v8.0.0-rc.1

Pre-release

Pre-release

github-actions released this 25 Sep 12:50

· 168 commits to main since this release

48b5bc3

BREAKING Changes

Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way.
Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way.
cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolsRepository
Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

New class cyclonedx.model.tool.ToolsRepository.
New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
New function cyclonedx.model.tool.Tool.from_component().

Dependencies

Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

What's Changed

feat!: Add component and services for tools by @jkugler in #635
feat: don't add self to metafata.tools by @jkowalleck in #674
refactor!: LicenseExpression() optional args are named args by @jkowalleck in #595
feat!: this-builder by @jkowalleck in #649
tests: test builder this by @jkowalleck in #675
chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
chore: trusted publishing by @jkowalleck in #682
docs: migrate to v8.0.0 by @jkowalleck in #684
chore(dev-deps): use tomli by @jkowalleck in #685

New Contributors

@jkugler made their first contribution in #635

Full Changelog: v7.6.1...v8.0.0-rc.1

Contributors

jkugler, jkowalleck, and dependabot

Assets 6