Skip to content

Releases: CycloneDX/cyclonedx-python-lib

v8.0.0-rc.2

27 Sep 11:41
@github-actions github-actions
v8.0.0-rc.2
ce4a149
Compare
Choose a tag to compare
v8.0.0-rc.2 Pre-release
Pre-release

BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2

  • rename ToolsRepository -> ToolRepository (#687)

Fixes

  • ToolRepository serialization will properly deduplicate migrated items

What's Changed

Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2

Full change log of v8.0.0:

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

Contributors

jkowalleck
Assets 6
Loading

v8.0.0-rc.1

25 Sep 12:50
@github-actions github-actions
v8.0.0-rc.1
48b5bc3
Compare
Choose a tag to compare
v8.0.0-rc.1 Pre-release
Pre-release

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolsRepository
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolsRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

What's Changed

New Contributors

Full Changelog: v7.6.1...v8.0.0-rc.1

Contributors

jkugler, jkowalleck, and dependabot
Assets 6
Loading

v8.0.0-alpha.1

23 Sep 09:14
@github-actions github-actions
v8.0.0-alpha.1
ea12771
Compare
Choose a tag to compare
v8.0.0-alpha.1 Pre-release
Pre-release

v8.0.0-alpha.1 (2024-09-23)

Chore

  • chore: trusted publishing

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ce23b0f)

Fix

  • fix: assert copyright headers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bef268b)

Unknown

  • Merge branch 'main' into 8.0.0-dev

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (39514b3)

  • Merge branch 'main' into 8.0.0-dev (c123aff)
Assets 6
Loading

v7.6.1

18 Sep 13:53
@github-actions github-actions
v7.6.1
ca0e924
Compare
Choose a tag to compare
v7.6.1 Latest
Latest

v7.6.1 (2024-09-18)

Fix

  • fix: file copyright headers (#676)

utilizes flake8 plugin
<https://pypi.org/project/flake8-copyright-validator/> to assert the
correct headers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (35e00b4)

What's Changed

  • chore(deps-dev): update tox requirement from 4.17.1 to 4.18.0 by @dependabot in #664
  • chore(deps-dev): update flake8-bugbear requirement from 24.4.26 to 24.8.19 by @dependabot in #666
  • chore(deps-dev): update mypy requirement from 1.11.1 to 1.11.2 by @dependabot in #668
  • chore(deps-dev): update tox requirement from 4.18.0 to 4.18.1 by @dependabot in #670
  • chore(deps): update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 by @dependabot in #656
  • fix: file copyright headers by @jkowalleck in #676

Full Changelog: v7.6.0...v7.6.1

Contributors

jkowalleck and dependabot
Assets 4
Loading

v7.6.0

14 Aug 13:35
@github-actions github-actions
v7.6.0
35368c5
Compare
Choose a tag to compare
v7.6.0

v7.6.0 (2024-08-14)

Feature

  • feat: HashType.from_composite_str for Blake2b, SHA3, Blake3 (#663)

The code mistreated hashes for Blake2b and SHA3.
Code for explicitly handling SHA1 & BLAKE3 was added, as those have no
variants defined in the CycloneDX specification.

fixes #652

Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c59036e)

What's Changed

  • chore(deps-dev): update coverage requirement from 7.5.4 to 7.6.0 by @dependabot in #647
  • chore(deps-dev): update mypy requirement from 1.10.1 to 1.11.0 by @dependabot in #651
  • chore(deps-dev): update mypy requirement from 1.11.0 to 1.11.1 by @dependabot in #655
  • chore(deps-dev): update tox requirement from 4.16.0 to 4.17.1 by @dependabot in #662
  • chore(deps-dev): update flake8 requirement from 7.1.0 to 7.1.1 by @dependabot in #661
  • chore(deps-dev): update coverage requirement from 7.6.0 to 7.6.1 by @dependabot in #660
  • feat: HashType.from_composite_str for Blake2b, SHA3, Blake3 by @schlenk in #663

Full Changelog: v7.5.1...v7.6.0

Contributors

schlenk and dependabot
Assets 4
Loading

v7.5.1

08 Jul 13:36
@github-actions github-actions
v7.5.1
51ce89f
Compare
Choose a tag to compare
v7.5.1

v7.5.1 (2024-07-08)

Fix

  • fix: XML serialize normalizedString and token properly (#646)

fixes #638

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b40f739)

What's Changed

  • chore(deps-dev): update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #644
  • fix: XML serialize normalizedString and token properly by @jkowalleck in #646

Full Changelog: v7.5.0...v7.5.1

Contributors

jkowalleck and dependabot
Assets 4
Loading

v7.5.0

04 Jul 12:35
@github-actions github-actions
v7.5.0
1bb1b17
Compare
Choose a tag to compare
v7.5.0

v7.5.0 (2024-07-04)

Feature

  • feat: add workaround property for v1.5 and v1.6 (#642)

Property workaround was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.

This is my first contribution on this project so if I done something
wrong, just say me 😃

Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8)

Style

  • style: model args - one per line (#643)

this should make future PR reviews easier, since adding new args in the
middle will not cause complete code blocks to change, but is just a new
line ...

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b74b0f)

What's Changed

  • chore(deps-dev): update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #634
  • chore(deps-dev): update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #637
  • chore(deps-dev): update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #639
  • chore(deps-dev): update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #641
  • chore(deps-dev): update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #640
  • style: model args - one per line by @jkowalleck in #643
  • feat: add workaround property for v1.5 and v1.6 by @loulou123546 in #642

New Contributors

Full Changelog: v7.4.1...v7.5.0

Contributors

jkowalleck, loulou123546, and dependabot
Assets 4
Loading

v7.4.1

12 Jun 08:58
@github-actions github-actions
v7.4.1
6f0bd12
Compare
Choose a tag to compare
v7.4.1

v7.4.1 (2024-06-12)

Chore

  • chore: rollback py sem release matcher

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c33a130)

Documentation

  • docs: exclude dep bumps from changelog (#627)

fixes #616

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7)

Fix

  • fix: cyclonedx.model.Property.value value is optional (#631)

cyclonedx.model.Property.value value is optional, in accordance with
the spec.

fixes #630

Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b)

Assets 4
Loading

v7.4.0

23 May 05:43
@github-actions github-actions
v7.4.0
9ba994c
Compare
Choose a tag to compare
v7.4.0

v7.4.0 (2024-05-23)

Documentation

  • docs: OSSP best practice percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc)

Feature

  • feat: updated SPDX license list to v3.24.0 (#622)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a)

What's Changed

  • chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
  • chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
  • chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
  • chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
  • feat: updated SPDX license list to v3.24.0 by @jkowalleck in #622

Full Changelog: v7.3.4...v7.4.0

Contributors

jkowalleck and dependabot
Assets 4
Loading

v7.3.4

06 May 13:41
@github-actions github-actions
v7.3.4
9e00604
Compare
Choose a tag to compare
v7.3.4

v7.3.4 (2024-05-06)

Fix

  • fix: allow suppliers with empty-string names (#611)

fixes #600

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb)

What's Changed

Full Changelog: v7.3.3...v7.3.4

Contributors

jkowalleck
Assets 4
Loading