v4.2.0

v4.2.0 (2023-09-06)

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#423)

Bumps python-semantic-release/python-semantic-release from 8.0.7 to 8.0.8.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (13e441d)

Feature

• feat: complete SPDX license expression (#425)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e06f9fd)

v4.1.0

v4.1.0 (2023-08-27)

Chore

• chore: migrate to python-semantic-release8 (#421)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (14c501c)

• chore: migrate to python-semantic-release8 (#420)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0e35d88)

• chore: migrate to python-semantic-release8 (#419)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (adf5a36)

• chore(deps-dev): bump distlib from 0.3.6 to 0.3.7 (#412)

Bumps distlib from 0.3.6 to 0.3.7.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: distlib
  dependency-type: indirect
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bc9f01d)

• chore(deps-dev): bump pluggy from 1.0.0 to 1.2.0 (#413)

Bumps pluggy from 1.0.0 to 1.2.0.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: pluggy
  dependency-type: indirect
  update-type: version-update:semver-minor
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (be8af3e)

• chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#411)

Bumps typed-ast from 1.5.4 to 1.5.5.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: typed-ast
  dependency-type: indirect
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (75302b1)

• chore(deps-dev): bump lxml from 4.9.2 to 4.9.3 (#405)

Bumps lxml from 4.9.2 to 4.9.3.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: lxml
  dependency-type: direct:development
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6aa057b)

• chore(deps-dev): bump mypy from 1.4.0 to 1.4.1 (#400)

Bumps mypy from 1.4.0 to 1.4.1.

• Commits

---

updated-dependencies:

• dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (54d6a1a)

Ci

• ci: streamline concurrency for deploy (#406)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a7ddfa)

• ci: run examples on prod-deps only (#402)

• ci: run examples on prod-deps only

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• ci: simplify ci

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf40048)

• ci: run examples (#401)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (058f386)

Documentation

• docs(examples): showcase shorthand dependency management (#403)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8b32efb)

Feature

• feat: programmatic access to library's version (#417)

adds cyclonedx.__version__

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3585ea9)

v4.0.1

Fix

• Conditional warning if no root dependencies were found (#398) (c8175bb)

Documentation

• examples: README (#399) (1d262ba)
• Add exaple how to build and serialize (#397) (65e22bd)

v4.0.0

Feature

• Release 4.0.0 #341) (8fb1b14)

Breaking

• Large portions of this library have been re-written for this release and many methods and contracts have changed. (8fb1b14)
• Model classes changed to relocated Vulnerability at Bom, not at Component (8fb1b14)
• Model classes changed to relocated Vulnerability at Bom, not at Component (8fb1b14)
• (8fb1b14)

v3.1.5

Fix

• Mak test's schema paths relative to cyclonedx package (#338) (1f0c05f)

v3.1.4

Fix

• tests: Include tests in sdist builds (#337) (936ad7d)

v3.1.3

Fix

• Serialize dependency graph for nested components (#329) (fb3f835)

v3.1.2

Fix

• Prevent errors on metadata handling for some specification versions (#330) (f08a656)

Documentation

• Typo (539b57a)
• Fix shields (#324) (555dad4)
• Fix typo (#318) (63bfb87)

v3.1.1

Fix

• Type hint for get_component_by_purl is incorrect (3f20bf0)

v3.1.0

Feature

• Out-factor SPDX compound detection (fd4d537, 2b69925)
• License factories (033bad2)

---

Note: There was no 3.0.0 release officially, but due to CI publishing issues, an unexpected 3.0.0 release was publiched to PyPi and subsequently yanked from PyPi. There are NO breaking changes between 2.7.1 and 3.1.0.