v2.1.0

Feature

• Output errors are verbose (bfe8fb1)

v2.0.0

Feature

• Bump dependencies (da3f0ca)
• Completed work on #155 (#172) (a926b34)
• Support complete model for bom.metadata (#162) (2938a6c)
• Support for bom.externalReferences in JSON and XML #124 (1b733d7)
• Complete support for bom.components (#155) (32c0139)
• Support services in XML BOMs (9edf6c9)

Fix

• license_url not serialised in XML output #179 (#180) (f014d7c)
• Component.bom_ref is not Optional in our model implementation (in the schema it is) - we generate a UUID if bom_ref is not supplied explicitly (5c954d1)
• Temporary fix for __hash__ of Component with properties #153 (a51766d)
• Further fix for #150 (1f55f3e)
• Regression introduced by first fix for #150 (c09e396)
• Components with no version (optional since 1.4) produce invalid BOM output in XML #150 (70d25c8)
• expression not supported in Component Licsnes for version 1.0 (15b081b)

Breaking

• Adopt PEP-3102 (da3f0ca)
• Optional Lists are now non-optional Sets (da3f0ca)
• Remove concept of DEFAULT schema version - replaced with LATEST schema version (da3f0ca)
• Added BomRef data type (da3f0ca)

v1.3.0

Feature

• bom-ref for Component and Vulnerability default to a UUID (#142) (3953bb6)

v1.2.0

Feature

• Add CPE to component (#138) (269ee15)

v1.1.1

Fix

• Bump dependencies (#136) (18ec498)

v1.1.0

Feature

• Add support for bom.metadata.component (#118) (1ac31f4)

v1.0.0

Support for CycloneDX schema version 1.4 (#108)

Breaking Changes

Support for CycloneDX 1.4. This includes:

• Support for tools having externalReferences
• Allowing version for a Component to be optional in 1.4
• Support for releaseNotes per Component
• Support for the core schema implementation of Vulnerabilities (VEX)

Features

• $schema is now included in JSON BOMs
• Concrete Parsers have now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python

Fixes

• Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
• Ensure schema is adhered to in 1.0
• URIs are now used throughout the library through a new XsUri class to provide URI validation

Other

• Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
• Added reference to release of this library on Anaconda

Full Changelog: v0.12.3...v1.0.0

v0.12.3

Fix

• Removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) (3677d9f)

v0.12.2

Fix

• Tightened dependency packageurl-python (#95) (eb4ae5c)

v0.12.1

Fix

• Further loosened dependency definitions (8bef6ec)