -* XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) - - -Added ----------------- -* Support for Python 3.12 (via [#460]) -* JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) - The functionality might require additional dependencies, that can be installed with the extra "validation". - See the docs in section "Installation" for details. -* JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) -* Type hints, typings & overloads for better integration downstream (via [#463]) -* API - * New function `output.make_outputter()` (via [#469]) - This replaces the deprecated function `output.get_instance()`. - * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) - * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) - * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) - * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) - * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) - * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) - * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) - * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) - * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) - * New class `model.license.LicenseExpression` ([#365] via [#466]) - * New class `model.license.LicenseRepository` ([#365] via [#466]) - * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) - - -Deprecated ----------------- -* Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) - - -Tests ----------------- -* Added validation tests with official CycloneDX schema test data ([#432] via [#433]) -* Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) -* Added regression test for bug [#365] (via [#466], [#467]) - - -Misc ----------------- -* Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) -* Style: streamlined quotes and strings (via [#472]) -* Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) -* Chore: added more QA tools to prevent common security issues (via [#473]) - - -[#432]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/432 -[#433]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/433 -[#436]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/436 -[#437]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 -[#365]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/365 -[#438]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/438 -[#440]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/440 -[#441]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/441 -[#442]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/442 -[#446]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/446 -[#447]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/447 -[#448]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/448 -[#452]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/452 -[#453]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/453 -[#458]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/458 -[#460]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/460 -[#461]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/461 -[#462]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/462 -[#463]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/463 -[#464]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/464 -[#466]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/466 -[#467]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/467 -[#468]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/468 -[#469]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/469 -[#472]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/472 -[#473]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/473 - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> -Signed-off-by: semantic-release <semantic-release> +BREAKING CHANGES +---------------- +* Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) +* Reworked license related models, collections, and factories ([#365] via [#466]) +* Behavior + * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) + * Fixed tuple comparison when unequal lengths (via [#461]) +* API + * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) + * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) + * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) + * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) + * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) + * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) + The old functionality was integrated into `factory.license.LicenseFactory`. + * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) + * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) + The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` + * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) + * Removed class `module.LicenseChoice` ([#365] via [#466]) + Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead + * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) + * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) + + +Fixed +---------------- +* Serialization of multy-licenses ([#365] via [#466]) +* Detect unused "dependent" components in `model.bom.validate()` (via [#464]) + + +Changed +---------------- +* Updated latest supported list of supported SPDX license identifiers (via [#433]) +* Shipped schema files are moved to a protected space (via [#433]) + These files were never intended for public use. +* XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) + + +Added +---------------- +* Support for Python 3.12 (via [#460]) +* JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) + The functionality might require additional dependencies, that can be installed with the extra "validation". + See the docs in section "Installation" for details. +* JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) +* Type hints, typings & overloads for better integration downstream (via [#463]) +* API + * New function `output.make_outputter()` (via [#469]) + This replaces the deprecated function `output.get_instance()`. + * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) + * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) + * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) + * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) + * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) + * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) + * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) + * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) + * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) + * New class `model.license.LicenseExpression` ([#365] via [#466]) + * New class `model.license.LicenseRepository` ([#365] via [#466]) + * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) + + +Deprecated +---------------- +* Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) + + +Tests +---------------- +* Added validation tests with official CycloneDX schema test data ([#432] via [#433]) +* Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) +* Added regression test for bug [#365] (via [#466], [#467]) + + +Misc +---------------- +* Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) +* Style: streamlined quotes and strings (via [#472]) +* Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) +* Chore: added more QA tools to prevent common security issues (via [#473]) + + +[#432]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/432 +[#433]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/433 +[#436]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/436 +[#437]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 +[#365]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/365 +[#438]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/438 +[#440]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/440 +[#441]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/441 +[#442]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/442 +[#446]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/446 +[#447]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/447 +[#448]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/448 +[#452]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/452 +[#453]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/453 +[#458]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/458 +[#460]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/460 +[#461]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/461 +[#462]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/462 +[#463]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/463 +[#464]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/464 +[#466]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/466 +[#467]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/467 +[#468]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/468 +[#469]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/469 +[#472]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/472 +[#473]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/473 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> +Signed-off-by: semantic-release <semantic-release> Co-authored-by: semantic-release <semantic-release> ([`26b151c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/26b151cba7d7d484f23ee7888444f09ad6d016b1)) @@ -833,8 +869,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5fa66a0`](https: * chore: dont lock poetry (#431) -fixes #430 - +fixes #430 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`49b144b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/49b144be519705b03adc510ddcc6b9e4504b7a40)) ### Documentation @@ -896,16 +932,16 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6a7ddfa`](https: * ci: run examples on prod-deps only (#402) -* ci: run examples on prod-deps only - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* ci: simplify ci - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - +* ci: run examples on prod-deps only + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* ci: simplify ci + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf40048`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf40048f00d4d9a70306ee414ebf5a1f970c6a70)) * ci: run examples (#401) @@ -922,8 +958,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8b32efb`](https: * feat: programmatic access to library's version (#417) -adds `cyclonedx.__version__` - +adds `cyclonedx.__version__` + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3585ea9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3585ea9911ae521e86793ef18f5891289fb0b604)) @@ -933,26 +969,26 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3585ea9`](https: * chore: CI/QA/Build meintenance (#358) -* build: streamlined ci and builds - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* chore: upgrade lockfile with poetry1.4 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* removed extra brace - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fixed long line - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> +* build: streamlined ci and builds + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* chore: upgrade lockfile with poetry1.4 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* removed extra brace + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fixed long line + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Paul Horton <paul.horton@owasp.org> ([`9779af0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9779af02f5f3cd99fe3e1a088f5547f4991b05b7)) * chore: followup of #340 (#360) @@ -979,7 +1015,7 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`aa0eab1`](https://gi * ci: add concurrency rules (#361) - + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f65d646`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f65d64699a48bd6fe540c7503491ce29b1ce38d1)) ### Documentation @@ -996,8 +1032,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`65e22bd`](https: * fix: conditional warning if no root dependencies were found (#398) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c8175bb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c8175bb6aebac7f129d42d7a5a0ae928212c20cb)) ### Unknown @@ -1008,9 +1044,9 @@ Automatically generated by python-semantic-release ([`4a72f51`](https://github.c * Add missing space in warning message. (#364) - - -Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> + + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> ([`dad0d28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dad0d28ceb7381d1b503e5b29776fc01513f8b04)) @@ -1020,130 +1056,130 @@ Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> * feat: Release 4.0.0 #341) -Highlights of this release include: -* Support for De-serialization from JSON and XML to this Pythonic Model -* Deprecation of Python 3.6 support -* Support for Python 3.11 -* Support for `BomLink` -* Support VEX without needing `Component` in the same `Bom` -* Support for `services` having `dependencies` - -BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: support VEX without Components in the same BOM - -BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: support VEX without Components in the same BOM - -BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -feat: allow `version` of BOM to be defined - -feat: allow `serial_number` of BOM to be prescribed - -feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore: fix release workflow - -* chore: editorconfig - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* feat: support for deserialization from JSON and XML (#290) - -BREAKING CHANGE: - -* feat: drop Python 3.6 support - -Signed-off-by: Hakan Dilek <hakandilek@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Co-authored-by: Hakan Dilek <hakandilek@gmail.com> -Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> - -* fix: update `serializable` to include XML safety changes - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: Support for Python 3.11 (#349) - -* feat: officially test and support Python 3.11 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* removed unused imports - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* bump `poetry` to `1.1.12` in CI - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: removed `types-toml` from dependencies - not used - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore: bump dev dependencies - -fix: removed `setuptools` as dependency -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* tests: compoennt versions optional (#350) - -* chore: exclude `venv*` from QA; add typing to QA - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* tests: component versions are optional - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* doc: doc updates for new deserialization feature - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* doc: doc updates for contribution - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Hakan Dilek <hakandilek@gmail.com> -Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: Hakan Dilek <hakandilek@gmail.com> +Highlights of this release include: +* Support for De-serialization from JSON and XML to this Pythonic Model +* Deprecation of Python 3.6 support +* Support for Python 3.11 +* Support for `BomLink` +* Support VEX without needing `Component` in the same `Bom` +* Support for `services` having `dependencies` + +BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: support VEX without Components in the same BOM + +BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: support VEX without Components in the same BOM + +BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +feat: allow `version` of BOM to be defined + +feat: allow `serial_number` of BOM to be prescribed + +feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore: fix release workflow + +* chore: editorconfig + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* feat: support for deserialization from JSON and XML (#290) + +BREAKING CHANGE: + +* feat: drop Python 3.6 support + +Signed-off-by: Hakan Dilek <hakandilek@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Co-authored-by: Hakan Dilek <hakandilek@gmail.com> +Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> + +* fix: update `serializable` to include XML safety changes + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: Support for Python 3.11 (#349) + +* feat: officially test and support Python 3.11 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* removed unused imports + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* bump `poetry` to `1.1.12` in CI + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: removed `types-toml` from dependencies - not used + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore: bump dev dependencies + +fix: removed `setuptools` as dependency +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* tests: compoennt versions optional (#350) + +* chore: exclude `venv*` from QA; add typing to QA + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* tests: component versions are optional + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* doc: doc updates for new deserialization feature + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* doc: doc updates for contribution + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Hakan Dilek <hakandilek@gmail.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> ([`8fb1b14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8fb1b14f5e04e85f21e654c44fa6b9b774867757)) ### Chore * chore: package manifest fix link to homepage and documentation (#291) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f2350b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f2350b4e2b0fb7668ca987e523c53acb6ac6fefb)) ### Unknown @@ -1159,16 +1195,16 @@ Automatically generated by python-semantic-release ([`40fbfda`](https://github.c * chore: do not ship exra LICENSE file (#339) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b7f1028`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b7f1028156de8d1e14a391d84d24aa697814902a)) ### Fix * fix: mak test's schema paths relative to `cyclonedx` package (#338) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f0c05f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f0c05fe2b2a22bc84a1a437dd59390f2ceaf986)) ### Unknown @@ -1190,17 +1226,17 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7aae26d`](https: * fix(tests): include tests in `sdist` builds (#337) -* feat: include `tests` in `sdist` builds for #336 -* delete unexpected `DS_Store` file - +* feat: include `tests` in `sdist` builds for #336 +* delete unexpected `DS_Store` file + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`936ad7d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/936ad7d0c26d8f98040203d3234ca8f1afbd73ab)) ### Test * test: mock `ThisTool.version` for constisten results (#335) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`57a9e5e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/57a9e5e4f5b1eb785984be9d5a35aac60315232d)) ### Unknown @@ -1216,19 +1252,19 @@ Automatically generated by python-semantic-release ([`0b19294`](https://github.c * fix: serialize dependency graph for nested components (#329) -* tests: regression tests for issue #328 -* fix: for issue #328 - +* tests: regression tests for issue #328 +* fix: for issue #328 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`fb3f835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb3f8351881783281f8b7e796098a4c145b35927)) ### Test * test: tidy up test beds (#333) -* test: consolidate imports -* test: recreate all fixtures -* test: docs - +* test: consolidate imports +* test: recreate all fixtures +* test: docs + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ab862e7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ab862e79b72b808693e2ec7f6fe1fa3e99cae011)) ### Unknown @@ -1250,7 +1286,7 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8c75b1b`](https: * ci: fix py36 (#320) - + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf9f790`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf9f790e30f5b430ea1ece8916b54323e1cdb5ee)) ### Documentation @@ -1261,29 +1297,29 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`539b57a`](https: * docs: fix shields (#324) -caused by https://github.com/badges/shields/issues/8671 - +caused by https://github.com/badges/shields/issues/8671 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`555dad4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/555dad4bc255066036ecca028192eb83df8ba5a0)) * docs: fix typo (#318) - + Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`63bfb87`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/63bfb8772fe78e9842675d17862c456150dbbc15)) ### Fix * fix: prevent errors on metadata handling for some specification versions (#330) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f08a656`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f08a65649aee750397edc061eb3b8325a69bb4b4)) ### Style * style: split joined path segments (#331) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`493104c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/493104c1bccc669ee55b89a2c360268d36f3f1b7)) ### Unknown @@ -1294,7 +1330,7 @@ Automatically generated by python-semantic-release ([`0853d14`](https://github.c * clarify sign-off step (#319) - + Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`007fb96`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/007fb96a1ec23b9516bc383afa85b3efc2707aa8)) @@ -1430,8 +1466,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6597db7`](https://gi * Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275 -fix: BOM validation fails when Components or Services are nested #275 - +fix: BOM validation fails when Components or Services are nested #275 + fix: updated dependencies #271, #270, #269 and #256 ([`68a0cdd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68a0cddc0a226947d76b6a275cfceba383797d3b)) * Merge branch 'main' into fix/bom-validation-nested-components-isue-275 ([`6caee65`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6caee657260e46f18cade24a73b4f17bc5ad6dd8)) @@ -1521,8 +1557,8 @@ Automatically generated by python-semantic-release ([`fb9a796`](https://github.c * fix: add missing `Vulnerability` comparator for sorting (#246) -Partial fix for #245. - +Partial fix for #245. + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`c3f3d0d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c3f3d0d105f0dcf991175040b6d6c2b6e7e25d8f)) ### Unknown @@ -1538,8 +1574,8 @@ Automatically generated by python-semantic-release ([`1ea5b20`](https://github.c * build: move typing to dev-dependencies -Move `types-setuptools` and `types-toml` to dev-dependencies (#226) - +Move `types-setuptools` and `types-toml` to dev-dependencies (#226) + Signed-off-by: Adam Johnson <me@adamj.eu> ([`0e2376b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0e2376baade068ae0490b05550837d104e9abfa4)) ### Ci @@ -1556,8 +1592,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`91e1297`](https: * docs: fix typo "This is out" -> "This is our" -Fix typo in comments: "This is out" -> "This is our" (#233) - +Fix typo in comments: "This is out" -> "This is our" (#233) + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`ef0278a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ef0278a2044147e73a281c5a59f95049d4af7641)) ### Feature @@ -1570,8 +1606,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`8a1c404`](https://gi * test: tests calculate versions if needed -Don't hardcode component version in test (#229) - +Don't hardcode component version in test (#229) + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`7b3ce65`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7b3ce65f92ff6009a1e29d4938eac5ea664b2538)) ### Unknown @@ -1662,8 +1698,8 @@ Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com& * feat(deps): remove unused `typing-extensions` constraints -PullRequest and details via #224 - +PullRequest and details via #224 + Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`2ce358a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2ce358a37e6ce5f06aa9297aed17f8f5bea38e93)) ### Unknown @@ -1840,127 +1876,127 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b211de5`](https: * chore: poetry(deps): bump pyparsing from 3.0.6 to 3.0.7 (#140) -Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.0.6 to 3.0.7. -- [Release notes](https://github.com/pyparsing/pyparsing/releases) -- [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) -- [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.0.6...pyparsing_3.0.7) - ---- -updated-dependencies: -- dependency-name: pyparsing - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.0.6 to 3.0.7. +- [Release notes](https://github.com/pyparsing/pyparsing/releases) +- [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) +- [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.0.6...pyparsing_3.0.7) + +--- +updated-dependencies: +- dependency-name: pyparsing + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`1bdb798`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1bdb7987a86af967d5a883626346f217a243bfda)) * chore: poetry(deps): bump types-setuptools from 57.4.7 to 57.4.9 (#168) -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.7 to 57.4.9. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.7 to 57.4.9. +- [Release notes](https://github.com/python/typeshed/releases) +- [Commits](https://github.com/python/typeshed/commits) + +--- +updated-dependencies: +- dependency-name: types-setuptools + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`48c3f99`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/48c3f997abf2560b648d85b907c001879e063551)) * chore: poetry(deps): bump filelock from 3.4.0 to 3.4.1 (#116) -Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.4.0 to 3.4.1. -- [Release notes](https://github.com/tox-dev/py-filelock/releases) -- [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/py-filelock/compare/3.4.0...3.4.1) - ---- -updated-dependencies: -- dependency-name: filelock - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.4.0 to 3.4.1. +- [Release notes](https://github.com/tox-dev/py-filelock/releases) +- [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) +- [Commits](https://github.com/tox-dev/py-filelock/compare/3.4.0...3.4.1) + +--- +updated-dependencies: +- dependency-name: filelock + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`17f1a5f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/17f1a5f8555675913ea09318848dd28ce96d1c3c)) * chore: poetry(deps): bump attrs from 21.2.0 to 21.4.0 (#113) -Bumps [attrs](https://github.com/python-attrs/attrs) from 21.2.0 to 21.4.0. -- [Release notes](https://github.com/python-attrs/attrs/releases) -- [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/python-attrs/attrs/compare/21.2.0...21.4.0) - ---- -updated-dependencies: -- dependency-name: attrs - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [attrs](https://github.com/python-attrs/attrs) from 21.2.0 to 21.4.0. +- [Release notes](https://github.com/python-attrs/attrs/releases) +- [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) +- [Commits](https://github.com/python-attrs/attrs/compare/21.2.0...21.4.0) + +--- +updated-dependencies: +- dependency-name: attrs + dependency-type: indirect + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3c39ae5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3c39ae5f7435b4e0240e674e47283ac3beb9f2b8)) * chore: poetry(deps): bump typed-ast from 1.5.1 to 1.5.2 (#144) -Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.1 to 1.5.2. -- [Release notes](https://github.com/python/typed_ast/releases) -- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) -- [Commits](https://github.com/python/typed_ast/compare/1.5.1...1.5.2) - ---- -updated-dependencies: -- dependency-name: typed-ast - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.1 to 1.5.2. +- [Release notes](https://github.com/python/typed_ast/releases) +- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) +- [Commits](https://github.com/python/typed_ast/compare/1.5.1...1.5.2) + +--- +updated-dependencies: +- dependency-name: typed-ast + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`ac5809e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ac5809e93a3a5c54b04c75bd959216a4b21095ff)) * chore: poetry(deps): bump packageurl-python from 0.9.6 to 0.9.9 (#177) -Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.9.6 to 0.9.9. -- [Release notes](https://github.com/package-url/packageurl-python/releases) -- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/package-url/packageurl-python/compare/v0.9.6...v0.9.9) - ---- -updated-dependencies: -- dependency-name: packageurl-python - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.9.6 to 0.9.9. +- [Release notes](https://github.com/package-url/packageurl-python/releases) +- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) +- [Commits](https://github.com/package-url/packageurl-python/compare/v0.9.6...v0.9.9) + +--- +updated-dependencies: +- dependency-name: packageurl-python + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`4bfba14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4bfba14bfacca773fd2e949e327f94b794fdef0b)) * chore: poetry(deps): bump virtualenv from 20.13.1 to 20.13.2 (#181) -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.1 to 20.13.2. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.1...20.13.2) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.1 to 20.13.2. +- [Release notes](https://github.com/pypa/virtualenv/releases) +- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) +- [Commits](https://github.com/pypa/virtualenv/compare/20.13.1...20.13.2) + +--- +updated-dependencies: +- dependency-name: virtualenv + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`20e3368`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/20e3368f35e28187f41ac0652384ea2104d45e35)) ### Feature @@ -2025,37 +2061,37 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`da3f0ca`](https://git * chore: poetry(deps): bump virtualenv from 20.13.0 to 20.13.1 (#167) -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.0 to 20.13.1. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.0...20.13.1) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.0 to 20.13.1. +- [Release notes](https://github.com/pypa/virtualenv/releases) +- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) +- [Commits](https://github.com/pypa/virtualenv/compare/20.13.0...20.13.1) + +--- +updated-dependencies: +- dependency-name: virtualenv + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9e80258`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9e802582bd9b9bdd0e1e91a0af551d3f2190fb5e)) * chore: poetry(deps): bump types-toml from 0.10.3 to 0.10.4 (#166) -Bumps [types-toml](https://github.com/python/typeshed) from 0.10.3 to 0.10.4. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-toml - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [types-toml](https://github.com/python/typeshed) from 0.10.3 to 0.10.4. +- [Release notes](https://github.com/python/typeshed/releases) +- [Commits](https://github.com/python/typeshed/commits) + +--- +updated-dependencies: +- dependency-name: types-toml + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`02449f6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/02449f6102e49f9e2425ab4e5b050f38832e6ba9)) * chore: bump dependencies @@ -2066,17 +2102,17 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6c280e7`](https://git * feat: completed work on #155 (#172) -fix: resolved #169 (part of #155) -feat: as part of solving #155, #147 has been implemented - +fix: resolved #169 (part of #155) +feat: as part of solving #155, #147 has been implemented + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a926b34`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a926b34c7facb8b3709936fe00b62a0b80338f31)) * feat: support complete model for `bom.metadata` (#162) -* feat: support complete model for `bom.metadata` -fix: JSON comparison in unit tests was broken -chore: corrected some source license headers - +* feat: support complete model for `bom.metadata` +fix: JSON comparison in unit tests was broken +chore: corrected some source license headers + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2938a6c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2938a6c001a5b0b25477241d4ad6601030c55165)) * feat: support for `bom.externalReferences` in JSON and XML #124 @@ -2085,8 +2121,8 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`1b733d7`](https://git * feat: Complete support for `bom.components` (#155) -* fix: implemented correct `__hash__` methods in models (#153) - +* fix: implemented correct `__hash__` methods in models (#153) + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`32c0139`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32c01396251834c69a5b23c82a5554faf8447f61)) * feat: support services in XML BOMs @@ -2154,12 +2190,12 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`670bde4`](https://git * Continuation of #170 - missed updating Vulnerability to use `BomRef` (#175) -* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* updated Vulnerability to also use new `BomRef` model - +* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* updated Vulnerability to also use new `BomRef` model + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`0d82c01`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d82c019afce3e4aefe56bff9607cfd60186c6b0)) * BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references (#174) @@ -2176,10 +2212,10 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`9b6ce4b`](https://git * BREAKING CHANGE: update models to use `Set` rather than `List` (#160) -* BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]` -BREAKING CHANGE: update final models to use `@property` -wip - +* BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]` +BREAKING CHANGE: update final models to use `@property` +wip + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`142b8bf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/142b8bf4dbb2e61d131b7ca2ec332aac472ef3cd)) * removed unnecessary calls to `hash()` in `__hash__()` methods as pointed out by @jkowalleck @@ -2204,92 +2240,92 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a35d540`](https://git * WIP on `bom.services` -* WIP but a lil hand up for @madpah - -Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> - -* chore: added missing license header - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* No default values for required fields - -* Add Services to BOM - -* Typo fix - -* aligned classes with standards, commented out Signature work for now, added first tests for Services - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* addressed standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* 1.2.0 - -Automatically generated by python-semantic-release - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) - -* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* doc: updated documentation to reflect change - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* patched other tests to support UUID for bom-ref - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* better syntax - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* 1.3.0 - -Automatically generated by python-semantic-release - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* WIP but a lil hand up for @madpah - -Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* chore: added missing license header - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* aligned classes with standards, commented out Signature work for now, added first tests for Services - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* removed signature from this branch - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* Add Services to BOM - -* Typo fix - -* addressed standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* resolved typing issues from merge - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* added a bunch more tests for JSON output - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -Co-authored-by: Paul Horton <phorton@sonatype.com> +* WIP but a lil hand up for @madpah + +Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> + +* chore: added missing license header + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* No default values for required fields + +* Add Services to BOM + +* Typo fix + +* aligned classes with standards, commented out Signature work for now, added first tests for Services + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* addressed standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* 1.2.0 + +Automatically generated by python-semantic-release + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) + +* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* doc: updated documentation to reflect change + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* patched other tests to support UUID for bom-ref + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* better syntax + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* 1.3.0 + +Automatically generated by python-semantic-release + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* WIP but a lil hand up for @madpah + +Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* chore: added missing license header + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* aligned classes with standards, commented out Signature work for now, added first tests for Services + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* removed signature from this branch + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* Add Services to BOM + +* Typo fix + +* addressed standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* resolved typing issues from merge + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* added a bunch more tests for JSON output + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +Co-authored-by: Paul Horton <phorton@sonatype.com> Co-authored-by: github-actions <action@github.com> ([`b45ff18`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b45ff187056893c5fb294cbf9de854fd130bb7be)) @@ -2299,20 +2335,20 @@ Co-authored-by: github-actions <action@github.com> ([`b45ff18`](https://gi * feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) -* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* doc: updated documentation to reflect change - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* patched other tests to support UUID for bom-ref - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* better syntax - +* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* doc: updated documentation to reflect change + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* patched other tests to support UUID for bom-ref + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* better syntax + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`3953bb6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3953bb676f423c325ca4d80f3fcee33ad042ad93)) ### Unknown @@ -2328,53 +2364,53 @@ Automatically generated by python-semantic-release ([`4178181`](https://github.c * feat: add CPE to component (#138) -* Added CPE to component - -Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixing problems with CPE addition - -- Fixed styling errors -- Added reference to CPE Spec -- Adding CPE parameter as last parameter to not break arguments - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Again fixes for Style and CPE reference - -Missing in the last commit - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Added CPE as argument before deprecated arguments - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Added testing for CPE addition and error fixing - -- Added output tests for CPE in XML and JSON -- Fixes style error in components -- Fixes order for CPE output in XML (CPE has to come before PURL) - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed output tests - -CPE was still in the wrong position in one of the tests - fixed - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed minor test fixtures issues - -- cpe was still in wrong position in 1.2 JSON -- Indentation fixed in 1.4 JSON - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed missing comma in JSON 1.2 test file - +* Added CPE to component + +Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixing problems with CPE addition + +- Fixed styling errors +- Added reference to CPE Spec +- Adding CPE parameter as last parameter to not break arguments + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Again fixes for Style and CPE reference + +Missing in the last commit + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Added CPE as argument before deprecated arguments + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Added testing for CPE addition and error fixing + +- Added output tests for CPE in XML and JSON +- Fixes style error in components +- Fixes order for CPE output in XML (CPE has to come before PURL) + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed output tests + +CPE was still in the wrong position in one of the tests - fixed + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed minor test fixtures issues + +- cpe was still in wrong position in 1.2 JSON +- Indentation fixed in 1.4 JSON + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed missing comma in JSON 1.2 test file + Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> ([`269ee15`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/269ee155f203d5771c56edb92f7279466bf2012f)) ### Unknown @@ -2405,14 +2441,14 @@ Automatically generated by python-semantic-release ([`dec63de`](https://github.c * feat: add support for `bom.metadata.component` (#118) -* Add support for metadata component - -Part of #6 - -Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> - -* Better docs and simpler ifs - +* Add support for metadata component + +Part of #6 + +Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> + +* Better docs and simpler ifs + Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> ([`1ac31f4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1ac31f4cb14b6c466e092ff38ee2aa472c883c5d)) ### Unknown @@ -2436,8 +2472,8 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6799e63`](https://git * chore: disable poetry-cache in gh-workflow (#112) -closes #91 - +closes #91 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`42f7952`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/42f7952fad512c84fd0a4d08c564af43d8bc5c87)) * chore: removed pdoc3 from main dev dependencies as now covered in docs/requirements.txt @@ -2450,29 +2486,29 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f2403f6`](https://git * chore: bump `flake8` to v4 and add `autopep8` (#93) -* chore: bump `flake8` to v4 and add `autopep8` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* chore: make pep8 known in the contrib docs - +* chore: bump `flake8` to v4 and add `autopep8` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* chore: make pep8 known in the contrib docs + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6553dbf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6553dbfefcf6865b28b72771a9a08f1387dbdf11)) * chore: poetry(deps-dev): bump mypy from 0.910 to 0.920 (#103) -Bumps [mypy](https://github.com/python/mypy) from 0.910 to 0.920. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.910...v0.920) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [mypy](https://github.com/python/mypy) from 0.910 to 0.920. +- [Release notes](https://github.com/python/mypy/releases) +- [Commits](https://github.com/python/mypy/compare/v0.910...v0.920) + +--- +updated-dependencies: +- dependency-name: mypy + dependency-type: direct:development + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`fdd20ca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fdd20ca4be71be78b578f756f46b44d829a76212)) ### Unknown @@ -2481,27 +2517,27 @@ Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.githu * Support for CycloneDX schema version 1.4 (#108) -BREAKING CHANGE: Support for CycloneDX 1.4. This includes: -- Support for `tools` having `externalReferences` -- Allowing `version` for a `Component` to be optional in 1.4 -- Support for `releaseNotes` per `Component` -- Support for the core schema implementation of Vulnerabilities (VEX) - -Other changes included in this PR: -- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat) -- Fixes to ensure schema is adhered to in 1.0 -- URI's are now used throughout the library through a new `XsUri` class to provide URI validation -- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/) -- `$schema` is now included in JSON BOMs -- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python -- Added reference to release of this library on Anaconda - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -Co-authored-by: Paul Horton <phorton@sonatype.com> - +BREAKING CHANGE: Support for CycloneDX 1.4. This includes: +- Support for `tools` having `externalReferences` +- Allowing `version` for a `Component` to be optional in 1.4 +- Support for `releaseNotes` per `Component` +- Support for the core schema implementation of Vulnerabilities (VEX) + +Other changes included in this PR: +- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat) +- Fixes to ensure schema is adhered to in 1.0 +- URI's are now used throughout the library through a new `XsUri` class to provide URI validation +- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/) +- `$schema` is now included in JSON BOMs +- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python +- Added reference to release of this library on Anaconda + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +Co-authored-by: Paul Horton <phorton@sonatype.com> + Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7fb6da9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7fb6da9166050333ae5db7e35ab792b9bdee48d4)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`d26970b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d26970bcc52568645c303f060d71cbc25edbfe78)) @@ -2530,8 +2566,8 @@ Automatically generated by python-semantic-release ([`cfc9d38`](https://github.c * fix: tightened dependency `packageurl-python` (#95) -fixes #94 - +fixes #94 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`eb4ae5c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eb4ae5ca8842877b780a755b6611feef847bdb8c)) ### Unknown @@ -2557,10 +2593,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`91b97be`](https: * fix: further loosened dependency definitions -see #44 - -updated some locked dependencies to latest versions - +see #44 + +updated some locked dependencies to latest versions + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bef6ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bef6ecad36f51a003b266d776c9520d33e06034)) ### Unknown @@ -2576,82 +2612,82 @@ Automatically generated by python-semantic-release ([`43fc36e`](https://github.c * ci: update to run tox for both our favoured versions of dependencies and lowest supported versions -* add tox env for minimal required dependencies - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix `TypedDict` typing - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fix: typing definitions to be PY 3.6 compatible - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fix: typing definitions to be PY 3.6 compatible - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* straigtened up `sys.version_info` constraints/code-branches - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* removed unused type ignores - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix type variants - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix type variants - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* typing for py3.6 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fixed invalid unittest - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* typing for py3.6 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* mypy silence `warn_unused_ignores` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* mypy in tox for lowest version is pinned - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +* add tox env for minimal required dependencies + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix `TypedDict` typing + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fix: typing definitions to be PY 3.6 compatible + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fix: typing definitions to be PY 3.6 compatible + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* straigtened up `sys.version_info` constraints/code-branches + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* removed unused type ignores + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix type variants + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix type variants + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* typing for py3.6 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fixed invalid unittest + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* typing for py3.6 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* mypy silence `warn_unused_ignores` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* mypy in tox for lowest version is pinned + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Co-authored-by: Paul Horton <phorton@sonatype.com> ([`07ebedc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/07ebedcbab1554970496780bb8bf167f6fe4ad5c)) ### Feature * feat: loosed dependency versions to make this library more consumable -* feat: lowering minimum dependency versions - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement - +* feat: lowering minimum dependency versions + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`55f10fb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55f10fb5524dafa68112c0836806c27bdd74fcbe)) ### Unknown @@ -2758,36 +2794,36 @@ Signed-off-by: dependabot[bot] <support@github.com> ([`be1af9b`](https://g * doc: readme maintenance - shields & links (#72) -* README: restructure links - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: add lan to fenced code blocks - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: fix some formatting - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: modernized shields - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: harmonize links - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: add language to code fences - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: markdown fixes - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: removed py version shield - +* README: restructure links + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: add lan to fenced code blocks + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: fix some formatting + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: modernized shields + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: harmonize links + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: add language to code fences + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: markdown fixes + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: removed py version shield + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3d0ea2f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d0ea2f4c6ee5c2dedf1abb779f46543896fff4a)) * poetry(deps): bump mako from 1.1.5 to 1.1.6 @@ -2812,12 +2848,12 @@ poetry(deps): bump filelock from 3.3.1 to 3.3.2 ([`3f967b3`](https://github.com/ * FIX: update Conda package parsing to handle `build` containing underscore (#66) -* fix: update conda package parsing to handle `build` containing underscore - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* updated some typings - +* fix: update conda package parsing to handle `build` containing underscore + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* updated some typings + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2c6020a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c6020a208aa1c0fd13ab337db6343ad1d2d5c43)) * poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 @@ -2913,16 +2949,16 @@ Automatically generated by python-semantic-release ([`a80f87a`](https://github.c * FEAT: Support Python 3.10 (#64) -* fix: tested with Python 3.10 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* added trove classifier for Python 3.10 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: https://github.com/python-poetry/poetry/issues/4210) - +* fix: tested with Python 3.10 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* added trove classifier for Python 3.10 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: https://github.com/python-poetry/poetry/issues/4210) + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`385b835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/385b835f44fadb0f227b6a8ac992b0c73afc6ef0)) * poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 @@ -2948,74 +2984,74 @@ Signed-off-by: dependabot[bot] <support@github.com> ([`a1dd775`](https://g * feat: Typing & PEP 561 -* adde file for type checkers according to PEP 561 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added static code analysis as a dev-test - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added the "typed" trove - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added `flake8-annotations` to the tests - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added type hints - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* further typing updates - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing additions and test updates - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - added type stubs for toml and setuptools - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* typing work - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* coding standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fixed tox and mypy running in correct python version - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* supressed mypy for `cyclonedx.utils.conda.parse_conda_json_to_conda_package` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fixed type hints - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fixed some typing related flaws - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added flake8-bugbear for code analysis - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +* adde file for type checkers according to PEP 561 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added static code analysis as a dev-test + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added the "typed" trove + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added `flake8-annotations` to the tests + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added type hints + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* further typing updates + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing additions and test updates + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing - added type stubs for toml and setuptools + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* typing work + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* coding standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fixed tox and mypy running in correct python version + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* supressed mypy for `cyclonedx.utils.conda.parse_conda_json_to_conda_package` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fixed type hints + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fixed some typing related flaws + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added flake8-bugbear for code analysis + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Co-authored-by: Paul Horton <phorton@sonatype.com> ([`9144765`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/91447656c0914ceb2af2e4b7282292ec7b93f5bf)) ### Unknown diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index e17eb1bb..05a25336 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -20,4 +20,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "7.4.0" # noqa:Q000 +__version__ = "7.4.1" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index bc0cbb09..648194bc 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '7.4.0' +release = '7.4.1' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 293e2568..744580ff 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "7.4.0" +version = "7.4.1" description = "Python library for CycloneDX" authors = [ "Paul Horton ",