Releases: CycloneDX/cyclonedx-python-lib
v8.5.0
v8.5.0 (2024-11-18)
Documentation
Feature
- feat: support CycloneDX 1.6.1 (#742)
What's Changed
- docs: remove invalid docsting note about auto-assigned
bom-ref
values by @jkowalleck in #733 - chore(deps-dev): update flake8-bugbear requirement from 24.8.19 to 24.10.31 by @dependabot in #734
- chore(deps-dev): update tomli requirement from 2.0.2 to 2.1.0 by @dependabot in #739
- feat: support CycloneDX 1.6.1 by @jkowalleck in #742
Full Changelog: v8.4.0...v8.5.0
v8.4.0
v8.4.0 (2024-10-29)
Feature
- feat: add factory method
XsUri.make_bom_link()
(#728)
Fix
- fix: no warning for missing dependencies if no component exists (#720)
Docs
- docs: fix
Definitions
docstring (#731)
What's Changed
- refactor: reuse internal helper
bom_ref_from_str
by @jkowalleck in #727 - chore(deps-dev): update tox requirement from 4.23.0 to 4.23.2 by @dependabot in #729
- chore(deps-dev): update mypy requirement from 1.12.0 to 1.13.0 by @dependabot in #730
- doc: fix
Definitions
docstring by @hakandilek in #731 - feat: add factory method
XsUri.make_bom_link()
by @saquibsaifee in #728 - fix: no warning for missing dependencies if no component exists by @weichslgartner in #720
New Contributors
- @saquibsaifee made their first contribution in #728
Full Changelog: v8.3.0...v8.4.0
v8.3.0
v8.3.0 (2024-10-26)
Documentation
- docs: revisit examples readme (#725)
Feature
- feat: add basic support for Definitions (#701)
What's Changed
- docs: revisit examples readme by @jkowalleck in #725
- feat: add basic support for Definitions by @hakandilek in #701
Full Changelog: v8.2.1...v8.3.0
v8.2.1
v8.2.1 (2024-10-24)
Fix
- fix: encode quotation mark in URL (#724)
What's Changed
- chore: fix pre-commit hook for mypy by @weichslgartner in #723
- fix: encode quotation mark in URL by @jkowalleck in #724
New Contributors
- @weichslgartner made their first contribution in #723
Full Changelog: v8.2.0...v8.2.1
v8.2.0
v8.2.0 (2024-10-22)
Feature
- feat: Add Python 3.13 support (#718)
What's Changed
Full Changelog: v8.1.0...v8.2.0
v8.1.0
v8.1.0 (2024-10-21)
Documentation
- docs: fix code examples regarding outputting (#709)
Feature
- feat: add support for Lifecycles in BOM metadata (#698)
What's Changed
- docs: fix code examples regarding outputting by @hakandilek in #709
- chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #716
- chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #714
- chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @dependabot in #715
- feat: add support for Lifecycles in BOM metadata by @Churro in #698
Full Changelog: v8.0.0...v8.1.0
v8.0.0
v8.0.0 (2024-10-14)
Breaking
- feat!: v8.0.0 (#665)
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool
, utilizecyclonedx.builder.this.this_tool()
instead. - Moved
cyclonedx.model.Tool
tocyclonedx.model.tool.Tool
. - Property
cyclonedx.mode.bom.BomMetaData.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Constructor
cyclonedx.model.license.LicenseExpression()
accepts optional argumentacknowledgement
only as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaData
also accepts an instance ofcyclonedx.model.tool.ToolRepository
for argumenttools
. - Constructor of
cyclonedx.model.bom.BomMetaData
no longer adds this very library as a tool.
Downstream users SHOULD add it manually, likemy-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())
.
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository
. - New function
cyclonedx.builder.this.this_component()
-- representation of this very python library as aComponent
. - New function
cyclonedx.builder.this.this_tool()
-- representation of this very python library as aTool
. - New function
cyclonedx.model.tool.Tool.from_component()
.
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2
, was>=1.1.0,<2
.
Docs & Migration Paths
see https://cyclonedx-python-library.readthedocs.io/en/v8.0.0/upgrading.html
What's Changed
- chore: ignore coverage of abstract methods by @jkowalleck in #699
- docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #703
- feat!: v8.0.0 by @jkugler & @jkowalleck in #665
Full Changelog: v7.6.2...v8.0.0
v7.6.2
v7.6.2 (2024-10-07)
Chore
- chore: trusted publishing (#695)
fixes #681
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cc09c42
)
Documentation
- docs: fix some doc strings
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4fa8fc1
)
Fix
- fix: behavior of and typing for crypto setters with optional values (#694)
fixes #690
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d8b20bd
)
What's Changed
- chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
- chore(deps-dev): update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #688
- chore(deps-dev): update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #693
- chore: trusted publishing by @jkowalleck in #695
- fix: behavior of and typing for crypto setters with optional values by @jkowalleck in #694
Full Changelog: v7.6.1...v7.6.2
v8.0.0-rc.2
BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2
- rename
ToolsRepository
->ToolRepository
(#687)
Fixes
ToolRepository
serialization will properly deduplicate migrated items
What's Changed
- rename
ToolsRepository
->ToolRepository
by @jkowalleck in #687 - fix: ToolRepository serialize migrated tools deduplicated by @jkowalleck in #686
Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2
Full change log of v8.0.0:
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool
, utilizecyclonedx.builder.this.this_tool()
instead. - Moved
cyclonedx.model.Tool
tocyclonedx.model.tool.Tool
. - Property
cyclonedx.mode.bom.BomMetaData.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. cyclonedx.model.license.LicenseExpression()
accepts optional argumentacknowledgement
only as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaData
also accepts an instance ofcyclonedx.model.tool.ToolRepository
- Constructor of
cyclonedx.model.bom.BomMetaData
no longer adds this very library as a tool. Downstream users may do so by utilizingcyclonedx.builder.this.this_tool()
.
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository
. - New function
cyclonedx.builder.this.this_component()
-- representation of this very python library as aComponent
. - New function
cyclonedx.builder.this.this_tool()
-- representation of this very python library as aTool
. - New function
cyclonedx.model.tool.Tool.from_component()
.
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2
, was>=1.1.0,<2
.
Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
v8.0.0-rc.1
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool
, utilizecyclonedx.builder.this.this_tool()
instead. - Moved
cyclonedx.model.Tool
tocyclonedx.model.tool.Tool
. - Property
cyclonedx.mode.bom.BomMetaData.tools
is of typecyclonedx.model.tool.ToolsRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.tools
is of typecyclonedx.model.tool.ToolsRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. cyclonedx.model.license.LicenseExpression()
accepts optional argumentacknowledgement
only as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaData
also accepts an instance ofcyclonedx.model.tool.ToolsRepository
- Constructor of
cyclonedx.model.bom.BomMetaData
no longer adds this very library as a tool. Downstream users may do so by utilizingcyclonedx.builder.this.this_tool()
.
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolsRepository
. - New function
cyclonedx.builder.this.this_component()
-- representation of this very python library as aComponent
. - New function
cyclonedx.builder.this.this_tool()
-- representation of this very python library as aTool
. - New function
cyclonedx.model.tool.Tool.from_component()
.
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2
, was>=1.1.0,<2
.
Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
What's Changed
- feat!: Add component and services for tools by @jkugler in #635
- feat: don't add self to
metafata.tools
by @jkowalleck in #674 - refactor!:
LicenseExpression()
optional args are named args by @jkowalleck in #595 - feat!: this-builder by @jkowalleck in #649
- tests: test builder this by @jkowalleck in #675
- chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
- chore: trusted publishing by @jkowalleck in #682
- docs: migrate to v8.0.0 by @jkowalleck in #684
- chore(dev-deps): use
tomli
by @jkowalleck in #685
New Contributors
Full Changelog: v7.6.1...v8.0.0-rc.1