Releases: CycloneDX/cyclonedx-python-lib
v6.4.2
v6.4.2 (2024-03-01)
Maintenance release.
Build
- build: use poetry v1.8.1 (#560)
Signed-off-by: Jan Kowalleck <[email protected]> (6f81dfa)
Chore
- chore(deps-dev): update coverage requirement from 7.4.1 to 7.4.3 (#558)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2b7f261)
- chore(deps): bump Gr1N/setup-poetry from 8 to 9 (#555)
Bumps Gr1N/setup-poetry from 8 to 9.
updated-dependencies:
- dependency-name: Gr1N/setup-poetry
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (178ce32)
- chore(deps-dev): update tox requirement from 4.12.1 to 4.13.0 (#553)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (77fb2ec)
- chore(deps-dev): update flake8-quotes requirement from 3.3.2 to 3.4.0 (#552)
Updates the requirements on flake8-quotes to permit the latest version.
updated-dependencies:
- dependency-name: flake8-quotes
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cd8e67c)
- chore(deps-dev): update flake8-bugbear requirement (#549)
Updates the requirements on flake8-bugbear to permit the latest version.
updated-dependencies:
- dependency-name: flake8-bugbear
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (153d83e)
Documentation
- docs: update architecture description and examples (#550)
Signed-off-by: Jan Kowalleck <[email protected]> (a19fd28)
- docs: exclude internal docs from rendering (#545)
Signed-off-by: Jan Kowalleck <[email protected]> (7e55dfe)
Unknown
- docs
Signed-off-by: Jan Kowalleck <[email protected]> (63cff7e)
- docs (#546)
Signed-off-by: Jan Kowalleck <[email protected]> (b0e5b43)
v6.4.1
v6.4.1 (2024-01-30)
Chore
- chore(deps-dev): update bandit requirement from 1.7.6 to 1.7.7 (#542)
Updates the requirements on bandit to permit the latest version.
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0d159c2)
- chore(deps-dev): update coverage requirement from 7.4.0 to 7.4.1 (#541)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fa82a24)
Documentation
- docs: ship docs with
sdistbuild (#544)
Signed-off-by: Jan Kowalleck <[email protected]> (52ef01c)
- docs: refactor example
Signed-off-by: Jan Kowalleck <[email protected]> (c1776b7)
Fix
Signed-off-by: Jan Kowalleck <[email protected]> (1fd7fee)
Unknown
- tests: fetched schema 1.5 test data from spec (#536)
Signed-off-by: Jan Kowalleck <[email protected]> (394cc87)
What's Changed
- tests: fetched schema 1.5 test data from spec by @jkowalleck in #536
- chore(deps-dev): update coverage requirement from 7.4.0 to 7.4.1 by @dependabot in #541
- chore(deps-dev): update bandit requirement from 1.7.6 to 1.7.7 by @dependabot in #542
- docs: ship docs with
sdistbuild by @jkowalleck in #544 - fix:
model.BomRefno longer equal to unset peers by @jkowalleck in #543
Full Changelog: v6.4.0...v6.4.1
Contributors
Assets 4
v6.4.0
v6.4.0 (2024-01-22)
Chore
- chore(deps-dev): update tox requirement from 4.12.0 to 4.12.1 (#533)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (74094d7)
- chore(deps-dev): update flake8-bugbear requirement (#534)
Updates the requirements on flake8-bugbear to permit the latest version.
updated-dependencies:
- dependency-name: flake8-bugbear
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6e6f374)
- chore: doc flake8 config
Signed-off-by: Jan Kowalleck <[email protected]> (bd4c078)
- chore(deps-dev): update tox requirement from 4.11.4 to 4.12.0 (#530)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (130918a)
Documentation
- docs: add OpenSSF Best Practices shield (#532)
Signed-off-by: Jan Kowalleck <[email protected]> (59c4381)
Feature
- feat: support
py-serializablev1.0 (#531)
Signed-off-by: Jan Kowalleck <[email protected]> (e1e7277)
v6.3.0
v6.3.0 (2024-01-06)
Chore
- chore(deps-dev): update flake8 requirement from 6.1.0 to 7.0.0 (#528)
Updates the requirements on flake8 to permit the latest version.
updated-dependencies:
- dependency-name: flake8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6b7ed78)
- chore(deps-dev): update ddt requirement from 1.7.0 to 1.7.1 (#527)
Updates the requirements on ddt to permit the latest version.
updated-dependencies:
- dependency-name: ddt
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9a58e7e)
Documentation
- docs: add
Documentationurl to project meta
Signed-off-by: Jan Kowalleck <[email protected]> (1080b73)
- docs: add
Documentationurl to project meta
Signed-off-by: Jan Kowalleck <[email protected]> (c4288b3)
Feature
- feat: enable dependency
py-serializable 0.17(#529)
Signed-off-by: Jan Kowalleck <[email protected]> (9f24220)
What's Changed
- chore(deps-dev): update ddt requirement from 1.7.0 to 1.7.1 by @dependabot in #527
- chore(deps-dev): update flake8 requirement from 6.1.0 to 7.0.0 by @dependabot in #528
- feat: enable dependency
py-serializable 0.17by @jkowalleck in #529
Full Changelog: v6.2.0...v6.3.0
Contributors
Assets 4
v6.2.0
v6.2.0 (2023-12-31)
Build
- build: allow additional major-version RC branch patterns
Signed-off-by: Jan Kowalleck <[email protected]> (f8af156)
Chore
- chore(deps-dev): update coverage requirement from 7.3.3 to 7.4.0 (#524)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9bcc223)
- chore(deps-dev): update mypy requirement from 1.7.1 to 1.8.0 (#521)
Updates the requirements on mypy to permit the latest version.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (720046e)
Documentation
- docs: fix typo
Signed-off-by: Jan Kowalleck <[email protected]> (2563996)
- docs: update intro and description
Signed-off-by: Jan Kowalleck <[email protected]> (f0bd05d)
- docs: buld docs on ubuntu22.04 python311
Signed-off-by: Jan Kowalleck <[email protected]> (b3e9ab7)
Feature
- feat: allow
lxmlrequirement in range of>=4,<6(#523)
Updates the requirements on lxml to permit the latest version.
updated-dependencies:
- dependency-name: lxml
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7d12b9a)
Unknown
- docs
Signed-off-by: Jan Kowalleck <[email protected]> (7dcd166)
What's Changed
- chore(deps-dev): update mypy requirement from 1.7.1 to 1.8.0 by @dependabot in #521
- chore(deps-dev): update coverage requirement from 7.3.3 to 7.4.0 by @dependabot in #524
- chore(deps): update lxml requirement from ^4 to >=4,<6 by @dependabot in #523
Full Changelog: v6.1.0...v6.2.0
Contributors
Assets 4
v6.1.0
v6.1.0 (2023-12-22)
Chore
- chore: update maintainers
Signed-off-by: Jan Kowalleck <[email protected]> (87c72d7)
- chore(deps): bump python-semantic-release/python-semantic-release (#515)
Bumps python-semantic-release/python-semantic-release from 8.5.0 to 8.5.1.
updated-dependencies:
- dependency-name: python-semantic-release/python-semantic-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0f56ec4)
- chore(deps-dev): update coverage requirement from 7.3.2 to 7.3.3 (#517)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a57e2f6)
- chore(deps-dev): update isort requirement from 5.13.0 to 5.13.2 (#516)
Updates the requirements on isort to permit the latest version.
updated-dependencies:
- dependency-name: isort
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (84874a3)
Feature
- feat: add function to map python
hashlibalgorithms to CycloneDX (#519)
new API: model.HashType.from_hashlib_alg()
Signed-off-by: Jan Kowalleck <[email protected]> (81f8cf5)
What's Changed
- chore(deps-dev): update isort requirement from 5.13.0 to 5.13.2 by @dependabot in #516
- chore(deps-dev): update coverage requirement from 7.3.2 to 7.3.3 by @dependabot in #517
- chore(deps): bump python-semantic-release/python-semantic-release from 8.5.0 to 8.5.1 by @dependabot in #515
- feat: add function to map python
hashlibalgorithms to CycloneDX by @jkowalleck in #519
Full Changelog: v6.0.0...v6.1.0
Contributors
Assets 4
v6.0.0
v6.0.0 (2023-12-10)
Breaking
- feat!: v6.0.0 (#492)
Breaking Changes
- Removed symbols that were already marked as deprecated (via #493)
- Removed symbols in
parser.*(#489 via #495) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION(#491 via #494) - Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
Handling might raise warnings if a data loss occurred due to omitting.
The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. - Serialization of any
model.component.Componentwith unsupportedtyperaisesexception.serialization.SerializationOfUnsupportedComponentTypeException(#490 via #496) - Object
model.bom_ref.BomRef's propertyvaluedefaults toNull, was arbitraryUUID(#504 via #505)
This change does not affect serialization. Allbom-refs are guaranteed to have unique values on rendering. - Removed helpers from public API (#503 via #506)
Added
Tests
- Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
- Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)
Misc
- Bumped dependency
py-serializable@^0.16, was@^0.15(via #496)
API Changes β the details for migration
- Added new sub-package
exception.serialization(via #496) - Removed class
models.ComparableTuple(#503 via #506) - Enum
model.ExternalReferenceTypegot new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed function
models.get_now_utc(#503 via #506) - Removed function
models.sha1sum(#503 via #506) - Enum
model.component.ComponentTypegot new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
model.component.Component.__init__()'s deprecated optional kwargnamespace(via #493)
Use kwarggroupinstead. - Removed
model.component.Component.__init__()'s deprecated optional kwarglicense_str(via #493)
Use kwarglicensesinstead. - Removed deprecated method
model.component.Component.get_namespace()(via #493) - Removed class
models.dependency.DependencyDependencies(#503 via #506) - Removed
model.vulnerability.Vulnerability.__init__()'s deprecated optional kwargsource_name(via #493)
Use kwargsourceinstead. - Removed
model.vulnerability.Vulnerability.__init__()'s deprecated optional kwargsource_url(via #493)
Use kwargsourceinstead. - Removed
model.vulnerability.Vulnerability.__init__()'s deprecated optional kwargrecommendations(via #493)
Use kwargrecommendationinstead. - Removed
model.vulnerability.VulnerabilityRating.__init__()'s deprecated optional kwargscore_base(via #493)
Use kwargscoreinstead. - Enum
model.vulnerability.VulnerabilityScoreSourcegot new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION(#491 via #494) - Removed deprecated function
output.get_instance()(via #493)
Use functionoutput.make_outputter()instead. - Added new class
output.json.JsonV1Dot5, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.json.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488) - Added new class
output.xml.XmlV1Dot5, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.xml.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488) - Removed class
parser.ParserWarning(#489 via #495) - Removed class
parser.BaseParser(#489 via #495) - Enum
schema.SchemaVersiongot new caseV1_5, to reflect CycloneDX 1.5 (#404 via #488)
Signed-off-by: Johannes Feichtner <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <[email protected]>
Co-authored-by: semantic-release <semantic-release> (74865f8)
Chore
- chore(deps): bump python-semantic-release/python-semantic-release (#509)
Bumps python-semantic-release/python-semantic-release from 8.0.8 to 8.5.0.
updated-dependencies:
- dependency-name: python-semantic-release/python-semantic-release
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9ed9ab1)
- chore(deps-dev): update isort requirement from 5.12.0 to 5.13.0 (#512)
Updates the requirements on isort to permit the latest version.
updated-dependencies:
- dependency-name: isort
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0eba631)
- chore(deps-dev): update bandit requirement from 1.7.5 to 1.7.6 (#510)
Updates the requirements on bandit to permit the latest version.
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (153b07a)
- chore(deps): bump actions/setup-python from 4 to 5 (#508)
Bumps actions/setup-python from 4 to 5.
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4e3e0e0)
- chore(deps): update sphinx-rtd-theme requirement (#499)
Updates the requirements on sphinx-rtd-theme to permit the latest version.
updated-dependencies:
- dependency-name: sphinx-rtd-theme
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5d6dd41)
- chore(deps-dev): update flake8-bugbear requirement (#500)
Updates the requirements on flake8-bugbear to permit the latest version.
updated-dependencies:
- dependency-name: flake8-bugbear
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by:...
Contributors
Assets 4
v6.0.0-rc.3
What's Changed since v6.0.0-rc.2
Build process was modernized
see the details here: #492
v6.0.0-rc.3 Changelog: v6.0.0-rc.2...v6.0.0-rc.3
Full change list
see #492
Full Changelog: v5.2.0...v6.0.0-rc.3
v6.0.0-rc.2
What's Changed since v6.0.0-rc.1
Breaking Changes
- Object
model.bom_ref.BomRef's propertyvaluedefaults toNull, was arbitraryUUID(#504 via #505)
This change does not affect serialization. Allbom-refs are guaranteed to have unique values on rendering. - Removed helpers from public API (#503 via #506)
see the details here: #492
v6.0.0-rc.2 Changelog: v6.0.0-rc.1...v6.0.0-rc.2
Full change list
see #492
Full Changelog: v5.2.0...v6.0.0-rc.2
v5.2.0
v5.2.0 (2023-12-02)
Chore
- chore(deps-dev): update mypy requirement from 1.7.0 to 1.7.1 (#487)
Updates the requirements on mypy to permit the latest version.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (78957e6)
- chore(deps-dev): update mypy requirement from 1.6.1 to 1.7.0 (#484)
Updates the requirements on mypy to permit the latest version.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c716ba3)
- chore(deps-dev): update ddt requirement from 1.6.0 to 1.7.0 (#483)
Updates the requirements on ddt to permit the latest version.
updated-dependencies:
- dependency-name: ddt
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8a1f7b9)
- chore: mograte dev-dependencies to new poetry layout (#482)
see https://python-poetry.org/docs/managing-dependencies/#dependency-groups
Signed-off-by: Jan Kowalleck <[email protected]> (a85585c)
- chore(deps-dev): update flake8-isort requirement from 6.1.0 to 6.1.1 (#481)
Updates the requirements on flake8-isort to permit the latest version.
updated-dependencies:
- dependency-name: flake8-isort
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fc74ddd)
Documentation
- docs: keywaords & funding (#486)
Signed-off-by: Jan Kowalleck <[email protected]> (3189e59)
Feature
- feat:
model.XsUrimigrate control characters according to spec (#498)
fixes #497
Signed-off-by: Jan Kowalleck <[email protected]> (e490429)