diff --git a/CHANGELOG.md b/CHANGELOG.md index 106f0fcd..24f3dfd7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,25 +2,339 @@ +## v5.0.0-rc.2 (2023-10-20) + +### Ci + +* ci: revisit coverage reporting + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bc8e30b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bc8e30b32163db3ffd31a7c96460a907637b1794)) + +* ci: revisit coverage reporting + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2967f28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2967f284cf7e5ab4da69406d599d890b07e62ce1)) + +### Documentation + +* docs: update title + +Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> ([`9373afc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9373afc1b94542680c324bacbc59e7b3a015f721)) + +### Feature + +* feat: v5.0.0-rc.2 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e298726`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e298726a0a62aee5e1988cd3a2dd230dfbda95f8)) + +### Style + +* style: qa + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a2af2ed`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a2af2eddf2fbfc2e8fbf407527c07877961dcedd)) + +* style: streamline code quality (#472) + +- raised some dev tools +- added more quality checkers and rules +- documented and applied additional code standards + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bb0f7a5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bb0f7a5d3610ffcd035ea0b89742225dea5abce9)) + +### Unknown + +* reduce imports + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d09ac36`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d09ac3685dda97a054be7e0655e95c5b6356057d)) + +* Merge remote-tracking branch 'origin/main' into 5.0.0-dev ([`c4f7281`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c4f7281b09100208f6b5bc6831344052962e95c4)) + + ## v4.2.3 (2023-10-16) ### Chore +* chore: revert changelog + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a911106`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a911106d09a7b5538e5ae77edf4fc4c2122f1f8b)) + +### Fix + +* fix: SPDX-expression-validation internal crashes are cought and handled (#471) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5fa66a0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5fa66a043818eb5747dbd630496c6d31f818c0ab)) + +### Refactor + +* refactor(DX): rename `get_instance()` (#469) + +- deprecate function `output.get_instance()` +- add function `outout.make_outputter()` +- rename function `validation.get_instance()` -> `validation.make_schemabased_validator()` +- rename function `validation.schema.get_instance()` -> `validation.make_schemabased_validator()` + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2a2b2dd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2a2b2dd509100eea5ec3153e1ec10ff5dda6f269)) + +* refactor: schema based validator (#468) + +- restructured validators, to enable possible non-schema-based validation. +- optimized `validation.schema.get_instance()` +- optimized `output.get_instance()` + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`65e79cf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/65e79cfeb4fed3e31f85a4ec6d06215988a3a6d1)) + +### Unknown + +* tidy + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6316f09`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6316f094552e8bbd38777bc66a17c5546f2b7d14)) + +* Merge branch 'main' into 5.0.0-dev ([`55f6f4d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55f6f4d0ad23189ce2bfce7ed7380e92470ac8b7)) + + +## v5.0.0-rc.1 (2023-10-11) + +### Breaking + +* chore!: bump major version to v5 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bae8a84`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bae8a84e7aa329780f91f49212c15f4d8c13ddcb)) + +### Chore + +* chore: revisit license headers + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1e963bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1e963bd3d7e6c7d9437e41a34ecd622e0d32f3d8)) + +* chore: clean deps + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ac6ad0e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ac6ad0ed5b5933f03d1132c3bbce0ada1915fc40)) + +* chore: remove encoding hint (#459) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`37219c3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/37219c321ac7ce5b507a0c0a74776f8204b400bf)) + * chore: Update CONTRIBUTING.md Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> ([`0ebaa21`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ebaa216d43a1389362dbdb33f9b49f43a21ab66)) +* chore: config sem-release + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`839fe11`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/839fe114bafac6117879175eb54a8759b7ef8963)) + +* chore: sem-release config + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`18b4eca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/18b4eca2c0fe2a2b4f1ca79976719c1afa0816bc)) + +* chore: absolute tet imports + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`39e0eb9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/39e0eb9af29a13e1cad6a073e5eb20955e492484)) + +* chore(build): test before release + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5cb695e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5cb695ebf9989f9bdefaa6823f5814d5c2fe9998)) + +* chore: init 5.0.0-dev + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0a3ae26`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0a3ae26f8fe50e1dc03fb72fb7fdba51654c7f8b)) + ### Ci * ci: publish coverage report to codacy (#439) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0012a82`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0012a82382f9f33831a80aa0e26c0cbb7fd8984b)) +### Documentation + +* docs: fix hilighter + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9d49280`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9d49280b680a4f8a7c4b8795f35928584e29baee)) + +* docs: fix typo + +Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> ([`6adc98f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6adc98f66da94b7bac987bc5b25da7099498fe3a)) + +### Feature + +* feat: support python 3.12 (#460) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`eaba7a0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eaba7a048de190bce0797fb9ce40c4e2de49c5d9)) + +* feat: options for beautiful output (#458) + +add indention to outputters. this may come at a cost! + + +Breaking Changes +------------------ +* abstract Method `output.BaseOutput.output_as_string()` got new optional kwarg `indent` +* abstract Method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs + +Changed +---------- +* XML output uses a default namespace, which makes results smaller. + + +Added +------------------ +* All outputters' method `output_as_string()` got new optional kwarg `indent` +* All outputters' method `output_as_string()` accepts arbitrary kwargs +* All outputters' method `output_to_file()` got new optional kwarg `indent` +* All outputters' method `output_to_file()` accepts arbitrary kwargs + +----- + +- [x] implementation +- [x] tests (snapshot binary compare; structural equal compare) + +----- + +enables https://github.com/CycloneDX/cyclonedx-python/issues/424 +fixes #437 +fixes #438 +supersedes #449 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3bcd9e9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3bcd9e99a58b74c9dc1fc474b468e67fc92fb7c4)) + +* feat: easy access validators (#448) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1c9ea9e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1c9ea9e22e53933347a8f366c5fc06febe811757)) + +* feat: add CycloneDX document validators to public API (#433) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a4f5ec5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a4f5ec5d63d576c04bcef5c0b6641f6c47164cfb)) + ### Fix -* fix: SPDX-expression-validation internal crashes are cought and handled (#471) +* fix: multiple licenses issue #365 (#466) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5fa66a0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5fa66a043818eb5747dbd630496c6d31f818c0ab)) +breaking changes +------------------ +* Reworked license related models and collections +* API + * Removed class `factory.license.LicenseChoiceFactory` + The old functionality was integrated into `factory.license.LicenseFactory`. + * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` + * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` + The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` + * Renamed class `module.License` to `module.license.DisjunctliveLicense` + * Removed class `module.LicenseChoice` + Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead + * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` + * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` + + +fixes +------------------ +* serialization of multy-licenses #365 + +added +------------------ +* API + * Method `factory.license.LicenseFactory.make_with_expression()` + * Class `model.license.DisjunctiveLicense` + * Class `model.license.LicenseExpression` + * Class `model.license.LicenseRepository` + * Class `serialization.LicenseRepositoryHelper` + +tests +------------------ +* added regression test for bug #365 + +misc +------------------ +* raised dependency `py-serializable@^9.15` + + + +---- + +fixes #365 + +~~BLOCKED by a feature request to serializer: <https://github.com/madpah/serializable/pull/32>~~ + + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6770786`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/67707864ac0f1b27bac166a8fd537ea38523fe6f)) + +* fix: typing for `kwargs` (#462) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2240b4d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2240b4dda824c13bc563bce1574dffe563016ac2)) + +* fix: tuple stuff (#461) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`84c6504`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/84c6504fc92d1207135f7719b6b6477fae7950cb)) + +* fix: `bom.validate()` detects invalid license constellations (#452) + + + +If a LicenseExpression is set, then there must be no other license. + +fixes #453 + + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`16843b2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/16843b29086d8f871a7239c33beb930543cfde45)) + +### Performance + +* perf: make validation more secure + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5d7b86c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5d7b86c0ba84fe17becc53b2ccf4385113f90905)) + +### Unknown + +* tests for backwards compatibility of #365 (#467) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`4c2ef14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c2ef14017467980509bdb69f937b5098d8c0965)) + +* tests: snapshots and complete deep comparison, instead of pseudo-compare (#464) + +part of https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 +also fixed a bug: unused first level dependencies were not detected. now they are. + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7543789`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75437896c04e352b51d83e6e52cf94874347f4a6)) + +* Feat: typing, typehints, & overload (#463) + +also: bump `py-serializable@^0.14.0` + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a68ae24`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a68ae2464539d07ed0fc037aa1e315e5ccda054a)) + +* Merge branch 'main' into 5.0.0-dev ([`c8c2183`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c8c218366298ccc340e769fa180204e79a9a0f3e)) + +* tests: use internal json strict validation + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7186b52`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7186b52a540e478196799ef7a3580f48f77544e9)) + +* proper enums (#447) + +fixes #442 +part of #446 + +BREAKING CHANGE + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`06b5eb0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/06b5eb03d479e9908b9b62bcee48d23a873dd4ba)) + +* typo + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3de2493`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3de24936533a51c0cbf61de4b19785ee7407526c)) + +* Drop py37 (#441) + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1571d21`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1571d21057b11f11cb81e74a5a702f7f30582b09)) ## v4.2.2 (2023-09-14) diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index feb79616..b737880f 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -21,4 +21,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable # flake8: noqa -__version__ = "5.0.0-rc.1" +__version__ = "5.0.0-rc.2" diff --git a/docs/conf.py b/docs/conf.py index 9bc5732e..273aa588 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '5.0.0-rc.1' +release = '5.0.0-rc.2' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 0f3762aa..81d63351 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "5.0.0-rc.1" +version = "5.0.0-rc.2" description = "A library for producing CycloneDX SBOM (Software Bill of Materials) files." authors = [ "Paul Horton ",