Releases: CycloneDX/cyclonedx-python-lib
v7.3.3
v7.3.3 (2024-05-06)
Chore
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496
)
- chore(ci): update GH action versions (#606)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b
)
Fix
- fix: json validation allow arbitrary
$schema
value (#613)
fixes #612
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60
)
What's Changed
- chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
- chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
- chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
- chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
- chore(ci): update GH action versions by @madpah in #606
- chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
- fix: json validation allow arbitrary
$schema
value by @jkowalleck in #613
Full Changelog: v7.3.2...v7.3.3
v7.3.2
v7.3.2 (2024-04-26)
Fix
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors
fixes #598
fixes #586
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c
)
v7.3.1
v7.3.1 (2024-04-22)
Chore
- chore: semantic-release git commit/sign valid email address
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40
)
Fix
Fixes #586.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685
)
v7.3.0
v7.3.0 (2024-04-19)
Feature
- feat: license factory set
acknowledgement
(#593)
add a parameter to LicenseFactory.make_*()
methods, to set the LicenseAcknowledgement
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455
)
v7.2.0
v7.2.0 (2024-04-19)
Feature
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839
)
Unknown
- tests: add meaningful names to validation tests (#588)
When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1
Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.
Append meaningful names to validation tests so that instead of e.g.:
[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008
the tests are named:
[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6
Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c
)
- doc: poor merge resolved
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa
)
What's Changed
- tests: meaningful names to validation tests by @claui in #588
- feat: disjunctive license acknowledgement by @jkowalleck in #591
New Contributors
Full Changelog: v7.1.0...v7.2.0
v7.1.0
v7.1.0 (2024-04-10)
Documentation
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67
)
Feature
- feat: support
bom.properties
for CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a
)
What's Changed
- docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
- feat: support
bom.properties
for CycloneDX v1.5+ by @madpah in #585
Full Changelog: v7.0.0...v7.1.0
v7.0.0
v7.0.0 (2024-04-09)
Breaking
-
feat!: Support for CycloneDX v1.6
-
added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bbdf46
)
Chore
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6
)
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457
)
What's Changed
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
- feat: Support for CycloneDX v1.6 by @madpah in #576
Full Changelog: v6.4.4...v7.0.0
v7.0.0-alpha.1
v7.0.0-alpha.1 (2024-04-09)
Chore
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0398051
)
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6
)
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457
)
Unknown
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (42c6f25
)
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b4a133a
)
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0843234
)
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (62c1d9a
)
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e10ffee
)
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e0184cc
)
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (618a292
)
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (289e81a
)
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0449de2
)
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0a2ca2c
)
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ddd7847
)
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5c97c2d
)
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org> (abebd4f
)
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1327558
)
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org> (318d723
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d294620
)
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org> (71e4bc6
)
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f504daa
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a3e09d1
)
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org> (14f699f
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (b23df1f
)
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org> (96a6dc9
)
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1e71dc3
)
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ee80ea3
)
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org> (875a338
)
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org> (fdece59
)
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (af7b92b
)
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6227c08
)
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6192ed8
)
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org> (240dfaa
)
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (8132c3e
)
- added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (41ca1e0
)
v6.4.4
v6.4.4 (2024-03-18)
Chore
- chore(deps-dev): update coverage requirement from 7.4.3 to 7.4.4 (#570)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3a2e427
)
- chore(deps): bump python-semantic-release/python-semantic-release (#564)
Bumps python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1.
updated-dependencies:
- dependency-name: python-semantic-release/python-semantic-release
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d20a590
)
- chore(deps-dev): update tox requirement from 4.13.0 to 4.14.1 (#567)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2dcc60e
)
- chore(deps-dev): update bandit requirement from 1.7.7 to 1.7.8 (#566)
Updates the requirements on bandit to permit the latest version.
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (eb1a252
)
- chore(deps-dev): update mypy requirement from 1.8.0 to 1.9.0 (#565)
Updates the requirements on mypy to permit the latest version.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3ce0f3a
)
Fix
- fix: wrong extra name for xml validation (#571)
Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> (10e38e2
)
What's Changed
- chore(deps-dev): update mypy requirement from 1.8.0 to 1.9.0 by @dependabot in #565
- chore(deps-dev): update bandit requirement from 1.7.7 to 1.7.8 by @dependabot in #566
- chore(deps-dev): update tox requirement from 4.13.0 to 4.14.1 by @dependabot in #567
- chore(deps): bump python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1 by @dependabot in #564
- chore(deps-dev): update coverage requirement from 7.4.3 to 7.4.4 by @dependabot in #570
- fix: wrong extra name for xml validation by @lazka in #571
New Contributors
Full Changelog: v6.4.3...v6.4.4
v6.4.3
v6.4.3 (2024-03-04)
Chore
- chore(deps-dev): update ddt requirement from 1.7.1 to 1.7.2 (#563)
Updates the requirements on ddt to permit the latest version.
updated-dependencies:
- dependency-name: ddt
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (53cb8a9
)
Fix
- fix: serialization of
model.component.Diff
(#557)
Fixes #556
Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (22fa873
)
What's Changed
- chore(deps-dev): update ddt requirement from 1.7.1 to 1.7.2 by @dependabot in #563
- fix: serialization of
model.component.Diff
by @rcross-lc in #557
New Contributors
- @rcross-lc made their first contribution in #557
Full Changelog: v6.4.2...v6.4.3