Skip to content

Releases: CycloneDX/cyclonedx-python-lib

v7.3.1

22 Apr 16:10
@github-actions github-actions
v7.3.1
25ea611
Compare
Choose a tag to compare
v7.3.1

v7.3.1 (2024-04-22)

Chore

  • chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40)

Fix

  • fix: include all fields of Component in __lt__ function for #586 (#587)

Fixes #586.

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685)

Assets 4
Loading

v7.3.0

19 Apr 14:37
@github-actions github-actions
v7.3.0
8b592ea
Compare
Choose a tag to compare
v7.3.0

v7.3.0 (2024-04-19)

Feature

  • feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455)

Assets 4
Loading

v7.2.0

19 Apr 11:19
@github-actions github-actions
v7.2.0
beb2c21
Compare
Choose a tag to compare
v7.2.0

v7.2.0 (2024-04-19)

Feature

  • feat: disjunctive license acknowledgement (#591)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839)

Unknown

  • tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008

the tests are named:

[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c)

  • doc: poor merge resolved

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa)

What's Changed

  • tests: meaningful names to validation tests by @claui in #588
  • feat: disjunctive license acknowledgement by @jkowalleck in #591

New Contributors

Full Changelog: v7.1.0...v7.2.0

Contributors

claui and jkowalleck
Assets 4
Loading

v7.1.0

10 Apr 09:25
@github-actions github-actions
v7.1.0
577a35e
Compare
Choose a tag to compare
v7.1.0

v7.1.0 (2024-04-10)

Documentation

  • docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67)

Feature

  • feat: support bom.properties for CycloneDX v1.5+ (#585)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a)

What's Changed

  • docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
  • feat: support bom.properties for CycloneDX v1.5+ by @madpah in #585

Full Changelog: v7.0.0...v7.1.0

Contributors

madpah
Assets 4
Loading

v7.0.0

09 Apr 15:25
@github-actions github-actions
v7.0.0
a28013b
Compare
Choose a tag to compare
v7.0.0

v7.0.0 (2024-04-09)

Breaking

  • feat!: Support for CycloneDX v1.6
  • added draft v1.6 schemas and boilerplate for v1.6
  • re-generated test snapshots for v1.6
  • note bom.metadata.manufacture as deprecated
  • work on bom.metadata for v1.6
  • Deprecated .component.author. Added .component.authors and .component.manufacturer
  • work to add .component.omniborid - but tests deserialisation tests fail due to schema differences (.component.author not in 1.6)
  • work to get deserialization tests passing
  • chore(deps): bump py-serializable to >=1.0.3 to resolve issues with deserialization to XML
  • imports tidied
  • properly added .component.swhid
  • add .component.cryptoProperties - with test failures for SchemaVersion < 1.6
  • typing and bandit ignores
  • coding standards
  • test filtering
  • coding standards
  • additional tests to increase code coverage
  • corrected CryptoMode enum
  • coding standards
  • Added address to organizationalEntity
  • Added address to organizationalEntity
  • raise UserWarning in .component.version has length > 1024
  • coding standards and typing
  • add acknowledgement to LicenseExpression (#582)
  • more proper way to filter test cases
  • update schema to published versions
  • fetch schema 1.6 JSON
  • fetch test data for CDX 1.6
  • reformat
  • reformat
  • refactor
  • style
  • refactor
  • docs

Chore

  • chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)

What's Changed

  • chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
  • chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
  • feat: Support for CycloneDX v1.6 by @madpah in #576

Full Changelog: v6.4.4...v7.0.0

Contributors

madpah and dependabot
Assets 4
Loading

v7.0.0-alpha.1

09 Apr 15:18
@github-actions github-actions
v7.0.0-alpha.1
27833f7
Compare
Choose a tag to compare
v7.0.0-alpha.1 Pre-release
Pre-release

v7.0.0-alpha.1 (2024-04-09)

Chore

  • chore(deps): bump py-serializable to >=1.0.3 to resolve issues with deserialization to XML

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0398051)

  • chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)

Updates the requirements on autopep8 to permit the latest version.

updated-dependencies:

  • dependency-name: autopep8
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6)

  • chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)

Updates the requirements on tox to permit the latest version.

updated-dependencies:

  • dependency-name: tox
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457)

Unknown

  • docs

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (42c6f25)

  • refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b4a133a)

  • style

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0843234)

  • refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (62c1d9a)

  • reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e10ffee)

  • reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e0184cc)

  • fetch test data for CDX 1.6

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (618a292)

  • fetch schema 1.6 JSON

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (289e81a)

  • update schema to published versions

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0449de2)

  • more proper way to filter test cases

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0a2ca2c)

  • add acknowledgement to LicenseExpression (#582)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (ddd7847)

  • coding standards and typing

Signed-off-by: Paul Horton <paul.horton@owasp.org> (5c97c2d)

  • raise UserWarning in .component.version has length > 1024

Signed-off-by: Paul Horton <paul.horton@owasp.org> (abebd4f)

  • Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1327558)

  • Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org> (318d723)

  • coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d294620)

  • corrected CryptoMode enum

Signed-off-by: Paul Horton <paul.horton@owasp.org> (71e4bc6)

  • additional tests to increase code coverage

Signed-off-by: Paul Horton <paul.horton@owasp.org> (f504daa)

  • coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a3e09d1)

  • test filtering

Signed-off-by: Paul Horton <paul.horton@owasp.org> (14f699f)

  • coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (b23df1f)

  • typing and bandit ignores

Signed-off-by: Paul Horton <paul.horton@owasp.org> (96a6dc9)

  • add .component.cryptoProperties - with test failures for SchemaVersion < 1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1e71dc3)

  • properly added .component.swhid

Signed-off-by: Paul Horton <paul.horton@owasp.org> (ee80ea3)

  • imports tidied

Signed-off-by: Paul Horton <paul.horton@owasp.org> (875a338)

  • work to get deserialization tests passing

Signed-off-by: Paul Horton <paul.horton@owasp.org> (fdece59)

  • work to add .component.omniborid - but tests deserialisation tests fail due to schema differences (.component.author not in 1.6)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (af7b92b)

  • Deprecated .component.author. Added .component.authors and .component.manufacturer

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6227c08)

  • work on bom.metadata for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6192ed8)

  • note bom.metadata.manufacture as deprecated

Signed-off-by: Paul Horton <paul.horton@owasp.org> (240dfaa)

  • re-generated test snapshots for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (8132c3e)

  • added draft v1.6 schemas and boilerplate for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (41ca1e0)

Assets 4
Loading

v6.4.4

18 Mar 18:13
@github-actions github-actions
v6.4.4
4965bf9
Compare
Choose a tag to compare
v6.4.4

v6.4.4 (2024-03-18)

Chore

  • chore(deps-dev): update coverage requirement from 7.4.3 to 7.4.4 (#570)

Updates the requirements on coverage to permit the latest version.

updated-dependencies:

  • dependency-name: coverage
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3a2e427)

  • chore(deps): bump python-semantic-release/python-semantic-release (#564)

Bumps python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1.

updated-dependencies:

  • dependency-name: python-semantic-release/python-semantic-release
    dependency-type: direct:production
    update-type: version-update:semver-major
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d20a590)

  • chore(deps-dev): update tox requirement from 4.13.0 to 4.14.1 (#567)

Updates the requirements on tox to permit the latest version.

updated-dependencies:

  • dependency-name: tox
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2dcc60e)

  • chore(deps-dev): update bandit requirement from 1.7.7 to 1.7.8 (#566)

Updates the requirements on bandit to permit the latest version.

updated-dependencies:

  • dependency-name: bandit
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (eb1a252)

  • chore(deps-dev): update mypy requirement from 1.8.0 to 1.9.0 (#565)

Updates the requirements on mypy to permit the latest version.

updated-dependencies:

  • dependency-name: mypy
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3ce0f3a)

Fix

  • fix: wrong extra name for xml validation (#571)

Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> (10e38e2)

What's Changed

  • chore(deps-dev): update mypy requirement from 1.8.0 to 1.9.0 by @dependabot in #565
  • chore(deps-dev): update bandit requirement from 1.7.7 to 1.7.8 by @dependabot in #566
  • chore(deps-dev): update tox requirement from 4.13.0 to 4.14.1 by @dependabot in #567
  • chore(deps): bump python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1 by @dependabot in #564
  • chore(deps-dev): update coverage requirement from 7.4.3 to 7.4.4 by @dependabot in #570
  • fix: wrong extra name for xml validation by @lazka in #571

New Contributors

Full Changelog: v6.4.3...v6.4.4

Contributors

lazka and dependabot
Assets 4
Loading

v6.4.3

04 Mar 12:11
@github-actions github-actions
v6.4.3
e8bd5aa
Compare
Choose a tag to compare
v6.4.3

v6.4.3 (2024-03-04)

Chore

  • chore(deps-dev): update ddt requirement from 1.7.1 to 1.7.2 (#563)

Updates the requirements on ddt to permit the latest version.

updated-dependencies:

  • dependency-name: ddt
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (53cb8a9)

Fix

  • fix: serialization of model.component.Diff (#557)

Fixes #556

Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (22fa873)

What's Changed

  • chore(deps-dev): update ddt requirement from 1.7.1 to 1.7.2 by @dependabot in #563
  • fix: serialization of model.component.Diff by @rcross-lc in #557

New Contributors

Full Changelog: v6.4.2...v6.4.3

Contributors

dependabot and rcross-lc
Assets 4
Loading

v6.4.2

01 Mar 08:10
@github-actions github-actions
v6.4.2
209c357
Compare
Choose a tag to compare
v6.4.2

v6.4.2 (2024-03-01)

Maintenance release.

Build

  • build: use poetry v1.8.1 (#560)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6f81dfa)

Chore

  • chore(deps-dev): update coverage requirement from 7.4.1 to 7.4.3 (#558)

Updates the requirements on coverage to permit the latest version.

updated-dependencies:

  • dependency-name: coverage
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2b7f261)

  • chore(deps): bump Gr1N/setup-poetry from 8 to 9 (#555)

Bumps Gr1N/setup-poetry from 8 to 9.

updated-dependencies:

  • dependency-name: Gr1N/setup-poetry
    dependency-type: direct:production
    update-type: version-update:semver-major
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (178ce32)

  • chore(deps-dev): update tox requirement from 4.12.1 to 4.13.0 (#553)

Updates the requirements on tox to permit the latest version.

updated-dependencies:

  • dependency-name: tox
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (77fb2ec)

  • chore(deps-dev): update flake8-quotes requirement from 3.3.2 to 3.4.0 (#552)

Updates the requirements on flake8-quotes to permit the latest version.

updated-dependencies:

  • dependency-name: flake8-quotes
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cd8e67c)

  • chore(deps-dev): update flake8-bugbear requirement (#549)

Updates the requirements on flake8-bugbear to permit the latest version.

updated-dependencies:

  • dependency-name: flake8-bugbear
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (153d83e)

Documentation

  • docs: update architecture description and examples (#550)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a19fd28)

  • docs: exclude internal docs from rendering (#545)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7e55dfe)

Unknown

  • docs

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (63cff7e)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b0e5b43)

Assets 4
Loading

v6.4.1

30 Jan 10:38
@github-actions github-actions
v6.4.1
b3dd930
Compare
Choose a tag to compare
v6.4.1

v6.4.1 (2024-01-30)

Chore

  • chore(deps-dev): update bandit requirement from 1.7.6 to 1.7.7 (#542)

Updates the requirements on bandit to permit the latest version.

updated-dependencies:

  • dependency-name: bandit
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0d159c2)

  • chore(deps-dev): update coverage requirement from 7.4.0 to 7.4.1 (#541)

Updates the requirements on coverage to permit the latest version.

updated-dependencies:

  • dependency-name: coverage
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fa82a24)

Documentation

  • docs: ship docs with sdist build (#544)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (52ef01c)

  • docs: refactor example

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c1776b7)

Fix

  • fix: model.BomRef no longer equal to unset peers (#543)

    fixes #539

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1fd7fee)

Unknown

  • tests: fetched schema 1.5 test data from spec (#536)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (394cc87)

What's Changed

Full Changelog: v6.4.0...v6.4.1

Contributors

jkowalleck and dependabot
Assets 4
Loading