v8.1.0

v8.1.0 (2024-10-21)

Documentation

• docs: fix code examples regarding outputting (#709)

Feature

• feat: add support for Lifecycles in BOM metadata (#698)

---

What's Changed

• docs: fix code examples regarding outputting by @hakandilek in #709
• chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #716
• chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #714
• chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @dependabot in #715
• feat: add support for Lifecycles in BOM metadata by @Churro in #698

Full Changelog: v8.0.0...v8.1.0

v8.0.0

v8.0.0 (2024-10-14)

Breaking

• feat!: v8.0.0 (#665)

BREAKING Changes

• Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
• Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
• Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Constructor cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

• Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository for argument tools.
• Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool.
  Downstream users SHOULD add it manually, like my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).

Fixes

• Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

• New class cyclonedx.model.tool.ToolRepository.
• New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
• New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
• New function cyclonedx.model.tool.Tool.from_component().

Dependencies

• Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

---

Docs & Migration Paths

see https://cyclonedx-python-library.readthedocs.io/en/v8.0.0/upgrading.html

---

What's Changed

• chore: ignore coverage of abstract methods by @jkowalleck in #699
• docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #703
• feat!: v8.0.0 by @jkugler & @jkowalleck in #665

Full Changelog: v7.6.2...v8.0.0

v7.6.2

v7.6.2 (2024-10-07)

Chore

• chore: trusted publishing (#695)

fixes #681

Signed-off-by: Jan Kowalleck <[email protected]> (cc09c42)

Documentation

• docs: fix some doc strings

Signed-off-by: Jan Kowalleck <[email protected]> (4fa8fc1)

Fix

• fix: behavior of and typing for crypto setters with optional values (#694)

fixes #690

---

Signed-off-by: Jan Kowalleck <[email protected]> (d8b20bd)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
• chore(deps-dev): update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #688
• chore(deps-dev): update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #693
• chore: trusted publishing by @jkowalleck in #695
• fix: behavior of and typing for crypto setters with optional values by @jkowalleck in #694

Full Changelog: v7.6.1...v7.6.2

v8.0.0-rc.2

BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2

• rename ToolsRepository -> ToolRepository (#687)

Fixes

• ToolRepository serialization will properly deduplicate migrated items

---

What's Changed

• rename ToolsRepository -> ToolRepository by @jkowalleck in #687
• fix: ToolRepository serialize migrated tools deduplicated by @jkowalleck in #686

Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2

---

---

Full change log of v8.0.0:

BREAKING Changes

• Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
• Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
• Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

• Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository
• Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

• Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

• New class cyclonedx.model.tool.ToolRepository.
• New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
• New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
• New function cyclonedx.model.tool.Tool.from_component().

Dependencies

• Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

---

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

v8.0.0-rc.1

BREAKING Changes

• Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
• Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
• Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolsRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

• Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolsRepository
• Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

• Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

• New class cyclonedx.model.tool.ToolsRepository.
• New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
• New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
• New function cyclonedx.model.tool.Tool.from_component().

Dependencies

• Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

---

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

---

What's Changed

• feat!: Add component and services for tools by @jkugler in #635
• feat: don't add self to metafata.tools by @jkowalleck in #674
• refactor!: LicenseExpression() optional args are named args by @jkowalleck in #595
• feat!: this-builder by @jkowalleck in #649
• tests: test builder this by @jkowalleck in #675
• chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
• chore: trusted publishing by @jkowalleck in #682
• docs: migrate to v8.0.0 by @jkowalleck in #684
• chore(dev-deps): use tomli by @jkowalleck in #685

New Contributors

• @jkugler made their first contribution in #635

Full Changelog: v7.6.1...v8.0.0-rc.1

v8.0.0-alpha.1

v8.0.0-alpha.1 (2024-09-23)

Chore

• chore: trusted publishing

Signed-off-by: Jan Kowalleck <[email protected]> (ce23b0f)

Fix

• fix: assert copyright headers

Signed-off-by: Jan Kowalleck <[email protected]> (bef268b)

Unknown

• Merge branch 'main' into 8.0.0-dev

Signed-off-by: Jan Kowalleck <[email protected]> (39514b3)

• Merge branch 'main' into 8.0.0-dev (c123aff)

v7.6.1

v7.6.1 (2024-09-18)

Fix

• fix: file copyright headers (#676)

utilizes flake8 plugin
<https://pypi.org/project/flake8-copyright-validator/> to assert the
correct headers

Signed-off-by: Jan Kowalleck <[email protected]> (35e00b4)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.17.1 to 4.18.0 by @dependabot in #664
• chore(deps-dev): update flake8-bugbear requirement from 24.4.26 to 24.8.19 by @dependabot in #666
• chore(deps-dev): update mypy requirement from 1.11.1 to 1.11.2 by @dependabot in #668
• chore(deps-dev): update tox requirement from 4.18.0 to 4.18.1 by @dependabot in #670
• chore(deps): update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 by @dependabot in #656
• fix: file copyright headers by @jkowalleck in #676

Full Changelog: v7.6.0...v7.6.1

v7.6.0

v7.6.0 (2024-08-14)

Feature

• feat: HashType.from_composite_str for Blake2b, SHA3, Blake3 (#663)

The code mistreated hashes for Blake2b and SHA3.
Code for explicitly handling SHA1 & BLAKE3 was added, as those have no
variants defined in the CycloneDX specification.

fixes #652

---

Signed-off-by: Michael Schlenker <[email protected]>
Co-authored-by: Michael Schlenker <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (c59036e)

---

What's Changed

• chore(deps-dev): update coverage requirement from 7.5.4 to 7.6.0 by @dependabot in #647
• chore(deps-dev): update mypy requirement from 1.10.1 to 1.11.0 by @dependabot in #651
• chore(deps-dev): update mypy requirement from 1.11.0 to 1.11.1 by @dependabot in #655
• chore(deps-dev): update tox requirement from 4.16.0 to 4.17.1 by @dependabot in #662
• chore(deps-dev): update flake8 requirement from 7.1.0 to 7.1.1 by @dependabot in #661
• chore(deps-dev): update coverage requirement from 7.6.0 to 7.6.1 by @dependabot in #660
• feat: HashType.from_composite_str for Blake2b, SHA3, Blake3 by @schlenk in #663

Full Changelog: v7.5.1...v7.6.0

v7.5.1

v7.5.1 (2024-07-08)

Fix

• fix: XML serialize normalizedString and token properly (#646)

fixes #638

---

Signed-off-by: Jan Kowalleck <[email protected]> (b40f739)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #644
• fix: XML serialize normalizedString and token properly by @jkowalleck in #646

Full Changelog: v7.5.0...v7.5.1

v7.5.0

v7.5.0 (2024-07-04)

Feature

• feat: add workaround property for v1.5 and v1.6 (#642)

Property workaround was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.

This is my first contribution on this project so if I done something
wrong, just say me 😃

Signed-off-by: Louis Maillard <[email protected]>
Signed-off-by: Louis Maillard <[email protected]>
Co-authored-by: Louis Maillard <[email protected]> (b5ebcf8)

Style

• style: model args - one per line (#643)

this should make future PR reviews easier, since adding new args in the
middle will not cause complete code blocks to change, but is just a new
line ...

Signed-off-by: Jan Kowalleck <[email protected]> (5b74b0f)

---

What's Changed

• chore(deps-dev): update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #634
• chore(deps-dev): update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #637
• chore(deps-dev): update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #639
• chore(deps-dev): update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #641
• chore(deps-dev): update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #640
• style: model args - one per line by @jkowalleck in #643
• feat: add workaround property for v1.5 and v1.6 by @loulou123546 in #642

New Contributors

• @loulou123546 made their first contribution in #642

Full Changelog: v7.4.1...v7.5.0