Skip to content

Releases: CycloneDX/cyclonedx-python-lib

v8.5.0

18 Nov 08:34
Compare
Choose a tag to compare

v8.5.0 (2024-11-18)

Documentation

  • docs: remove invalid docsting note about auto-assigned bom-ref values (#733) (5aa5787)

Feature

  • feat: support CycloneDX 1.6.1 (#742)

What's Changed

  • docs: remove invalid docsting note about auto-assigned bom-ref values by @jkowalleck in #733
  • chore(deps-dev): update flake8-bugbear requirement from 24.8.19 to 24.10.31 by @dependabot in #734
  • chore(deps-dev): update tomli requirement from 2.0.2 to 2.1.0 by @dependabot in #739
  • feat: support CycloneDX 1.6.1 by @jkowalleck in #742

Full Changelog: v8.4.0...v8.5.0

v8.4.0

29 Oct 09:35
Compare
Choose a tag to compare

v8.4.0 (2024-10-29)

Feature

  • feat: add factory method XsUri.make_bom_link() (#728)

Fix

  • fix: no warning for missing dependencies if no component exists (#720)

Docs

  • docs: fix Definitions docstring (#731)

What's Changed

New Contributors

Full Changelog: v8.3.0...v8.4.0

v8.3.0

26 Oct 13:19
Compare
Choose a tag to compare

v8.3.0 (2024-10-26)

Documentation

  • docs: revisit examples readme (#725)

Feature

  • feat: add basic support for Definitions (#701)

What's Changed

Full Changelog: v8.2.1...v8.3.0

v8.2.1

24 Oct 10:56
Compare
Choose a tag to compare

v8.2.1 (2024-10-24)

Fix

  • fix: encode quotation mark in URL (#724)

What's Changed

New Contributors

Full Changelog: v8.2.0...v8.2.1

v8.2.0

22 Oct 07:34
Compare
Choose a tag to compare

v8.2.0 (2024-10-22)

Feature

  • feat: Add Python 3.13 support (#718)

What's Changed

Full Changelog: v8.1.0...v8.2.0

v8.1.0

21 Oct 08:32
Compare
Choose a tag to compare

v8.1.0 (2024-10-21)

Documentation

  • docs: fix code examples regarding outputting (#709)

Feature

  • feat: add support for Lifecycles in BOM metadata (#698)

What's Changed

  • docs: fix code examples regarding outputting by @hakandilek in #709
  • chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #716
  • chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #714
  • chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @dependabot in #715
  • feat: add support for Lifecycles in BOM metadata by @Churro in #698

Full Changelog: v8.0.0...v8.1.0

v8.0.0

14 Oct 12:32
Compare
Choose a tag to compare

v8.0.0 (2024-10-14)

Breaking

  • feat!: v8.0.0 (#665)

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Constructor cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository for argument tools.
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool.
    Downstream users SHOULD add it manually, like my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

see https://cyclonedx-python-library.readthedocs.io/en/v8.0.0/upgrading.html


What's Changed

Full Changelog: v7.6.2...v8.0.0

v7.6.2

07 Oct 13:21
Compare
Choose a tag to compare

v7.6.2 (2024-10-07)

Chore

  • chore: trusted publishing (#695)

fixes #681

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cc09c42)

Documentation

  • docs: fix some doc strings

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4fa8fc1)

Fix

  • fix: behavior of and typing for crypto setters with optional values (#694)

fixes #690


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d8b20bd)


What's Changed

  • chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
  • chore(deps-dev): update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #688
  • chore(deps-dev): update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #693
  • chore: trusted publishing by @jkowalleck in #695
  • fix: behavior of and typing for crypto setters with optional values by @jkowalleck in #694

Full Changelog: v7.6.1...v7.6.2

v8.0.0-rc.2

27 Sep 11:41
Compare
Choose a tag to compare
v8.0.0-rc.2 Pre-release
Pre-release

BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2

  • rename ToolsRepository -> ToolRepository (#687)

Fixes

  • ToolRepository serialization will properly deduplicate migrated items

What's Changed

Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2



Full change log of v8.0.0:

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

v8.0.0-rc.1

25 Sep 12:50
Compare
Choose a tag to compare
v8.0.0-rc.1 Pre-release
Pre-release

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolsRepository
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolsRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/


What's Changed

New Contributors

Full Changelog: v7.6.1...v8.0.0-rc.1