Releases: CycloneDX/cyclonedx-python-lib
v7.4.1
v7.4.1 (2024-06-12)
Chore
- chore: rollback py sem release matcher
Signed-off-by: Jan Kowalleck <[email protected]> (c33a130)
Documentation
- docs: exclude dep bumps from changelog (#627)
fixes #616
Signed-off-by: Jan Kowalleck <[email protected]> (60361f7)
Fix
- fix:
cyclonedx.model.Property.valuevalue is optional (#631)
cyclonedx.model.Property.value value is optional, in accordance with
the spec.
fixes #630
Signed-off-by: Michael Schlenker <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Michael Schlenker <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (ad0f98b)
v7.4.0
v7.4.0 (2024-05-23)
Documentation
- docs: OSSP best practice percentage
Signed-off-by: Jan Kowalleck <[email protected]> (75f58dc)
Feature
- feat: updated SPDX license list to
v3.24.0(#622)
Signed-off-by: Jan Kowalleck <[email protected]> (3f9770a)
What's Changed
- chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
- chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
- chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
- chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
- feat: updated SPDX license list to
v3.24.0by @jkowalleck in #622
Full Changelog: v7.3.4...v7.4.0
Contributors
Assets 4
v7.3.4
v7.3.4 (2024-05-06)
Fix
- fix: allow suppliers with empty-string names (#611)
fixes #600
Signed-off-by: Jan Kowalleck <[email protected]> (b331aeb)
What's Changed
- fix: allow suppliers with empty-string names by @jkowalleck in #611
Full Changelog: v7.3.3...v7.3.4
Contributors
Assets 4
v7.3.3
v7.3.3 (2024-05-06)
Chore
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <[email protected]> (0d00496)
- chore(ci): update GH action versions (#606)
Signed-off-by: Paul Horton <[email protected]> (6d1bc5b)
Fix
- fix: json validation allow arbitrary
$schemavalue (#613)
fixes #612
Signed-off-by: Jan Kowalleck <[email protected]> (08b7c60)
What's Changed
- chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
- chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
- chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
- chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
- chore(ci): update GH action versions by @madpah in #606
- chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
- fix: json validation allow arbitrary
$schemavalue by @jkowalleck in #613
Full Changelog: v7.3.2...v7.3.3
Contributors
Assets 4
v7.3.2
v7.3.2 (2024-04-26)
Fix
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors
fixes #598
fixes #586
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Co-authored-by: Paul Horton <[email protected]> (8df488c)
v7.3.1
v7.3.1 (2024-04-22)
Chore
- chore: semantic-release git commit/sign valid email address
Signed-off-by: Jan Kowalleck <[email protected]> (d437c40)
Fix
Fixes #586.
Signed-off-by: Paul Horton <[email protected]> (d784685)
v7.3.0
v7.3.0 (2024-04-19)
Feature
- feat: license factory set
acknowledgement(#593)
add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.
Signed-off-by: Jan Kowalleck <[email protected]> (7ca2455)
v7.2.0
v7.2.0 (2024-04-19)
Feature
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <[email protected]> (9bf1839)
Unknown
- tests: add meaningful names to validation tests (#588)
When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1
Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.
Append meaningful names to validation tests so that instead of e.g.:
[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008
the tests are named:
[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6
Signed-off-by: Claudia <[email protected]> (ae3f79c)
- doc: poor merge resolved
Signed-off-by: Paul Horton <[email protected]> (a498faa)
What's Changed
- tests: meaningful names to validation tests by @claui in #588
- feat: disjunctive license acknowledgement by @jkowalleck in #591
New Contributors
Full Changelog: v7.1.0...v7.2.0
Contributors
Assets 4
v7.1.0
v7.1.0 (2024-04-10)
Documentation
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <[email protected]> (d230e67)
Feature
- feat: support
bom.propertiesfor CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <[email protected]> (1d1c45a)
What's Changed
- docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
- feat: support
bom.propertiesfor CycloneDX v1.5+ by @madpah in #585
Full Changelog: v7.0.0...v7.1.0
Contributors
Assets 4
v7.0.0
v7.0.0 (2024-04-09)
Breaking
-
feat!: Support for CycloneDX v1.6
-
added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <[email protected]>
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <[email protected]>
- note
bom.metadata.manufactureas deprecated
Signed-off-by: Paul Horton <[email protected]>
- work on
bom.metadatafor v1.6
Signed-off-by: Paul Horton <[email protected]>
- Deprecated
.component.author. Added.component.authorsand.component.manufacturer
Signed-off-by: Paul Horton <[email protected]>
- work to add
.component.omniborid- but tests deserialisation tests fail due to schema differences (.component.authornot in 1.6)
Signed-off-by: Paul Horton <[email protected]>
- work to get deserialization tests passing
Signed-off-by: Paul Horton <[email protected]>
- chore(deps): bump
py-serializableto >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <[email protected]>
- imports tidied
Signed-off-by: Paul Horton <[email protected]>
- properly added
.component.swhid
Signed-off-by: Paul Horton <[email protected]>
- add
.component.cryptoProperties- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <[email protected]>
- typing and bandit ignores
Signed-off-by: Paul Horton <[email protected]>
- coding standards
Signed-off-by: Paul Horton <[email protected]>
- test filtering
Signed-off-by: Paul Horton <[email protected]>
- coding standards
Signed-off-by: Paul Horton <[email protected]>
- additional tests to increase code coverage
Signed-off-by: Paul Horton <[email protected]>
- corrected CryptoMode enum
Signed-off-by: Paul Horton <[email protected]>
- coding standards
Signed-off-by: Paul Horton <[email protected]>
- Added
addresstoorganizationalEntity
Signed-off-by: Paul Horton <[email protected]>
- Added
addresstoorganizationalEntity
Signed-off-by: Paul Horton <[email protected]>
- raise
UserWarningin.component.versionhas length > 1024
Signed-off-by: Paul Horton <[email protected]>
- coding standards and typing
Signed-off-by: Paul Horton <[email protected]>
- add
acknowledgementtoLicenseExpression(#582)
Signed-off-by: Paul Horton <[email protected]>
- more proper way to filter test cases
Signed-off-by: Paul Horton <[email protected]>
- update schema to published versions
Signed-off-by: Paul Horton <[email protected]>
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <[email protected]>
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <[email protected]>
- reformat
Signed-off-by: Jan Kowalleck <[email protected]>
- reformat
Signed-off-by: Jan Kowalleck <[email protected]>
- refactor
Signed-off-by: Jan Kowalleck <[email protected]>
- style
Signed-off-by: Jan Kowalleck <[email protected]>
- refactor
Signed-off-by: Jan Kowalleck <[email protected]>
- docs
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (8bbdf46)
Chore
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6)
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457)
What's Changed
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
- feat: Support for CycloneDX v1.6 by @madpah in #576
Full Changelog: v6.4.4...v7.0.0