Releases: CycloneDX/cyclonedx-python-lib
Releases · CycloneDX/cyclonedx-python-lib
v8.4.0
v8.4.0 (2024-10-29)
Feature
- feat: add factory method
XsUri.make_bom_link()(#728)
Fix
- fix: no warning for missing dependencies if no component exists (#720)
Docs
- docs: fix
Definitionsdocstring (#731)
What's Changed
- refactor: reuse internal helper
bom_ref_from_strby @jkowalleck in #727 - chore(deps-dev): update tox requirement from 4.23.0 to 4.23.2 by @dependabot in #729
- chore(deps-dev): update mypy requirement from 1.12.0 to 1.13.0 by @dependabot in #730
- doc: fix
Definitionsdocstring by @hakandilek in #731 - feat: add factory method
XsUri.make_bom_link()by @saquibsaifee in #728 - fix: no warning for missing dependencies if no component exists by @weichslgartner in #720
New Contributors
- @saquibsaifee made their first contribution in #728
Full Changelog: v8.3.0...v8.4.0
Contributors
hakandilek, jkowalleck, and 3 other contributors
Assets 6
v8.3.0
v8.3.0 (2024-10-26)
Documentation
- docs: revisit examples readme (#725)
Feature
- feat: add basic support for Definitions (#701)
What's Changed
- docs: revisit examples readme by @jkowalleck in #725
- feat: add basic support for Definitions by @hakandilek in #701
Full Changelog: v8.2.1...v8.3.0
Contributors
hakandilek and jkowalleck
Assets 6
v8.2.1
v8.2.1 (2024-10-24)
Fix
- fix: encode quotation mark in URL (#724)
What's Changed
- chore: fix pre-commit hook for mypy by @weichslgartner in #723
- fix: encode quotation mark in URL by @jkowalleck in #724
New Contributors
- @weichslgartner made their first contribution in #723
Full Changelog: v8.2.0...v8.2.1
Contributors
jkowalleck and weichslgartner
Assets 6
v8.2.0
v8.2.0 (2024-10-22)
Feature
- feat: Add Python 3.13 support (#718)
What's Changed
Full Changelog: v8.1.0...v8.2.0
Contributors
gruebel
Assets 6
v8.1.0
v8.1.0 (2024-10-21)
Documentation
- docs: fix code examples regarding outputting (#709)
Feature
- feat: add support for Lifecycles in BOM metadata (#698)
What's Changed
- docs: fix code examples regarding outputting by @hakandilek in #709
- chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #716
- chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #714
- chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @dependabot in #715
- feat: add support for Lifecycles in BOM metadata by @Churro in #698
Full Changelog: v8.0.0...v8.1.0
Contributors
Churro, hakandilek, and dependabot
Assets 6
v8.0.0
v8.0.0 (2024-10-14)
Breaking
- feat!: v8.0.0 (#665)
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool, utilizecyclonedx.builder.this.this_tool()instead. - Moved
cyclonedx.model.Tooltocyclonedx.model.tool.Tool. - Property
cyclonedx.mode.bom.BomMetaData.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. - Constructor
cyclonedx.model.license.LicenseExpression()accepts optional argumentacknowledgementonly as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaDataalso accepts an instance ofcyclonedx.model.tool.ToolRepositoryfor argumenttools. - Constructor of
cyclonedx.model.bom.BomMetaDatano longer adds this very library as a tool.
Downstream users SHOULD add it manually, likemy-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository. - New function
cyclonedx.builder.this.this_component()-- representation of this very python library as aComponent. - New function
cyclonedx.builder.this.this_tool()-- representation of this very python library as aTool. - New function
cyclonedx.model.tool.Tool.from_component().
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2, was>=1.1.0,<2.
Docs & Migration Paths
see https://cyclonedx-python-library.readthedocs.io/en/v8.0.0/upgrading.html
What's Changed
- chore: ignore coverage of abstract methods by @jkowalleck in #699
- docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #703
- feat!: v8.0.0 by @jkugler & @jkowalleck in #665
Full Changelog: v7.6.2...v8.0.0
Contributors
jkugler and jkowalleck
Assets 6
v7.6.2
v7.6.2 (2024-10-07)
Chore
- chore: trusted publishing (#695)
fixes #681
Signed-off-by: Jan Kowalleck <[email protected]> (cc09c42)
Documentation
- docs: fix some doc strings
Signed-off-by: Jan Kowalleck <[email protected]> (4fa8fc1)
Fix
- fix: behavior of and typing for crypto setters with optional values (#694)
fixes #690
Signed-off-by: Jan Kowalleck <[email protected]> (d8b20bd)
What's Changed
- chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
- chore(deps-dev): update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #688
- chore(deps-dev): update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #693
- chore: trusted publishing by @jkowalleck in #695
- fix: behavior of and typing for crypto setters with optional values by @jkowalleck in #694
Full Changelog: v7.6.1...v7.6.2
Contributors
jkowalleck and dependabot
Assets 6
v8.0.0-rc.2
BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2
- rename
ToolsRepository->ToolRepository(#687)
Fixes
ToolRepositoryserialization will properly deduplicate migrated items
What's Changed
- rename
ToolsRepository->ToolRepositoryby @jkowalleck in #687 - fix: ToolRepository serialize migrated tools deduplicated by @jkowalleck in #686
Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2
Full change log of v8.0.0:
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool, utilizecyclonedx.builder.this.this_tool()instead. - Moved
cyclonedx.model.Tooltocyclonedx.model.tool.Tool. - Property
cyclonedx.mode.bom.BomMetaData.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. cyclonedx.model.license.LicenseExpression()accepts optional argumentacknowledgementonly as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaDataalso accepts an instance ofcyclonedx.model.tool.ToolRepository - Constructor of
cyclonedx.model.bom.BomMetaDatano longer adds this very library as a tool. Downstream users may do so by utilizingcyclonedx.builder.this.this_tool().
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository. - New function
cyclonedx.builder.this.this_component()-- representation of this very python library as aComponent. - New function
cyclonedx.builder.this.this_tool()-- representation of this very python library as aTool. - New function
cyclonedx.model.tool.Tool.from_component().
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2, was>=1.1.0,<2.
Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
Contributors
jkowalleck
Assets 6
v8.0.0-rc.1
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool, utilizecyclonedx.builder.this.this_tool()instead. - Moved
cyclonedx.model.Tooltocyclonedx.model.tool.Tool. - Property
cyclonedx.mode.bom.BomMetaData.toolsis of typecyclonedx.model.tool.ToolsRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.toolsis of typecyclonedx.model.tool.ToolsRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. cyclonedx.model.license.LicenseExpression()accepts optional argumentacknowledgementonly as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaDataalso accepts an instance ofcyclonedx.model.tool.ToolsRepository - Constructor of
cyclonedx.model.bom.BomMetaDatano longer adds this very library as a tool. Downstream users may do so by utilizingcyclonedx.builder.this.this_tool().
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolsRepository. - New function
cyclonedx.builder.this.this_component()-- representation of this very python library as aComponent. - New function
cyclonedx.builder.this.this_tool()-- representation of this very python library as aTool. - New function
cyclonedx.model.tool.Tool.from_component().
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2, was>=1.1.0,<2.
Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
What's Changed
- feat!: Add component and services for tools by @jkugler in #635
- feat: don't add self to
metafata.toolsby @jkowalleck in #674 - refactor!:
LicenseExpression()optional args are named args by @jkowalleck in #595 - feat!: this-builder by @jkowalleck in #649
- tests: test builder this by @jkowalleck in #675
- chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
- chore: trusted publishing by @jkowalleck in #682
- docs: migrate to v8.0.0 by @jkowalleck in #684
- chore(dev-deps): use
tomliby @jkowalleck in #685
New Contributors
Full Changelog: v7.6.1...v8.0.0-rc.1
Contributors
jkugler, jkowalleck, and dependabot
Assets 6
v8.0.0-alpha.1
v8.0.0-alpha.1 (2024-09-23)
Chore
- chore: trusted publishing
Signed-off-by: Jan Kowalleck <[email protected]> (ce23b0f)
Fix
- fix: assert copyright headers
Signed-off-by: Jan Kowalleck <[email protected]> (bef268b)
Unknown
- Merge branch 'main' into 8.0.0-dev
Signed-off-by: Jan Kowalleck <[email protected]> (39514b3)
- Merge branch 'main' into 8.0.0-dev (
c123aff)