- docs: improve example for programmatic call of CLI (#670)
Signed-off-by: Jan Kowalleck <[email protected]> (2ac3f21)
- fix: normalize package extras (#671)
ALL names of package extras are normalized, according to spec <https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization>
Signed-off-by: Jan Kowalleck <[email protected]> (4d550ad)
- feat: support poetry multi-constraint dependencies (#668)
Signed-off-by: Jan Kowalleck <[email protected]> (50d2a4b)
- tests: modernize testbeds (#667)
Signed-off-by: Jan Kowalleck <[email protected]> (2fd3faf)
- docs (#666)
Signed-off-by: Jan Kowalleck <[email protected]> (491e875)
-
feat!: v4.0.0 (#605)
See also the migration guide in the docs.
- BC: Removed support for python < 3.8
- BC: Removed deprecated shell script
cyclonedx-bom; usecyclonedx-pyinstead - BC: Removed conda support. However, conda's Python environments are fully supported. See below.
- BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
- BC: Complete redesign of the CommandLineInterface(CLI):
- Uses sub-commands for easy accessibility and divide in specific purposes and domains
- Easy understandable flags, switches and options -- in accordance with the domains
- Updated help pages, added usage examples
- Dozens of new features and fixes, such as:
- environment analyzer supports any Python (virtual) environment -- including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv
- Poetry analyzer support groups, filtering, and such
- Pipenv analyzer support categories, filtering, and such
- requirements analyzer is feature complete and fixed
- More details in the SBOM results (based on method)
- PackageURLs may have more qualifiers (enabled per default, disable via
--short-PURLs) - component properties according to official taxonomy
- SBOM results may be validated (enabled per default, disable via
--no-validate) - SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
- SBOM results may have root-component populated (if
pyprojectprovided) - SBOM results are more
diff-friendly and not just one long line of text - Fixed possible issues with input data encoding
- May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
- Strip authentication secrets from (private) download/index URLs
- Support CycloneDX 1.5 - which is the default now
- Upgraded documentation, examples, ...
- Complete rewrite from scratch
- Dependencies were bumped, dropped, added, ...
- QA and test suites were massively enhanced
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Thomas Graf <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Andreas Fehlner <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Paul Horton <[email protected]>
Co-authored-by: Thomas Graf <[email protected]>
Co-authored-by: semantic-release <semantic-release>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <[email protected]>
Co-authored-by: Andreas Fehlner <[email protected]> (6d24e65)
- chore(deps): Bump actions/setup-python from 4 to 5 (#620)
Bumps actions/setup-python from 4 to 5.
updated-dependencies:
- dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0181aeb)
- fix: toml-compatible fingers-crossed handling for failed input data decoding (#613)
Signed-off-by: Jan Kowalleck <[email protected]> (fb3d7bf)
- 3.11.7
Automatically generated by python-semantic-release (f680a9a)
- fix: added a fingers-crossed handling for failed input data decoding (#612)
Signed-off-by: Jan Kowalleck <[email protected]> (be55902)
- 3.11.6
Automatically generated by python-semantic-release (6002e0e)
- fix: Custom input encoding (#601)
The custom input specified via CLI's -i option did not properly detect the input encoding.
This was fixed.
Signed-off-by: Jan Kowalleck <[email protected]> (363934c)
- 3.11.5
Automatically generated by python-semantic-release (46cd517)
- fix: Input file encoding fallback
Signed-off-by: Jan Kowalleck <[email protected]> (0bc7296)
- 3.11.4
Automatically generated by python-semantic-release (70889be)
- chore: Update CONTRIBUTING.md
Signed-off-by: Jan Kowalleck <[email protected]> (4adab1c)
- chore(deps): Bump actions/checkout from 3 to 4 (#581)
Bumps actions/checkout from 3 to 4.
updated-dependencies:
- dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7a3f8d2)
- docs: publish coverage (#600)
Signed-off-by: Jan Kowalleck <[email protected]> (bd4f48e)
- docs: adjust syntax hilight for code blocks (#592)
Signed-off-by: Jan Kowalleck <[email protected]> (ccac31e)
- docs: mark
ShellSessionin README
Signed-off-by: Jan Kowalleck <[email protected]> (411cf3d)
- fix: input file encoding (#596)
Input files in lock-format are expected in a certain encoding, other input file encodings are detected.
fixes CycloneDX#448
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (a9dda4b)
- 3.11.3
Automatically generated by python-semantic-release (02ab8cb)
- Update usage.rst (#572)
Signed-off-by: Andreas Fehlner <[email protected]> (04e1ea8)
- fix: referenced branch
main, instead ofmaster(#562)
somebody renamed the master branch to main.
but forgot to transition the docs.
fixed this
Signed-off-by: Jan Kowalleck <[email protected]> (830d15c)
- 3.11.2
Automatically generated by python-semantic-release (614f6fa)
- chore: finish transition to main branch (#561)
somebody renamed the master branch to main.
but forgot to transition the CI triggers.
fixed this
Signed-off-by: Jan Kowalleck <[email protected]> (ea233cb)
- chore(deps): Bump relekang/python-semantic-release from 7.33.1 to 7.34.6 (#550)
Bumps relekang/python-semantic-release from 7.33.1 to 7.34.6.
updated-dependencies:
- dependency-name: relekang/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (82c901b)
- chore: rename file for lowest constraints/requirements (#517)
Signed-off-by: Jan Kowalleck <[email protected]> (b4f0403)
- chore: rename file for lowest constraints/requirements (#516)
Signed-off-by: Jan Kowalleck <[email protected]> (a262bdb)
- chore: rename file for lowest constraints/requirements (#515)
Signed-off-by: Jan Kowalleck <[email protected]> (a096cc7)
- chore: rename file for lowest constraints/requirements (#514)
Signed-off-by: Jan Kowalleck <[email protected]> (02d8437)
- chore: adjust lowest constraints/requirements (#513)
Signed-off-by: Jan Kowalleck <[email protected]> (c8e6d0d)
- ci: finish transition to main branch (#560)
somebody renamed the master branch to main.
but forgot to transition the CI triggers.
fixed this
followup of #558
Signed-off-by: Jan Kowalleck <[email protected]> (0ea56c7)
- ci: adjust release concurrecncy (#559)
Signed-off-by: Jan Kowalleck <[email protected]> (4b0ceac)
- ci: finish transition to main branch (#558)
somebody renamed the master branch to main.
but forgot to transition the CI triggers.
fixed this
Signed-off-by: Jan Kowalleck <[email protected]> (7556eb9)
- ci: add build concurrency (#557)
Signed-off-by: Jan Kowalleck <[email protected]> (fbcde26)
- ci: disable tests on windows with py>=3.8 (#556)
Signed-off-by: Jan Kowalleck <[email protected]> (c95e384)
- fix: fix typo in help page (#552)
it's -> its
fixes #551
Signed-off-by: Jan Kowalleck <[email protected]> (19bf41a)
- 3.11.1
Automatically generated by python-semantic-release (d90b45c)
- chore(deps): Bump relekang/python-semantic-release from 7.31.4 to 7.33.1 (#492)
Bumps relekang/python-semantic-release from 7.31.4 to 7.33.1.
updated-dependencies:
- dependency-name: relekang/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (04a25b1)
- chore: fix lowest requirements for tests (#499)
Signed-off-by: Jan Kowalleck <[email protected]> (4928515)
- chore(deps): Bump types-toml from 0.10.8 to 0.10.8.3 (#496)
Bumps types-toml from 0.10.8 to 0.10.8.3.
updated-dependencies:
- dependency-name: types-toml dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2cf3379)
- chore(deps): Bump pip-requirements-parser from 32.0.0 to 32.0.1 (#493)
Bumps pip-requirements-parser from 32.0.0 to 32.0.1.
updated-dependencies:
- dependency-name: pip-requirements-parser dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b5e8e93)
- chore: add Paul Horton & Jan Kowalleck as a maintainer
Signed-off-by: Jan Kowalleck <[email protected]> (b1a52fc)
- chore(deps): Bump Gr1N/setup-poetry from 7 to 8 (#480)
Bumps Gr1N/setup-poetry from 7 to 8.
updated-dependencies:
- dependency-name: Gr1N/setup-poetry dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bd97484)
- chore: editorconfig
Signed-off-by: Jan Kowalleck <[email protected]> (2122dba)
- chore(deps-dev): slack version pinning of
mypy(#478)
Signed-off-by: Jan Kowalleck <[email protected]> (8ab1b4b)
-
docs: fix typo in CLI help page (#490) (
a8a8445) -
docs: fix typos (#482)
-
Fix typo
Signed-off-by: Thomas Beutlich <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (edbe3d4)
- docs: fix shields (#473)
caused by badges/shields#8671
Signed-off-by: Jan Kowalleck <[email protected]> (e32b288)
- feat: deprecated CLI command
cyclonedx-bomprints deprecation warning on STDERR before execution (#489)
Signed-off-by: Jan Kowalleck <[email protected]> (2009236)
- 3.11.0
Automatically generated by python-semantic-release (fe5ea31)
- docs: improve CONTRIBUTION instructions - sign-off step (#470)
Signed-off-by: Roland Weber <[email protected]> (578c0a8)
- fix: PURL for PyPI packages from 'conda list' have the correct format now (#471)
Signed-off-by: Roland Weber <[email protected]> (1573064)
- 3.10.1
Automatically generated by python-semantic-release (7b44aea)
- feat: add support for poetry lock format v2.0 (#469)
Signed-off-by: tewfik-ghariani <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: tewfik-ghariani <[email protected]> (0b1e07f)
- 3.10.0
Automatically generated by python-semantic-release (2501bed)
- feat: parsers can outbut more debug messages (#466)
Signed-off-by: Jan Kowalleck <[email protected]> (9eedb4f)
- 3.9.0
Automatically generated by python-semantic-release (895f597)
- feat: error- and debug-output is send to STDERR, instead of STDOUT (#465)
Signed-off-by: Jan Kowalleck <[email protected]> (f543b69)
- 3.8.0
Automatically generated by python-semantic-release (24c4163)
- chore: dependabot fix config
Signed-off-by: Jan Kowalleck <[email protected]> (889a83e)
- chore: dependabot interval weekly (#454)
Signed-off-by: Jan Kowalleck <[email protected]> (876ed30)
- fix: ignore broken licenses in env parser (#463)
Signed-off-by: Jan Kowalleck <[email protected]> (3118acd)
- 3.7.4
Automatically generated by python-semantic-release (de188b8)
- chore: Bump flake8-bugbear from 22.8.23 to 22.9.23 (#422)
Bumps flake8-bugbear from 22.8.23 to 22.9.23.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b05c55a)
- ci: test dockerimage with more unique version identifier (#453)
Signed-off-by: Jan Kowalleck <[email protected]> (5a7fb9a)
- ci: migrate
set-outputto>> $GITHUB_OUTPUT(#452)
Signed-off-by: Jan Kowalleck <[email protected]> (bf133a3)
- ci: fix py36 (#451)
Signed-off-by: Jan Kowalleck <[email protected]> (b35e2bf)
- fix: adjust dependency
pip-requirements-parserto a working version (#450)
Signed-off-by: Jan Kowalleck <[email protected]> (6101986)
- 3.7.3
Automatically generated by python-semantic-release (d425005)
-
fix: add a missing space in the help pages
pathto->path to(#443) -
docs: fix typo
pathto->path to -
fix(help): added the missing space
pathto->path to
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (bc5fe57)
- 3.7.2
Automatically generated by python-semantic-release (7aff239)
-
chore(dep): bump and devide
coverage(#438) -
chore(deps): bump
coverage -
chore(deps): bump
coveragelocked
Signed-off-by: Jan Kowalleck <[email protected]> (db051d1)
- ci: enable py311 & bump
poetry(#437)
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]> (b7d5a4e)
- ci: fix python-version for static-code-analysis (#439)
Signed-off-by: Jan Kowalleck <[email protected]> (86daf68)
- fix(EnvironmentParser): reduced crashes if no Classifiers are found (#441)
fixes #440
Signed-off-by: Jan Kowalleck <[email protected]> (67f56e7)
- 3.7.1
Automatically generated by python-semantic-release (b2a97e0)
- feat: pass purl-bom-ref to EnvironmentParser (#432)
Signed-off-by: a1lu <[email protected]> (7cfefeb)
- 3.7.0
Automatically generated by python-semantic-release (8c9a65a)
- fix(EnvironmentParser): remove code break when classifier parsing in py>=3.8 (#431)
Signed-off-by: a1lu <[email protected]> (4ab075e)
- 3.6.4
Automatically generated by python-semantic-release (f718356)
- fix: CI release pipeline
Signed-off-by: Jan Kowalleck <[email protected]> (99ccdc6)
- 3.6.3
Automatically generated by python-semantic-release (ddea61e)
- chore: Bump packageurl-python from 0.9.9 to 0.10.3 (#416)
Bumps packageurl-python from 0.9.9 to 0.10.3.
updated-dependencies:
- dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2d6dade)
- fix: CI release pipeline
Signed-off-by: Jan Kowalleck <[email protected]> (6515071)
- 3.6.2
Automatically generated by python-semantic-release (0a8f8ff)
- fix: properly declare licenses from environment (#417)
use named licenses instead of license expressions.
Signed-off-by: Jan Kowalleck <[email protected]> (25f9e29)
- 3.6.1
Automatically generated by python-semantic-release (89c262a)
- chore: package manifest fix link to homepage and documentation (#401)
Signed-off-by: Jan Kowalleck <[email protected]> (aa5ba35)
- chore: fix poetry in tox (#411)
Signed-off-by: Jan Kowalleck <[email protected]> (b5ceec5)
- chore: Bump flake8-bugbear from 22.8.22 to 22.8.23 (#404)
Bumps flake8-bugbear from 22.8.22 to 22.8.23.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (37f18f8)
- chore: Bump flake8-bugbear from 22.7.1 to 22.8.22 (#403)
Bumps flake8-bugbear from 22.7.1 to 22.8.22.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1b6e7a0)
- chore: Bump flake8-isort from 4.1.1 to 4.2.0 (#400)
Bumps flake8-isort from 4.1.1 to 4.2.0.
updated-dependencies:
- dependency-name: flake8-isort dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b4275e7)
- chore: Bump types-toml from 0.10.7 to 0.10.8 (#387)
Bumps types-toml from 0.10.7 to 0.10.8.
updated-dependencies:
- dependency-name: types-toml dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4a68f5f)
- chore: Bump mypy from 0.961 to 0.971 (#390)
Bumps mypy from 0.961 to 0.971.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (f2a7ec4)
- chore: Bump tox from 3.25.0 to 3.25.1 (#384)
Bumps tox from 3.25.0 to 3.25.1.
updated-dependencies:
- dependency-name: tox dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cfd4a73)
- chore: Bump flake8-bugbear from 22.6.22 to 22.7.1 (#385)
Bumps flake8-bugbear from 22.6.22 to 22.7.1.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3ac5df9)
- docs: describe
cyclonedx-pyrather thancyclonedx-bom
fixes #414
Signed-off-by: Jan Kowalleck <[email protected]> (c04196e)
-
docs: Minor updates to poetry usage details & contributing.md (#407)
-
docs: fix minor typo in poetry usage docs
-
docs: update commit flag in contribution guidelines
Signed-off-by: Emily Schultz <[email protected]> (0abe230)
- feat: enable dependency
cyclonedx-python-lib@^3(#418)
Signed-off-by: Jan Kowalleck <[email protected]> (05cd51e)
- 3.6.0
Automatically generated by python-semantic-release (049a5b3)
- Merge pull request #415 from CycloneDX/docs_cyclonedx-py
docs: describe command line usages as cyclonedx-py rather than cyclonedx-bom #414 (348f689)
- chore: Bump flake8-bugbear from 22.4.25 to 22.6.22 (#376)
Bumps flake8-bugbear from 22.4.25 to 22.6.22.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7139bb0)
- feat: optionally force
bom_refto bepurlrather that the default random UUID format - thanks @RodneyRichardson
Merge pull request #361 from RodneyRichardson/use-explicit-bom-ref (9659d08)
- 3.5.0
Automatically generated by python-semantic-release (d5465ec)
- Update README.md with purl-bom-ref parameter.
Signed-off-by: Rodney Richardson <[email protected]> (b9b3a01)
- Add CLI option to use purl as bom-ref.
Signed-off-by: Rodney Richardson <[email protected]> (d609ec3)
- Remove unnecessary str() cast.
Signed-off-by: Rodney Richardson <[email protected]> (b1f9895)
-
Merge branch 'CycloneDX:master' into use-explicit-bom-ref (
23d10bf) -
Merge branch 'master' into use-explicit-bom-ref (
f89f706) -
chore: Bump cyclonedx-python-lib from 2.4.0 to 2.5.2 (#373)
Signed-off-by: Jan Kowalleck <[email protected]> (a9bbe5e)
- feat: Update purl to match specification when ingesting packages from Conda - thanks to @RodneyRichardson (
072c8f1)
- 3.4.0
Automatically generated by python-semantic-release (cf7c625)
- Merge branch 'master' into fix-conda-purl (
2999022)
- chore: Bump actions/setup-python from 3 to 4 (#369)
Bumps actions/setup-python from 3 to 4.
updated-dependencies:
- dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (eecf04a)
- chore: Bump mypy from 0.960 to 0.961 (#365)
Bumps mypy from 0.960 to 0.961.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3bab869)
-
chore: Bump mypy from 0.942 to 0.960 (#356)
-
chore: Bump mypy from 0.942 to 0.960
Bumps mypy from 0.942 to 0.960.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
- chore: try type fixes
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jan Kowalleck <[email protected]> (b62fc5e)
- feat: Add Conda MD5 hash to Component.hashes, if available - thanks @RodneyRichardson (
772c517)
-
test: extend
TestRequirementsParserto checkhashes(#368) -
Extend TestRequirementsParser.test_example_with_hashes() to check hashes
Signed-off-by: Rodney Richardson <[email protected]>
- Add additional test for hash.
Signed-off-by: Rodney Richardson <[email protected]> (e2be444)
- 3.3.0
Automatically generated by python-semantic-release (b028c2b)
-
Merge branch 'master' into fix-conda-purl (
cf4a5e4) -
Merge branch 'master' into add-conda-hash (
95c6893) -
Merge branch 'master' into use-explicit-bom-ref
Signed-off-by: Rodney Richardson <[email protected]> (d5d0160)
- Ignore missing typing for packageurl
Signed-off-by: Rodney Richardson <[email protected]> (5ac29c5)
- Explicitly cast package_format to str.
Signed-off-by: Rodney Richardson <[email protected]> (31d5daf)
- Cast md5_hash to str
Signed-off-by: Rodney Richardson <[email protected]> (51afacf)
- Fix sonatype-lift warning.
Signed-off-by: Rodney Richardson <[email protected]> (5e60fac)
- Add Conda MD5 hash to Component.hashes, if available
Signed-off-by: Rodney Richardson <[email protected]> (54c33b5)
- Update Conda purl to match specification
Add conda_package_to_purl() utility function Add package_format field to CondaPackage purl specification can be found here: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#conda
Signed-off-by: Rodney Richardson <[email protected]> (e392cbc)
- Merge branch 'CycloneDX:master' into use-explicit-bom-ref (
c99d993)
- chore: Bump cyclonedx-python-lib from 2.1.0 to 2.4.0 (#353)
Bumps cyclonedx-python-lib from 2.1.0 to 2.4.0.
updated-dependencies:
- dependency-name: cyclonedx-python-lib dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (350297e)
- chore: Bump flake8-bugbear from 22.3.23 to 22.4.25 (#351)
Bumps flake8-bugbear from 22.3.23 to 22.4.25.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ecfb175)
- chore: Bump tox from 3.24.5 to 3.25.0 (#345)
Bumps tox from 3.24.5 to 3.25.0.
updated-dependencies:
- dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (194d287)
- chore: Bump actions/download-artifact from 2 to 3 (#343)
Bumps actions/download-artifact from 2 to 3.
updated-dependencies:
- dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (259351e)
- chore: Bump actions/upload-artifact from 2 to 3 (#342)
Bumps actions/upload-artifact from 2 to 3.
updated-dependencies:
- dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4b74fa0)
- ci: pin GH-action
semantic-releaseto v7.28.1 (#359)
Signed-off-by: Jan Kowalleck <[email protected]> (ec417c7)
- ci: introduce
timeout-minutesand dropdependabotbranches for CI #344
Signed-off-by: Paul Horton <[email protected]> (3591849)
- ci: introduce
timeout-minutesand dropdependabotbranches for CI
Signed-off-by: Paul Horton <[email protected]> (72c4967)
-
fix: add actively used (transitive) dependencies (#363)
-
ci: add test with lowest dependencies
-
fix: have some typings corrected
-
fix: add actively used (transitive) dependencies
Signed-off-by: Jan Kowalleck <[email protected]> (1f45ad9)
- 3.2.2
Automatically generated by python-semantic-release (f3f40c8)
- Use purl.to_string() as default bom_ref for Components.
Signed-off-by: Rodney Richardson <[email protected]> (0c8dd60)
- Merge pull request #348 from sleightsec/include-pipenv-hashes-without-index-attribute
fix: remove check for index==pypi which causes hashes to be excluded from the resultant BOM when using PipEnv Parser (ae537fb)
- correct test for dependencies with hashes and no index attribute in pipenv
Signed-off-by: sleightsec <[email protected]> (b9ab033)
- #347 - remove index=pypi attribute requirement for pipenv hash inclusion
Signed-off-by: sleightsec <[email protected]> (65bf318)
- 3.2.1
Automatically generated by python-semantic-release (092bdf2)
- Merge pull request #338 from CycloneDX/bugfix/json-format-default-file
fix: cli default file name for json format (929e26d)
- chore: Bump cyclonedx-python-lib from 2.0.0 to 2.1.0 (#340)
Bumps cyclonedx-python-lib from 2.0.0 to 2.1.0.
updated-dependencies:
- dependency-name: cyclonedx-python-lib dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (171aafe)
- chore: Bump mypy from 0.941 to 0.942 (#339)
Bumps mypy from 0.941 to 0.942.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7cb551c)
- chore: Bump flake8-bugbear from 22.3.20 to 22.3.23 (#336)
Bumps flake8-bugbear from 22.3.20 to 22.3.23.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (11fcb60)
- chore: dependabot prefixes with
choreand scope (#324)
Signed-off-by: Jan Kowalleck <[email protected]> (1985b56)
- fix: cli default file for json format
fixes #337
Signed-off-by: Jan Kowalleck <[email protected]> (8747620)
-
test: fix malformed or wrong test setups (#333)
-
test: corrected malformed/broken tests
Signed-off-by: Jan Kowalleck <[email protected]>
- test: fix tests and fixtures
Signed-off-by: Mostafa Moradian <[email protected]>
- test: corrected malformed/broken tests
Signed-off-by: Jan Kowalleck <[email protected]>
- fix: fix style and remove unnecessary package
Signed-off-by: Mostafa Moradian <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Mostafa Moradian <[email protected]> (0ff6493)
- 3.2.0
Automatically generated by python-semantic-release (eb054b0)
- Merge pull request #326 from CycloneDX/callable-module
feat: make package/module callable (193f1a4)
- shield icons in README (
b647219)
- chore: Bump flake8-bugbear from 22.1.11 to 22.3.20 (#335)
Bumps flake8-bugbear from 22.1.11 to 22.3.20.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5e344e2)
- chore: Bump mypy from 0.940 to 0.941 (#330)
Bumps mypy from 0.940 to 0.941.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c02d770)
- chore: Bump mypy from 0.931 to 0.940 (#329)
Bumps mypy from 0.931 to 0.940.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (133ef9f)
- docs: describe methods to call the tool
Signed-off-by: Jan Kowalleck <[email protected]> (2bac83a)
- docs: add link to https://cyclonedx.org/ to README
Signed-off-by: Jan Kowalleck <[email protected]> (fc4b8e4)
- docs: add hint for RTFD to README
Signed-off-by: Jan Kowalleck <[email protected]> (cf4f534)
- docs: add RTFD shield to README
Signed-off-by: Jan Kowalleck <[email protected]> (7fef6ee)
- docs: fixed link to RTFD
Signed-off-by: Jan Kowalleck <[email protected]> (3a8669a)
- feat: make module callable
fixes #321
Signed-off-by: Jan Kowalleck <[email protected]> (5b3d8d7)
- fix(conda-parser): version recognition for strings (#332)
conda packacge string parser no longer raises unexpected errors, if the build-number is non-numeric. fixes #331
Signed-off-by: Jan Kowalleck <[email protected]> (65246dd)
- 3.1.1
Automatically generated by python-semantic-release (f5d7943)
- Merge pull request #328 from CycloneDX/docs-hint-to-rtd
docs: add and fix hint to rtfd (3b3477b)
- chore: added documentation to CONTRIBUTING guidelines
Signed-off-by: Paul Horton <[email protected]> (8d7d6b6)
- chore: Bump actions/setup-python from 2 to 3 (#322)
Bumps actions/setup-python from 2 to 3.
updated-dependencies:
- dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (69de237)
- chore: Bump actions/checkout from 2.4.0 to 3 (#323)
Bumps actions/checkout from 2.4.0 to 3.
updated-dependencies:
- dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cae737f)
- chore: make isort and flake8-isort available
Signed-off-by: Jan Kowalleck <[email protected]> (c6b561e)
- chore: manually fixed CHANGELOG after accidental 2.1.0
2.1.0 should have been 3.0.0 (33c4437)
- docs: update RequirementsFileParser docs to include nested file support
Signed-off-by: Mostafa Moradian <[email protected]> (9e9021d)
- feat: Add pip-requirements-parser and update virtualenv to latest version
Signed-off-by: Mostafa Moradian <[email protected]> (73b2182)
- fix: sort imports
Signed-off-by: Mostafa Moradian <[email protected]> (fdec44b)
- fix: Try to fix the temp file issue on Windows machines
Signed-off-by: Mostafa Moradian <[email protected]> (684d4f0)
- refactor: Apply suggestions by @jkowalleck
Signed-off-by: Mostafa Moradian <[email protected]> (90b336f)
- refactor: ignore mypy type errors and add proper annotation to _TemporaryFileWrapper
Signed-off-by: Mostafa Moradian <[email protected]> (82cb655)
- refactor: remove unnecessary import (flake8 error)
Signed-off-by: Mostafa Moradian <[email protected]> (ef8148f)
- refactor: Replace requirements file parser
feat: Add support for hashes, local packages and private repositories
Signed-off-by: Mostafa Moradian <[email protected]> (addc21a)
- style: sort imports
Signed-off-by: Mostafa Moradian <[email protected]> (75d325d)
- style: sorted all imports
Signed-off-by: Jan Kowalleck <[email protected]> (804420a)
- test: add remote URL as requirements line
Signed-off-by: Mostafa Moradian <[email protected]> (4be30e2)
- test: add test for nested requirements file parsing
Signed-off-by: Mostafa Moradian <[email protected]> (d0856e9)
- test: Add test for Git URLs
Signed-off-by: Mostafa Moradian <[email protected]> (25333c4)
- 3.1.0
Automatically generated by python-semantic-release (92b21f7)
- Merge pull request #327 from mostafa/feat/parse-requirements-txt-with-locally-referenced-packages
feat: Change requirements parser (f973c91)
- Merge pull request #320 from CycloneDX/sort-imports
style: sort imports (a527e0d)
- feat: bump to latest
cyclonedx-python-lib
BREAKING CHANGE: Default Schema Version has been replaced by notion of LATEST supported Schema Version
Signed-off-by: Paul Horton <[email protected]> (5902fbf)
- feat: added marker and classifiers to denote this as typed (#313)
Signed-off-by: Paul Horton <[email protected]> (f317353)
- feat: update to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (6c8b517)
- feat: update to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (bc8ee6b)
- 3.0.0
Automatically generated by python-semantic-release (f7ca95c)
- Merge pull request #316 from CycloneDX/feat/update-lib-2.0.x
feat: bump to latest cyclonedx-python-lib
feat: Added marker and classifiers to denote this as typed (#313)
BREAKING CHANGE: bump to latest cyclonedx-python-lib (4700399)
- 2.1.0
Automatically generated by python-semantic-release (cc848f7)
- Merge pull request #311 from CycloneDX/feat/update-lib-2.0.x
BREAKING CHANGE: update to latest RC of cyclonedx-python-lib (3cb14e0)
- bumped to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (e193521)
- updated tests to be more Pythonic
Signed-off-by: Paul Horton <[email protected]> (891cf3e)
- bumped to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (54db3cd)
- bump
cyclonedx-python-librc
Signed-off-by: Paul Horton <[email protected]> (a4795ed)
- BREAKING CHANGE: update so default schema version is 1.4
Signed-off-by: Paul Horton <[email protected]> (689e7e9)
- fix: docker image releae checkout ref w/o
tags(#309)
fixes #308
Signed-off-by: Jan Kowalleck <[email protected]> (5d8b1e1)
- 2.0.3
Automatically generated by python-semantic-release (8379712)
-
fix: properly support reading from stdin (#307)
-
Adjust cli when reading from stdin.
Bind reading from stdin on specifying -i -. This is part of
argparse.FileType.
Local tests under the following conditions:
- implicit reading
poetry.lockusing args-p -o - - explicit reading
poetry.lockusing args-p -i poetry.lock -o - - explicit reading
poetry.lockfile after renaming usingcat p.lock | python -m cyclonedx_py.client -p -i - -o -
Signed-off-by: Theodor van Nahl <[email protected]> (23f31a0)
- 2.0.2
Automatically generated by python-semantic-release (916951a)
- Update CONTRIBUTING.md
link to pep8 (4f87341)
- chore: add CI artifacts and improve build consistency (#290)
fixes #292 prep for #289
Signed-off-by: Jan Kowalleck <[email protected]> (185b300)
- chore: Bump flake8-bugbear from 21.11.29 to 22.1.11 (#301)
Bumps flake8-bugbear from 21.11.29 to 22.1.11.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1b6e042)
- chore: Bump mypy from 0.930 to 0.931 (#297)
Bumps mypy from 0.930 to 0.931.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (19b285c)
- chore: corrected next version
Signed-off-by: Paul Horton <[email protected]> (ea8a963)
- fix: bump dependencies to get latest
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (87c3fe7)
- 2.0.1
Automatically generated by python-semantic-release (a4a4c42)
- build(deps-dev): Bump coverage from 6.1.2 to 6.2
Bumps coverage from 6.1.2 to 6.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]> (82f0dba)
- build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29
Bumps flake8-bugbear from 21.9.2 to 21.11.29.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]> (a3d0b87)
- chore: add pre-release manual GH workflow
Signed-off-by: Paul Horton <[email protected]> (8343c0d)
- chore: Bump cyclonedx-python-lib from 0.12.2 to 0.12.3 (#285)
Bumps cyclonedx-python-lib from 0.12.2 to 0.12.3.
updated-dependencies:
- dependency-name: cyclonedx-python-lib dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2ef2b3e)
- chore: Bump mypy from 0.920 to 0.930 (#288)
Bumps mypy from 0.920 to 0.930.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a58ed74)
- chore: update
flake8to v4 and addautopep8(#283)
closes #275
update locked dependencies: • Updating pycodestyle (2.7.0 -> 2.8.0) • Updating pyflakes (2.3.1 -> 2.4.0) • Updating flake8 (3.9.2 -> 4.0.1) • Installing autopep8 (1.6.0) • Updating flake8-annotations (2.0.1 -> 2.7.0)
Signed-off-by: Jan Kowalleck <[email protected]> (87aa348)
- chore: Bump mypy from 0.910 to 0.920 (#286)
Bumps mypy from 0.910 to 0.920.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a2dc03f)
- chore: build(deps): Bump cyclonedx-python-lib from 0.11.1 to 0.12.2 (#282)
Bumps cyclonedx-python-lib from 0.11.1 to 0.12.2.
updated-dependencies:
- dependency-name: cyclonedx-python-lib dependency-type: direct:production update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6b51a66)
- chore: remove dev-container (#265)
closes #262
Signed-off-by: Jan Kowalleck <[email protected]> (16349cb)
-
docs: readme maintenance - shields & links (#266)
-
README: added typehint to the vode blocks
Signed-off-by: Jan Kowalleck <[email protected]>
- README: fixed fenced-code and lists
Signed-off-by: Jan Kowalleck <[email protected]>
- README: shields got modernixed and linked
Signed-off-by: Jan Kowalleck <[email protected]>
- README: harmonized links
Signed-off-by: Jan Kowalleck <[email protected]> (a34046f)
-
feat: add support for CycloneDX 1.4 specification (#294)
-
feat: add support for output to CycloneDX 1.4 (draft) feat: Error with return code 2 if attempting to output in JSON and SchemaVersion < 1.2 test: Multiple tests added
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- fix: addressed flake8 issues fix: added missing bump to dependencies
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- fix: corrected import
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- ci: removed poetry cache as broken?
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- bump to latest RC for cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
-
doc: migration to RTD (#296)
-
doc: migration to RTD.
Signed-off-by: Paul Horton <[email protected]>
- doc: removed references to schema version 1.4
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- doc: updates to include schema version
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- doc: cleanup
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
-
feat: BREAKING CHANGE - relocated concrete parsers (#299) BREAKING CHANGE Concrete Parsers now reside in this project, not
cyclonedx-python-lib -
re-located tests for Utils
Signed-off-by: Paul Horton <[email protected]>
- feat: BREAKING CHANGE - relocated concrete parsers from
cyclonedx-python-libdoc: updated to reflect breaking changes dod: added changelog
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- feat: BREAKING CHANGE - relocated concrete parsers from
cyclonedx-python-libdoc: updated to reflect breaking changes dod: added changelog
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- chore: removed schema validation from unit tests as this is performed in upstream library
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- chore: removed schema validation from unit tests as this is performed in upstream library
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- chore: add pre-release manual GH workflow
Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Paul Horton <[email protected]>
- chore: bump to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]>
- added
purlintoComponents output by parsers
Signed-off-by: Paul Horton <[email protected]>
- Ignore type for packageurl imports
Signed-off-by: Paul Horton <[email protected]>
- doc: corrected project title
Signed-off-by: Paul Horton <[email protected]>
- chore: bump to released version of
cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (7bb6d32)
- test: CI/CT for the docker image
CI for the docker image (6c4a6de)
- 1.6.0
Automatically generated by python-semantic-release (958af1a)
-
doc: migration to RTD (#296)
-
doc: migration to RTD.
Signed-off-by: Paul Horton <[email protected]>
- doc: removed references to schema version 1.4
Signed-off-by: Paul Horton <[email protected]> (1744f4d)
-
Update CONTRIBUTING.md (
1175c84) -
Merge pull request #279 from CycloneDX/contributing-file
initial CONTRIBUTING file (73fcd78)
- initial CONTRIBUTING file
Signed-off-by: Jan Kowalleck <[email protected]> (104d223)
- gh-action: docker test build
Signed-off-by: Jan Kowalleck <[email protected]> (3b92b00)
- rename python ci workflow
Signed-off-by: Jan Kowalleck <[email protected]> (b1f57fb)
- CHORE: gh-action release use org's secrets
as part of #271 (71d1c47)
- gh-action release use org's secrets
as of #271
Signed-off-by: Jan Kowalleck <[email protected]> (80a6e68)
- CHORE: build(deps-dev): Bump coverage from 6.1.2 to 6.2
build(deps-dev): Bump coverage from 6.1.2 to 6.2 (36dd7bd)
- CHORE: build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29
build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 (c7a5fd0)
- DOCS: fix README shield labels (
7291d06)
- fix: revert to previous process for building Docker image as PyPi index update is too slow to pull straight away after publish
Signed-off-by: Paul Horton <[email protected]> (67bb738)
- 1.5.3
Automatically generated by python-semantic-release (ce33cf0)
- Merge branch 'master' of github.com:CycloneDX/cyclonedx-python (
186bdda)
- fix: corrected docker image build process to not rely on
distfolder which is cleaned up by python-semantic-release
Signed-off-by: Paul Horton <[email protected]> (6c65c11)
- 1.5.2
Automatically generated by python-semantic-release (7586867)
-
fix: Re-enable build and publish of Docker Image (#263)
-
fix: update
Dockerfileto use Python 3.10
Signed-off-by: Paul Horton <[email protected]>
- ci: renable publishing of Docker Images
Signed-off-by: Paul Horton <[email protected]> (478360d)
- 1.5.1
Automatically generated by python-semantic-release (dd31888)
-
feat: support for Python 3.10 (#261)
-
enabled py3.10 tests in CI
Signed-off-by: Jan Kowalleck <[email protected]>
- add py-version classifiers
Signed-off-by: Jan Kowalleck <[email protected]> (f4f9ffe)
- 1.5.0
Automatically generated by python-semantic-release (31fdd93)
- ci: run release action on push to master
Signed-off-by: Paul Horton <[email protected]> (24477a0)
- fix: add static code analysis, better typing and bump cyclonedx-python-lib to 0.11
Signed-off-by: Paul Horton <[email protected]> (d5d9f56)
- 1.4.3
Automatically generated by python-semantic-release (8050477)
-
FIX: add static code analysis, better typing and bump to
cyclonedx-python-lib>=0.11.0 -
fixed some tox issues
Signed-off-by: Jan Kowalleck <[email protected]>
- add more QA
bumped cyclonedx-python-lib to the version that opened type-checks
added QA tools: mypy, flake8-annotations, flake8-bugbear
Signed-off-by: Jan Kowalleck <[email protected]>
- gitignore alternative paths of
venv
Signed-off-by: Jan Kowalleck <[email protected]>
- gh-action CI no longer failes fast
this allowes to run all tests, regardless of failes in parallel tests of the matrix
Signed-off-by: Jan Kowalleck <[email protected]>
- add missing return types
Signed-off-by: Jan Kowalleck <[email protected]>
- make mypy pass
Signed-off-by: Jan Kowalleck <[email protected]>
- tests dont run subprocesses in the shell
Signed-off-by: Jan Kowalleck <[email protected]>
- unittest run in verbose mode
Signed-off-by: Jan Kowalleck <[email protected]>
- fix windows tox run
Signed-off-by: Jan Kowalleck <[email protected]>
- make tests a module
Signed-off-by: Jan Kowalleck <[email protected]> (3080b57)
- build(deps-dev): Bump coverage from 6.1.1 to 6.1.2
Bumps coverage from 6.1.1 to 6.1.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]> (3ce6467)
- build(deps-dev): Bump coverage from 5.5 to 6.1.1
Bumps coverage from 5.5 to 6.1.1.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <[email protected]> (bd63845)
- fix: if no input file is supplied and no input is provided on STDIN, we will now try to automatically locate (in the current working directory) a manifest with default name for the input type specified. This works for PIP (Pipfile.lock), Poetry (poetry.lock) and Requirements (requirements.txt)
Signed-off-by: Paul Horton <[email protected]> (93f9e59)
- 1.4.2
Automatically generated by python-semantic-release (e39ebd3)
- Merge pull request #257 from CycloneDX/fix/256-no-default-file-when-no-input-on-stdin
FIX: Fallback to default manifest names in current directory when no -i supplied and nothing piped in via STDIN (c0f0766)
- doc: updated documentation
Signed-off-by: Paul Horton <[email protected]> (47612e6)
- typo corrected
Signed-off-by: Paul Horton <[email protected]> (4949a0d)
- Merge pull request #255 from CycloneDX/dependabot/pip/coverage-6.1.2
build(deps-dev): Bump coverage from 6.1.1 to 6.1.2 (6924dac)
- Merge pull request #252 from jkowalleck/patch-1
Create CODEOWNERS (b64c707)
-
run github "CI" on commits to master (
00532dd) -
Merge pull request #251 from CycloneDX/dependabot/pip/coverage-6.1.1
build(deps-dev): Bump coverage from 5.5 to 6.1.1 (525ee0e)
- Create CODEOWNERS
Signed-off-by: Jan Kowalleck <[email protected]> (a29525a)
- chore: manual addition of breaking changes in 1.4.0 into CHANGELOG
Signed-off-by: Paul Horton <[email protected]> (84fceb2)
- fix: corrected documentation after deprecation of
-rf,-pf,--poetry-file,--requirements-fileand--pip-filedoc: updated documentation to clarify there is a single input parameter:-i
Signed-off-by: Paul Horton <[email protected]> (4c4c8d8)
- 1.4.1
Automatically generated by python-semantic-release (8f525f2)
- feat: add conda support (bump cyclonedx-python-lib to ^0.10.0)
Signed-off-by: Paul Horton <[email protected]> (cb24275)
- fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.2)
Signed-off-by: Paul Horton <[email protected]> (da6772b)
- fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.1)
Signed-off-by: Paul Horton <[email protected]> (fe5df36)
- 1.4.0
Automatically generated by python-semantic-release (564076b)
- Merge pull request #247 from CycloneDX/feat/conda-support
FEATURE: Add Conda Support (c3709af)
- fixed some tests
Signed-off-by: Paul Horton <[email protected]> (002b31d)
- fix: bump to cyclonedx-python-lib to resolve issue #244
Signed-off-by: Paul Horton <[email protected]> (ebea3ef)
- 1.3.1
Automatically generated by python-semantic-release (a030392)
- Merge pull request #246 from CycloneDX/feat/add-basic-license-support
fix: bump to cyclonedx-python-lib to resolve issue #244 (d831254)
- feat: add license information in CycloneDX BOM when using Environment as the source
Signed-off-by: Paul Horton <[email protected]> (5d1f9a7)
- 1.3.0
Automatically generated by python-semantic-release (8d01377)
- Merge pull request #245 from CycloneDX/feat/add-basic-license-support
Add license information in CycloneDX BOM when using Environment as the source (26f2500)
- feat: update to latest stable cyclonedx-python-lib
- Enables PipEnv support natively
- Vast improvements to quality and information contained in the genereated CycloneDX BOM documents - see
cyclonedx-python-libfor details - Various old files removes
Signed-off-by: Paul Horton <[email protected]> (6145bd5)
- 1.2.0
Automatically generated by python-semantic-release (1e46b3d)
- Merge pull request #243 from CycloneDX/feat/bump-cyclonedx-lib-0.8.x
Update to latest stable cyclonedx-python-lib (68f7daa)
- feat: add support for generating SBOM from poetry.lock files
Signed-off-by: Paul Horton <[email protected]> (bb4ac0f)
- 1.1.0
Automatically generated by python-semantic-release (ca992f2)
- fix: handle
requirements.txtwhich contain dependencies without a version statement and warn that they cannot be included in the resulting CycloneDX BOM
Signed-off-by: Paul Horton <[email protected]> (e637e56)
- 1.0.5
Automatically generated by python-semantic-release (5523909)
- Merge pull request #236 from CycloneDX/enhancement/issue-235-requirements-unpinned-versions
fix: handle requirements.txt which contain dependencies without a v… (f57ab1a)
- fix: error message when
requirements.txtfile is non-existent updated
Signed-off-by: Paul Horton <[email protected]> (3bbc071)
- 1.0.4
Automatically generated by python-semantic-release (c8b00bc)
- Merge pull request #234 from CycloneDX/enhancement/issue-232-error-message
fix: error message when requirements.txt file is non-existent updated (2e6acee)
- build: added flake8 as dev dependency
Signed-off-by: Paul Horton <[email protected]> (a8fed84)
- build: updated all dependencies
Signed-off-by: Paul Horton <[email protected]> (616b949)
- ci: define missing env variable in CI workflow
Signed-off-by: Paul Horton <[email protected]> (49db8c2)
- ci: updated GitHub workflows to align with those used in cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (0b11f5a)
- fix: default to "requirements.txt" in current directory when "-r" flag is supplied but not "-rf" flag is supplied
Signed-off-by: Paul Horton <[email protected]> (bb7e30a)
- test: align Tox configuration with cyclonedx-python-lib
Signed-off-by: Paul Horton <[email protected]> (1e5c6b6)
- 1.0.3
Automatically generated by python-semantic-release (f3522b9)
- Merge pull request #233 from CycloneDX/fix/issue-230-hang-with-no-rf-flag
Fix for hang when no -rf flag supplied with -r flag (651b35f)
- Merge pull request #229 from madpah/fix/bump-dependencies
build: updated all dependencies (5587777)
- fix: Release GH action (
148421b)
- 1.0.2
Automatically generated by python-semantic-release (5d077a2)
- fix(ci): corrected main to master branch.
Signed-off-by: Paul Horton <[email protected]> (7162cd9)
- 1.0.1
Automatically generated by python-semantic-release (9af491d)
-
Merged in master. (
95b89a7) -
fix(ci) - bumped release workflow to run on Python 3.9 which is supported.
Signed-off-by: Paul Horton <[email protected]> (fd7cd8c)
- Merge pull request #221 from madpah/feature/migrate-to-cyclonedx-python-lib
Migration to new cyclonedx-python-lib for SBOM generation (3b1a13c)
- Corrected Development Status classifier.
Signed-off-by: Paul Horton <[email protected]> (0263610)
- Removed Python 3.5, added 3.8, 3.9 support in GitLab CI.
Signed-off-by: Paul Horton <[email protected]> (9ecb7b8)
- Addressed issues reported by flake8..
Signed-off-by: Paul Horton <[email protected]> (177a99f)
- Updated documentation.
Signed-off-by: Paul Horton <[email protected]> (ef76b4d)
- Started rewrite of tests.
Signed-off-by: Paul Horton <[email protected]> (914463b)
- Fixed a few things:
- Was defaulting to Environment incorrectly
- Output to STDOUT also output to a file named '-'
- Now support data from STDIN
Signed-off-by: Paul Horton <[email protected]> (4a47efb)
- Moved from local cyclonedx-python-lib dependency to published version on PyPi.
Signed-off-by: Paul Horton <[email protected]> (3ac87a6)
- Re-work to consume new cyclonedx python library which will do all the heavy lifting.
Signed-off-by: Paul Horton <[email protected]> (25f89fd)
-
Merge pull request #190 from CycloneDX/dependabot/github_actions/actions/setup-python-2.2.2 (
f5a0946) -
Merge pull request #191 from CycloneDX/dependabot/github_actions/actions/upload-release-asset-1.0.2 (
caac584) -
Merge pull request #192 from CycloneDX/dependabot/github_actions/actions/create-release-1.1.4
Bump actions/create-release from 1 to 1.1.4 (33e47b0)
- Merge pull request #202 from CycloneDX/dependabot/docker/python-3.9.6-slim-buster
Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster (c859cb7)
- Merge pull request #206 from mgrajesh1/issue_205_pypi_connect_using_proxy
Issue# 205. Use HTTPS_PROXY if env is set (f5108c4)
-
Updating copyright statements (
18e206e) -
Issue# 205. Use HTTPS_PROXY if env is set
Signed-off-by: akshadpai <[email protected]> (4fb8714)
- Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster
Bumps python from 3.9.5-slim-buster to 3.9.6-slim-buster.
updated-dependencies:
- dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <[email protected]> (ecd0fba)
-
Added notice and updated file headers (
0f4ff74) -
Bump actions/create-release from 1 to 1.1.4
Bumps actions/create-release from 1 to 1.1.4.
Signed-off-by: dependabot[bot] <[email protected]> (6371988)
- Bump actions/upload-release-asset from 1 to 1.0.2
Bumps actions/upload-release-asset from 1 to 1.0.2.
Signed-off-by: dependabot[bot] <[email protected]> (50cfad3)
- Bump actions/setup-python from 2.2.1 to 2.2.2
Bumps actions/setup-python from 2.2.1 to 2.2.2.
Signed-off-by: dependabot[bot] <[email protected]> (dbca5da)
- Merge pull request #186 from CycloneDX/dependabot/docker/python-3.9.5-slim-buster
Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster (3cd645a)
- Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster
Bumps python from 3.9.2-slim-buster to 3.9.5-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (657b1ff)
- Merge pull request #173 from CycloneDX/dependabot/pip/packageurl-python-0.9.4
Bump packageurl-python from 0.9.3 to 0.9.4 (1615d91)
- Merge pull request #165 from CycloneDX/dependabot/docker/python-3.9.2-slim-buster
Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster (4a33cf1)
- Bump packageurl-python from 0.9.3 to 0.9.4
Bumps packageurl-python from 0.9.3 to 0.9.4.
Signed-off-by: dependabot[bot] <[email protected]> (7f153fa)
- Merge pull request #161 from CycloneDX/dependabot/pip/packaging-20.9
Bump packaging from 20.7 to 20.9 (57a0b16)
- Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster
Bumps python from 3.9.1-slim-buster to 3.9.2-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (fba5248)
- Bump packaging from 20.7 to 20.9
Bumps packaging from 20.7 to 20.9.
Signed-off-by: dependabot[bot] <[email protected]> (240847f)
- Merge pull request #149 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.1
Bump actions/setup-python from v2.2.0 to v2.2.1 (5eb87ee)
- Bump actions/setup-python from v2.2.0 to v2.2.1
Bumps actions/setup-python from v2.2.0 to v2.2.1.
Signed-off-by: dependabot[bot] <[email protected]> (3c9eaae)
- Merge pull request #147 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.0
Bump actions/setup-python from v2.1.4 to v2.2.0 (a31103e)
- Bump actions/setup-python from v2.1.4 to v2.2.0
Bumps actions/setup-python from v2.1.4 to v2.2.0.
Signed-off-by: dependabot[bot] <[email protected]> (89dacb0)
- Merge pull request #142 from CycloneDX/dependabot/docker/python-3.9.1-slim-buster
Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster (2f1f5ba)
- Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster
Bumps python from 3.9.0-slim-buster to 3.9.1-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (37eaf19)
-
Bug fix release - invalid XML character handling (
0d5c01e) -
Merge pull request #140 from CycloneDX/invalid-xml-characters
Fix for invalid xml characters (8de9c16)
-
Re-order test data (
c8fa641) -
Add handling for invalid xml characters (
228af8d) -
Add test for invalid xml unicode characters (
56bbb40) -
Merge pull request #138 from CycloneDX/dependabot/pip/packaging-20.7
Bump packaging from 20.4 to 20.7 (ca4cf86)
- Bump packaging from 20.4 to 20.7
Bumps packaging from 20.4 to 20.7.
Signed-off-by: dependabot[bot] <[email protected]> (0ce786c)
- Merge pull request #137 from CycloneDX/dependabot/pip/requests-2.25.0
Bump requests from 2.24.0 to 2.25.0 (e943788)
- Bump requests from 2.24.0 to 2.25.0
Bumps requests from 2.24.0 to 2.25.0.
Signed-off-by: dependabot[bot] <[email protected]> (5b22ddf)
- Merge pull request #134 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.4
Bump actions/checkout from v2.3.3 to v2.3.4 (85bb4fc)
- Bump actions/checkout from v2.3.3 to v2.3.4
Bumps actions/checkout from v2.3.3 to v2.3.4.
Signed-off-by: dependabot[bot] <[email protected]> (22b9305)
- Merge pull request #132 from CycloneDX/dependabot/pip/setuptools-50.3.2
Bump setuptools from 50.3.1 to 50.3.2 (d01d920)
- Bump setuptools from 50.3.1 to 50.3.2
Bumps setuptools from 50.3.1 to 50.3.2.
Signed-off-by: dependabot[bot] <[email protected]> (e2df914)
- Merge pull request #133 from CycloneDX/dependabot/pip/pytest-6.1.2
Bump pytest from 6.1.1 to 6.1.2 (140a00a)
- Bump pytest from 6.1.1 to 6.1.2
Bumps pytest from 6.1.1 to 6.1.2.
Signed-off-by: dependabot[bot] <[email protected]> (bf5267d)
- Merge pull request #127 from CycloneDX/dependabot/pip/setuptools-50.3.1
Bump setuptools from 50.3.0 to 50.3.1 (bb69861)
- Merge pull request #128 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.4
Bump actions/setup-python from v2.1.3 to v2.1.4 (de9da36)
- Bump actions/setup-python from v2.1.3 to v2.1.4
Bumps actions/setup-python from v2.1.3 to v2.1.4.
Signed-off-by: dependabot[bot] <[email protected]> (765d9d1)
- Bump setuptools from 50.3.0 to 50.3.1
Bumps setuptools from 50.3.0 to 50.3.1.
Signed-off-by: dependabot[bot] <[email protected]> (162d7ea)
- Merge pull request #126 from CycloneDX/devcontainer
Add devcontainer configuration (859e9a4)
-
Add devcontainer configuration (
b9c34a6) -
Merge pull request #118 from c0d3nh4ck/master
Added support for metadata timestamp (d954df8)
- check for metadata to be empty (
180f207)
-
Maintenance release (
308f98e) -
Merge pull request #121 from CycloneDX/dependabot/docker/python-3.9.0-slim-buster
Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster (7703a52)
- Merge pull request #120 from CycloneDX/dependabot/pip/packageurl-python-0.9.3
Bump packageurl-python from 0.9.2 to 0.9.3 (257fa2b)
- Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster
Bumps python from 3.8.6-slim-buster to 3.9.0-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (bf938c9)
- Bump packageurl-python from 0.9.2 to 0.9.3
Bumps packageurl-python from 0.9.2 to 0.9.3.
Signed-off-by: dependabot[bot] <[email protected]> (1a7d36b)
- Merge pull request #119 from CycloneDX/dependabot/pip/pytest-6.1.1
Bump pytest from 6.1.0 to 6.1.1 (202f029)
- Bump pytest from 6.1.0 to 6.1.1
Bumps pytest from 6.1.0 to 6.1.1.
Signed-off-by: dependabot[bot] <[email protected]> (005f85f)
-
update for the xml part to convert metadata to dictionary object (
d31e8b2) -
updated metadata to dictionary from list (
deebd3d) -
Added code to check for metadata value (
a3497fd) -
added default value for metadata as None (
86641b6) -
Added support for metadata timestamp (
27eb3e5) -
Merge pull request #116 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.3
Bump actions/setup-python from v2.1.2 to v2.1.3 (e7c1cd9)
- Bump actions/setup-python from v2.1.2 to v2.1.3
Bumps actions/setup-python from v2.1.2 to v2.1.3.
Signed-off-by: dependabot[bot] <[email protected]> (648ab6f)
- Merge pull request #112 from CycloneDX/dependabot/pip/xmlschema-1.2.5
Bump xmlschema from 1.2.4 to 1.2.5 (9f22abf)
- Merge pull request #113 from CycloneDX/dependabot/pip/pytest-6.1.0
Bump pytest from 6.0.1 to 6.1.0 (5801185)
- Merge pull request #115 from praveenmylavarapu/make-component-generic
Make component type generic (584e929)
- Merge pull request #114 from praveenmylavarapu/remove-duplicate
remove duplicate function call (7ad5892)
-
Make component type generic (
4a2d220) -
remove duplicate function call (
df6d6d0) -
Bump pytest from 6.0.1 to 6.1.0
Bumps pytest from 6.0.1 to 6.1.0.
Signed-off-by: dependabot[bot] <[email protected]> (f8ffeeb)
- Bump xmlschema from 1.2.4 to 1.2.5
Bumps xmlschema from 1.2.4 to 1.2.5.
Signed-off-by: dependabot[bot] <[email protected]> (8f94c58)
- Revert "Bump pytest from 6.0.1 to 6.0.2"
This reverts commit 986d2ef737e051be04203b14ee5d11b26b00edb7. (528341a)
- Merge pull request #108 from CycloneDX/dependabot/pip/pytest-6.0.2
Bump pytest from 6.0.1 to 6.0.2 (feed962)
- Bump pytest from 6.0.1 to 6.0.2
Bumps pytest from 6.0.1 to 6.0.2.
Signed-off-by: dependabot[bot] <[email protected]> (986d2ef)
- Merge pull request #109 from CycloneDX/dependabot/pip/packageurl-python-0.9.2
Bump packageurl-python from 0.9.1 to 0.9.2 (bfa1db6)
- Bump packageurl-python from 0.9.1 to 0.9.2
Bumps packageurl-python from 0.9.1 to 0.9.2.
Signed-off-by: dependabot[bot] <[email protected]> (a2a3596)
- Merge pull request #107 from CycloneDX/dependabot/pip/xmlschema-1.2.4
Bump xmlschema from 1.2.3 to 1.2.4 (c58a756)
- Merge pull request #111 from CycloneDX/dependabot/docker/python-3.8.6-slim-buster
Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster (00eccf6)
- Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster
Bumps python from 3.8.5-slim-buster to 3.8.6-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (0db21cd)
- Merge pull request #110 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.3
Bump actions/checkout from v2.3.2 to v2.3.3 (f84ace1)
- Bump actions/checkout from v2.3.2 to v2.3.3
Bumps actions/checkout from v2.3.2 to v2.3.3.
Signed-off-by: dependabot[bot] <[email protected]> (f1381a5)
- Bump xmlschema from 1.2.3 to 1.2.4
Bumps xmlschema from 1.2.3 to 1.2.4.
Signed-off-by: dependabot[bot] <[email protected]> (8a92d37)
- Merge pull request #101 from CycloneDX/dependabot/docker/python-3.8.5-slim-buster
Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster (bfa41d2)
- Merge pull request #105 from CycloneDX/null-license-handling
Add test data for package with a null license (50e634b)
- Fix test data for GitHub runners
There is something odd here that needs more investigation to make it more deterministic. (d2fee97)
-
Merge branch 'master' into null-license-handling (
0d11a2e) -
Add test data for package with a null license (
9958abb)
- Bug fix release
- Fix handling of null licenses
- Fix Docker image bundled tool version (
ab588be)
- Merge pull request #104 from rback123/patch-103
Prevent crash when package_license is none from pypi null value (57e31f0)
-
Added NoneType check for package_license (
6b18250) -
Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster
Bumps python from 3.8.1-slim-buster to 3.8.5-slim-buster.
Signed-off-by: dependabot[bot] <[email protected]> (a5e46d1)
- Merge pull request #102 from CycloneDX/docker-release-fix
Use release built package when building Docker image (3c8b583)
-
Install locally created package when creating Docker image (
890bdee) -
Merge pull request #100 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.2
Bump actions/setup-python from v1 to v2.1.2 (60ecc7c)
- Bump actions/setup-python from v1 to v2.1.2
Bumps actions/setup-python from v1 to v2.1.2.
Signed-off-by: dependabot[bot] <[email protected]> (6d34eaa)
- Merge pull request #99 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.2
Bump actions/checkout from v1 to v2.3.2 (dc2af31)
- Bump actions/checkout from v1 to v2.3.2
Bumps actions/checkout from v1 to v2.3.2.
Signed-off-by: dependabot[bot] <[email protected]> (127e885)
- Merge pull request #98 from davidkarlsen/dependabot
fix language definition (6cc7a17)
-
fix language definition (
cee1611) -
Merge pull request #97 from davidkarlsen/dependabot
Configure dependabot through config-files (003e20c)
- Configure dependabot through config-files
Signed-off-by: David Karlsen <[email protected]> (36c92f7)
- Merge pull request #96 from CycloneDX/dependabot/pip/setuptools-50.3.0
Bump setuptools from 50.1.0 to 50.3.0 (2727ff9)
- Bump setuptools from 50.1.0 to 50.3.0
Bumps setuptools from 50.1.0 to 50.3.0.
Signed-off-by: dependabot-preview[bot] <[email protected]> (60e3547)
-
Add additional comments/doco to the GitHub workflows (
f49bad6) -
Merge pull request #93 from CycloneDX/dependabot/pip/setuptools-50.1.0
Bump setuptools from 18.5 to 50.1.0 (de6c3a9)
- Bump setuptools from 18.5 to 50.1.0
Bumps setuptools from 18.5 to 50.1.0.
Signed-off-by: dependabot-preview[bot] <[email protected]> (b9dd248)
- Merge pull request #84 from CycloneDX/dependabot/pip/packageurl-python-0.9.1
Bump packageurl-python from 0.8.7 to 0.9.1 (1434bd8)
- Bump packageurl-python from 0.8.7 to 0.9.1
Bumps packageurl-python from 0.8.7 to 0.9.1.
Signed-off-by: dependabot-preview[bot] <[email protected]> (c45e7b7)
-
Add 30 minute timeout for GitHub workflows (
47341f7) -
Merge pull request #68 from CycloneDX/dependabot/pip/packaging-20.4
Bump packaging from 19.2 to 20.4 (9123452)
- Bump packaging from 19.2 to 20.4
Bumps packaging from 19.2 to 20.4.
Signed-off-by: dependabot-preview[bot] <[email protected]> (cc0ba25)
- Merge pull request #82 from CycloneDX/dependabot/pip/pytest-6.0.1
Bump pytest from 4.6.9 to 6.0.1 (ab1eb35)
- Merge pull request #78 from CycloneDX/dependabot/pip/requests-2.24.0
Bump requests from 2.22.0 to 2.24.0 (ac5ab88)
- Bump requests from 2.22.0 to 2.24.0
Bumps requests from 2.22.0 to 2.24.0.
Signed-off-by: dependabot-preview[bot] <[email protected]> (53ed092)
- Merge pull request #89 from CycloneDX/dependabot/pip/xmlschema-1.2.3
Bump xmlschema from 1.0.16 to 1.2.3 (72cad92)
- Bump xmlschema from 1.0.16 to 1.2.3
Bumps xmlschema from 1.0.16 to 1.2.3.
Signed-off-by: dependabot-preview[bot] <[email protected]> (2e0aa9f)
-
Fix incorrect twine upload repo (
2ad67fe) -
Feature release
- add JSON support
- include schema files in package
- code quality improvements (
74cdcaf)
-
Remove manual release script (
927da78) -
Add Docker image and GitHub release to workflow (
4f921a8) -
Add docker build and push to release workflow (
7b868dc) -
Merge branch 'master' into github-workflows (
6134a9b) -
Merge pull request #94 from CycloneDX/github-workflows
GitHub workflow for releases (aa84147)
-
Add release workflow (
9396ba8) -
Remove newline from VERSION (
c67b398) -
Run CI tests on Ubuntu, Windows and Mac agents (
eb84c46) -
Rename pythonpackge workflow file to ci (
2137711) -
Bump pytest from 4.6.9 to 6.0.1
Bumps pytest from 4.6.9 to 6.0.1.
Signed-off-by: dependabot-preview[bot] <[email protected]> (a3db165)
- Merge pull request #63 from coderpatros/json
Support for JSON output (a71084c)
-
Replace snapshot JSON schema with final v1.2 schema (
44ad74b) -
Update existing tests to use CLI instead of module imports (
99430cc) -
Add initial "preview" JSON output support (
44e0667) -
Fix bug that can result in duplicate components being included in the BOM (
5fd04f5) -
Refactor to use Component, Hash and License classes and rename some XML methods
This is in preparation for supporting JSON output. (3be896a)
-
Fix path issue when debugging from virtual environment (
d208b16) -
Git ignore files in build/ and dist/ (
d80b959) -
Merge pull request #55 from coderpatros/tests
Add a basic happy path test (c373dad)
-
Include xml schema files in package (
0ae93d6) -
Merge remote-tracking branch 'refs/remotes/origin/master'
Conflicts: cyclonedx/cli/generateBom.py
Changes to generateBom.py moved to reader.py (ab307e5)
- Merge pull request #59 from RobertMaaskant/pypi-mirror-support
Pypi mirror support (169b642)
- Use OrderedDict for hashes to fix failing test under Python 3.5
The dictionary implementation was changed from version 3.6. This means
generated output is different under Python 3.5 (518cae9)
-
Fixup for mirror support (
d53a5d1) -
Fixup of bad refactoring (
af95c39) -
Refactor + add package info mirror support (
4876f41) -
Simplified populate_digests method (
b9c5e0a) -
Refactor bom building (
5043e85) -
Prevent main client from running on import (
d3ce0c7) -
Reorder imports (
19f47b9) -
Remove deprecated python 2.7 from build (
3791c94) -
Add basic bom generation test (
1018f4c) -
Make read_bom importable from cyclonedx.cli (
421258f) -
Use script relative paths for setup.py reference files (
b06a628) -
Add create-virtualenv.sh helper script (
cf8f68b) -
Add .gitignore (
d07d736) -
Added Slack badge (
f975a73) -
Update README.rst (
c845183) -
Update README.rst (
f089c23) -
Update README.rst (
7cc8e37) -
Added docker deployment on release (
6ce0123) -
Merge pull request #46 from davidkarlsen/feature/dockerimage
Docker image. Fixes #45 (fbf1482)
- Docker image. Fixes #45
Signed-off-by: David Karlsen <[email protected]> (7b06b3a)
- bump (
0364312)
- bump (
85b4755)
-
call python (
0d7ceca) -
#11 #34 - Fix for version comparison (
eeaca97) -
Merge pull request #16 from CycloneDX/dependabot/pip/requirements-parser-0.2.0
Bump requirements-parser from 0.1.0 to 0.2.0 (5ac8aa0)
- Bump requirements-parser from 0.1.0 to 0.2.0
Bumps requirements-parser from 0.1.0 to 0.2.0.
Signed-off-by: dependabot-preview[bot] <[email protected]> (1505aa1)
- Merge pull request #19 from CycloneDX/dependabot/pip/packaging-19.2
Bump packaging from 19.1 to 19.2 (f4a558f)
- Merge pull request #30 from CycloneDX/dependabot/pip/xmlschema-1.0.16
Bump xmlschema from 1.0.14 to 1.0.16 (b22762a)
-
Merge remote-tracking branch 'origin/master' (
3dba3a4) -
Changed lang (
b586534) -
Merge pull request #4 from msander/patch-1
Continue with other requirements (88193b2)
- Bump xmlschema from 1.0.14 to 1.0.16
Bumps xmlschema from 1.0.14 to 1.0.16.
Signed-off-by: dependabot-preview[bot] <[email protected]> (575595c)
-
Updating release process (
2d47de4) -
Merge pull request #29 from llamahunter/patch-1
Support requirements.txt with local files (f476f4f)
- Support requirements.txt with local files
It's possible for the requirements.txt file to have local file listings. These do not have 'name' values, and so cause a runtime error when trying to concatenate a NoneType with a string. Test for 'local_file' requirements and skip them when generating bom.
See https://requirements-parser.readthedocs.io/en/latest/usage.html#parsing-requirement-specifiers (97d0cde)
-
Update README.rst (
89b488b) -
Update pythonpackage.yml (
86d1451) -
Update pythonpackage.yml (
5db4810) -
migrating from travis-ci to github actions (
29d989e) -
Update README.rst (
a1aa609) -
Update pythonpackage.yml (
1cb93bf) -
Update pythonpackage.yml (
b9386aa) -
Update pythonpackage.yml (
c9dc482) -
Update pythonpackage.yml (
3416ee8) -
bump (
e84e29f) -
Bump packaging from 19.1 to 19.2
Bumps packaging from 19.1 to 19.2.
Signed-off-by: dependabot-preview[bot] <[email protected]> (99ad2cb)
-
Fixes requirements (
79993b7) -
Merge pull request #21 from tngraf/master
Encoding detection added (a41d616)
-
Encoding detection added (
938374a) -
Merge pull request #18 from TTMaZa/TTMaZa-UTF-8-CLI
Enforced UTF-8 encoding while writing bom.xml (b3944a1)
-
Enforced UTF-8 encoding while writing bom.xml (
2478bf1) -
Merge pull request #17 from CycloneDX/dependabot/pip/packaging-19.1
Bump packaging from 19.0 to 19.1 (cd0ff73)
- Bump packaging from 19.0 to 19.1
Bumps packaging from 19.0 to 19.1.
Signed-off-by: dependabot-preview[bot] <[email protected]> (b0a2719)
- Merge pull request #14 from CycloneDX/dependabot/pip/requests-2.22.0
Bump requests from 2.20.1 to 2.22.0 (973a89f)
- Bump requests from 2.20.1 to 2.22.0
Bumps requests from 2.20.1 to 2.22.0.
Signed-off-by: dependabot-preview[bot] <[email protected]> (ad3169d)
- Merge pull request #15 from CycloneDX/dependabot/pip/packageurl-python-0.8.7
Bump packageurl-python from 0.8.1 to 0.8.7 (324d6a0)
- Bump packageurl-python from 0.8.1 to 0.8.7
Bumps packageurl-python from 0.8.1 to 0.8.7.
Signed-off-by: dependabot-preview[bot] <[email protected]> (c47b17e)
- Merge pull request #12 from CycloneDX/dependabot/pip/xmlschema-1.0.14
Bump xmlschema from 1.0.7 to 1.0.14 (e747f9f)
- Bump xmlschema from 1.0.7 to 1.0.14
Bumps xmlschema from 1.0.7 to 1.0.14.
Signed-off-by: dependabot-preview[bot] <[email protected]> (4159f7b)
- Continue with other requirements
Currently the BOM generation breaks when a single requirement does not refer to a specific version. It would be better to continue with the other requirements. (c633e4f)
-
Update README.rst (
b4a1dc0) -
version bump. Added xml pretty printing (
83cbb7a) -
Merge pull request #10 from emnetag/patch-08-19
Handle package versions not found in PyPi (5d12795)
- Handle packages not found in PyPi
If a package version is not found in PyPi, create an entry
for that version and print a warning to the console. (2fbb145)
-
Updating SPDX license list to v3.6 (
51a1727) -
Adding release script (
f2a486d) -
Added topics (
7bbc751) -
version bump (
aa16564) -
Updating SPDX license list to v3.5 (
ddb11b7) -
Merge pull request #8 from rback123/patch-6
Support PEP 440 concepts like pre, post, and development versions (20d6c5d)
-
Support PEP 440 concepts like pre, post, and development versioning schemes. (
4344b9a) -
Merge pull request #5 from msander/patch-2
Add 'requests' requirement to install_requires (e026932)
- Merge pull request #1 from jhermann/stdin-as-input
Support -i - (read from stdin) (e5356ef)
-
Add 'requests' requirement to install_requires (
625b5a3) -
main: support '-i -' (read from stdin)
This allows to call...
pip freeze | cyclonedx-py -i - ([`e8522a6`](https://github.com/CycloneDX/cyclonedx-python/commit/e8522a679ebd11d151970c26eabf411bd232a881))
-
main: output guarded by context (
e634cb8) -
setup: set +x flag (
4a1c0d6) -
consolidated main (
967ca09) -
bump (
273c3fc) -
Moved to cli package. Fixed requirements and setup issues. Fixed issue with req not having a version when parsed. (
4624657) -
Removed unneeded requires entry (
c857ba8) -
corrected keywords (
7e39138) -
corrected dependency name - version bump (
3f2cb11) -
correcting publish (
635a329) -
formatting (
2dc1b65) -
formatting (
fcd2f00) -
formatting (
fb166d0) -
mods (
d584ef6) -
mods (
9a524a2) -
mods (
e4e3950) -
Added hashes (
21d0fd0) -
Added bom validation after generation (
273b828) -
Added bom validation after generation (
2d82ac0) -
Added keywords and project url (
818498a) -
Adding Python 3.5 test (
74807e4) -
Added bdist_wheel (
6bf71f7) -
removed comment (
173056e) -
headers (
128a260) -
Updated cli args and readme (
c02b7b6) -
Initial commit (
cc233b7) -
Initial commit (
b9e62ba) -
Initial commit (
57bb85f)