- fix: file copyright headers (#676)
utilizes flake8 plugin <https://pypi.org/project/flake8-copyright-validator/> to assert the correct headers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (35e00b4
)
- feat:
HashType.from_composite_str
for Blake2b, SHA3, Blake3 (#663)
The code mistreated hashes for Blake2b and SHA3. Code for explicitly handling SHA1 & BLAKE3 was added, as those have no variants defined in the CycloneDX specification.
fixes #652
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c59036e
)
- fix: XML serialize
normalizedString
andtoken
properly (#646)
fixes #638
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b40f739
)
- feat: add workaround property for v1.5 and v1.6 (#642)
Property workaround
was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.
This is my first contribution on this project so if I done something wrong, just say me 😃
Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8
)
- style: model args - one per line (#643)
this should make future PR reviews easier, since adding new args in the middle will not cause complete code blocks to change, but is just a new line ...
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b74b0f
)
- chore: rollback py sem release matcher
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c33a130
)
- docs: exclude dep bumps from changelog (#627)
fixes #616
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7
)
- fix:
cyclonedx.model.Property.value
value is optional (#631)
cyclonedx.model.Property.value
value is optional, in accordance with
the spec.
fixes #630
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b
)
- docs: OSSP best practice percentage
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc
)
- feat: updated SPDX license list to
v3.24.0
(#622)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a
)
- fix: allow suppliers with empty-string names (#611)
fixes #600
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb
)
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496
)
- chore(ci): update GH action versions (#606)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b
)
- fix: json validation allow arbitrary
$schema
value (#613)
fixes #612
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60
)
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors fixes #598 fixes #586
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c
)
- chore: semantic-release git commit/sign valid email address
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40
)
- fix: include all fields of
Component
in__lt__
function for #586 (#587)
Fixes #586.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685
)
- feat: license factory set
acknowledgement
(#593)
add a parameter to LicenseFactory.make_*()
methods, to set the LicenseAcknowledgement
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455
)
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839
)
- tests: add meaningful names to validation tests (#588)
When packaging cyclonedx-python-lib for a Linux distribution, it’s pretty common that some JSON validation tests fail. 1
Due to the large number of combinations and the fact that these tests are consecutively numbered, it has been tedious to figure out which tests are exactly failing and why. This in turn makes it difficult to decide which tests to disable or report upstream.
Append meaningful names to validation tests so that instead of e.g.:
[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008
the tests are named:
[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6
Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c
)
- doc: poor merge resolved
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa
)
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67
)
- feat: support
bom.properties
for CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a
)
-
feat!: Support for CycloneDX v1.6
-
added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bbdf46
)
- fix: wrong extra name for xml validation (#571)
Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> (10e38e2
)
- fix: serialization of
model.component.Diff
(#557)
Fixes #556
Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (22fa873
)
- build: use poetry v1.8.1 (#560)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6f81dfa
)
- docs: update architecture description and examples (#550)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a19fd28
)
- docs: exclude internal docs from rendering (#545)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7e55dfe
)
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (63cff7e
)
- docs (#546)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b0e5b43
)
- docs: ship docs with
sdist
build (#544)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (52ef01c
)
- docs: refactor example
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c1776b7
)
-
fix:
model.BomRef
no longer equal to unset peers (#543)fixes #539
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1fd7fee
)
- tests: fetched schema 1.5 test data from spec (#536)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (394cc87
)
- chore: doc flake8 config
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bd4c078
)
- docs: add OpenSSF Best Practices shield (#532)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (59c4381
)
- feat: support
py-serializable
v1.0 (#531)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e1e7277
)
- docs: add
Documentation
url to project meta
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1080b73
)
- docs: add
Documentation
url to project meta
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c4288b3
)
- feat: enable dependency
py-serializable 0.17
(#529)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f24220
)
- build: allow additional major-version RC branch patterns
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f8af156
)
- docs: fix typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2563996
)
- docs: update intro and description
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f0bd05d
)
- docs: buld docs on ubuntu22.04 python311
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b3e9ab7
)
- feat: allow
lxml
requirement in range of>=4,<6
(#523)
Updates the requirements on lxml to permit the latest version.
updated-dependencies:
- dependency-name: lxml dependency-type: direct:production ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7d12b9a
)
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7dcd166
)
- chore: update maintainers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (87c72d7
)
- feat: add function to map python
hashlib
algorithms to CycloneDX (#519)
new API: model.HashType.from_hashlib_alg()
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (81f8cf5
)
- feat!: v6.0.0 (#492)
- Removed symbols that were already marked as deprecated (via #493)
- Removed symbols in
parser.*
(#489 via #495) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION
(#491 via #494) - Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
Handling might raise warnings if a data loss occurred due to omitting.
The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. - Serialization of any
model.component.Component
with unsupportedtype
raisesexception.serialization.SerializationOfUnsupportedComponentTypeException
(#490 via #496) - Object
model.bom_ref.BomRef
's propertyvalue
defaults toNull
, was arbitraryUUID
(#504 via #505)
This change does not affect serialization. Allbom-ref
s are guaranteed to have unique values on rendering. - Removed helpers from public API (#503 via #506)
- Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
- Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)
- Bumped dependency
py-serializable@^0.16
, was@^0.15
(via #496)
- Added new sub-package
exception.serialization
(via #496) - Removed class
models.ComparableTuple
(#503 via #506) - Enum
model.ExternalReferenceType
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed function
models.get_now_utc
(#503 via #506) - Removed function
models.sha1sum
(#503 via #506) - Enum
model.component.ComponentType
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
model.component.Component.__init__()
's deprecated optional kwargnamespace
(via #493)
Use kwarggroup
instead. - Removed
model.component.Component.__init__()
's deprecated optional kwarglicense_str
(via #493)
Use kwarglicenses
instead. - Removed deprecated method
model.component.Component.get_namespace()
(via #493) - Removed class
models.dependency.DependencyDependencies
(#503 via #506) - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargsource_name
(via #493)
Use kwargsource
instead. - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargsource_url
(via #493)
Use kwargsource
instead. - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargrecommendations
(via #493)
Use kwargrecommendation
instead. - Removed
model.vulnerability.VulnerabilityRating.__init__()
's deprecated optional kwargscore_base
(via #493)
Use kwargscore
instead. - Enum
model.vulnerability.VulnerabilityScoreSource
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION
(#491 via #494) - Removed deprecated function
output.get_instance()
(via #493)
Use functionoutput.make_outputter()
instead. - Added new class
output.json.JsonV1Dot5
, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.json.BY_SCHEMA_VERSION
, to reflect CycloneDX 1.5 (#404 via #488) - Added new class
output.xml.XmlV1Dot5
, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.xml.BY_SCHEMA_VERSION
, to reflect CycloneDX 1.5 (#404 via #488) - Removed class
parser.ParserWarning
(#489 via #495) - Removed class
parser.BaseParser
(#489 via #495) - Enum
schema.SchemaVersion
got new caseV1_5
, to reflect CycloneDX 1.5 (#404 via #488)
Signed-off-by: Johannes Feichtner <johannes@web-wack.at>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com>
Co-authored-by: semantic-release <semantic-release> (74865f8
)
- chore: mograte dev-dependencies to new poetry layout (#482)
see https://python-poetry.org/docs/managing-dependencies/#dependency-groups
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a85585c
)
- docs: keywaords & funding (#486)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3189e59
)
- feat:
model.XsUri
migrate control characters according to spec (#498)
fixes #497
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e490429
)
- fix: update own
externalReferences
(#480)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (edb3dde
)
- docs: advance license docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f61a730
)
- feat: guarantee unique
BomRef
s in serialization result (#479)
Incorporate output.BomRefDiscriminator
on serialization
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a648775
)
- chore: make
pyproject
parsable by dependabot (#477)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c4eaaa5
)
- docs: revisit project meta (#475)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c3254d0
)
- docs: fix RTFD build (#476)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b9fcfb4
)
- "chore(deps): revert bump python-semantic-release/python-semantic-release (#474)"
This reverts commit 9c3ffac34e89610ccc4f9701444127e1e6f5ee07.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aae7304
)
- feat!: v5.0.0 (#440)
- Dropped support for python<3.8 (#436 via #441; enable #433)
- Reworked license related models, collections, and factories (#365 via #466)
- Behavior
- API
- Enum
schema.SchemaVersion
is no longer string-like (#442 via #447) - Enum
schema.OutputVersion
is no longer string-like (#442 via #447) - Abstract class
output.BaseOutput
requires implementation of new methodoutput_format
(#446 via #447) - Abstract method
output.BaseOutput.output_as_string()
got new optional parameterindent
(#437 via #458) - Abstract method
output.BaseOutput.output_as_string()
accepts arbitrary kwargs (via #458, #462) - Removed class
factory.license.LicenseChoiceFactory
(via #466)
The old functionality was integrated intofactory.license.LicenseFactory
. - Method
factory.license.LicenseFactory.make_from_string()
's parametername_or_spdx
was renamed tovalue
(via #466) - Method
factory.license.LicenseFactory.make_from_string()
's return value can also be aLicenseExpression
(#365 via #466)
The behavior imitates the oldfactory.license.LicenseChoiceFactory.make_from_string()
- Renamed class
module.License
tomodule.license.DisjunctliveLicense
(#365 via #466) - Removed class
module.LicenseChoice
(#365 via #466)
Use dedicated classesmodule.license.DisjunctliveLicense
andmodule.license.LicenseExpression
instead - All occurrences of
models.LicenseChoice
were replaced bymodels.licenses.License
(#365 via #466) - All occurrences of
SortedSet[LicenseChoice]
were specialized tomodels.license.LicenseRepository
(#365 via #466)
- Enum
- Serialization of multy-licenses (#365 via #466)
- Detect unused "dependent" components in
model.bom.validate()
(via #464)
- Updated latest supported list of supported SPDX license identifiers (via #433)
- Shipped schema files are moved to a protected space (via #433)
These files were never intended for public use. - XML output uses a default namespace, which makes results smaller. (#438 via #458)
- Support for Python 3.12 (via #460)
- JSON- & XML-Validators (#432, #446 via #433, #448)
The functionality might require additional dependencies, that can be installed with the extra "validation".
See the docs in section "Installation" for details. - JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
- Type hints, typings & overloads for better integration downstream (via #463)
- API
- New function
output.make_outputter()
(via #469)
This replaces the deprecated functionoutput.get_instance()
. - New sub-package
validation
(#432, #446 via #433, #448, #469, #468, #469) - New class
exception.MissingOptionalDependencyException
(#432 via #433) - New class
exception.LicenseExpressionAlongWithOthersException
(#453 via #452) - New dictionaries
output.{json,xml}.BY_SCHEMA_VERSION
(#446 via #447) - Existing implementations of class
output.BaseOutput
now have a new methodoutput_format
(#446 via #447) - Existing implementations of method
output.BaseOutput.output_as_string()
got new optional parameterindent
(#437 via #458) - Existing implementations of method
output.BaseOutput.output_to_file()
got new optional parameterindent
(#437 via #458) - New method
factory.license.LicenseFactory.make_with_expression()
(via #466) - New class
model.license.DisjunctiveLicense
(#365 via #466) - New class
model.license.LicenseExpression
(#365 via #466) - New class
model.license.LicenseRepository
(#365 via #466) - New class
serialization.LicenseRepositoryHelper
(#365 via #466)
- New function
- Function
output.get_instance()
might be removed, useoutput.make_outputter()
instead (via #469)
- Added validation tests with official CycloneDX schema test data (#432 via #433)
- Use proper snapshots, instead of pseudo comparison (#437 via #464)
- Added regression test for bug #365 (via #466, #467)
- Dependencies: bumped
py-serializable@^0.15.0
, was@^0.11.1
(via #458, #463, #464, #466) - Style: streamlined quotes and strings (via #472)
- Chore: bumped internal dev- and QA-tools (#436 via #441, #472)
- Chore: added more QA tools to prevent common security issues (via #473)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: semantic-release <semantic-release> (26b151c
)
- chore: Update CONTRIBUTING.md
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (0ebaa21
)
- ci: publish coverage report to codacy (#439)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0012a82
)
- fix: SPDX-expression-validation internal crashes are cought and handled (#471)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5fa66a0
)
- chore: dont lock poetry (#431)
fixes #430
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (49b144b
)
- docs: fix shield in README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a941b1
)
- docs(example): showcase
LicenseChoiceFactory
(#428)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c56ec83
)
- fix: ship meta files (#434)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3a1a8a5
)
- fix:
LicenseChoiceFactory.make_from_string()
prioritize SPDX id over expression (#427)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e1bdfdd
)
- feat: complete SPDX license expression (#425)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e06f9fd
)
- chore: migrate to python-semantic-release8 (#421)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (14c501c
)
- chore: migrate to python-semantic-release8 (#420)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0e35d88
)
- chore: migrate to python-semantic-release8 (#419)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (adf5a36
)
- ci: streamline concurrency for deploy (#406)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a7ddfa
)
-
ci: run examples on prod-deps only (#402)
-
ci: run examples on prod-deps only
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- ci: simplify ci
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf40048
)
- ci: run examples (#401)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (058f386
)
- docs(examples): showcase shorthand dependency management (#403)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8b32efb
)
- feat: programmatic access to library's version (#417)
adds cyclonedx.__version__
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3585ea9
)
-
chore: CI/QA/Build meintenance (#358)
-
build: streamlined ci and builds
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- chore: upgrade lockfile with poetry1.4
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- removed extra brace
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fixed long line
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (9779af0
)
- chore: followup of #340 (#360)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (723ae8e
)
- chore: prevent dev-lowest-lockfile from dependency bumps (#359)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (16870f4
)
- chore: manually craft more accurate CHANGELOG for
4.0.0
Signed-off-by: Paul Horton <paul.horton@owasp.org> (32ce3a2
)
- ci: cannot use variables in
uses
Signed-off-by: Paul Horton <paul.horton@owasp.org> (2371a1b
)
- ci: cannot use variables in
uses
Signed-off-by: Paul Horton <paul.horton@owasp.org> (aa0eab1
)
- ci: add concurrency rules (#361)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f65d646
)
- docs(examples): README (#399)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1d262ba
)
- docs: add exaple how to build and serialize (#397)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (65e22bd
)
- fix: conditional warning if no root dependencies were found (#398)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c8175bb
)
- 4.0.1
Automatically generated by python-semantic-release (4a72f51
)
- Add missing space in warning message. (#364)
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> (dad0d28
)
- feat: Release 4.0.0 #341)
Highlights of this release include:
- Support for De-serialization from JSON and XML to this Pythonic Model
- Deprecation of Python 3.6 support
- Support for Python 3.11
- Support for
BomLink
- Support VEX without needing
Component
in the sameBom
- Support for
services
havingdependencies
BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed.
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- feat: support VEX without Components in the same BOM
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- feat: support VEX without Components in the same BOM
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component
Signed-off-by: Paul Horton <paul.horton@owasp.org>
feat: allow version
of BOM to be defined
feat: allow serial_number
of BOM to be prescribed
feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
chore: fix release workflow
-
chore: editorconfig
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- feat: support for deserialization from JSON and XML (#290)
BREAKING CHANGE:
- feat: drop Python 3.6 support
Signed-off-by: Hakan Dilek <hakandilek@gmail.com> Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com>
- fix: update
serializable
to include XML safety changes
Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
feat: Support for Python 3.11 (#349)
-
feat: officially test and support Python 3.11
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- removed unused imports
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- bump
poetry
to1.1.12
in CI
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: remove
toml
as dependency as not used and seems to be breaking Python 3.11 CI
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: removed
types-toml
from dependencies - not used
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: removed
autopep8
in favour offlake8
as both have conflicting dependencies now
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: bump dev dependencies
fix: removed setuptools
as dependency
Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
tests: compoennt versions optional (#350)
-
chore: exclude
venv*
from QA; add typing to QA
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- tests: component versions are optional
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- doc: doc updates for new deserialization feature
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- doc: doc updates for contribution
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> (8fb1b14
)
- chore: package manifest fix link to homepage and documentation (#291)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f2350b4
)
- 4.0.0
Automatically generated by python-semantic-release (40fbfda
)
- chore: do not ship exra LICENSE file (#339)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b7f1028
)
- fix: mak test's schema paths relative to
cyclonedx
package (#338)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1f0c05f
)
- 3.1.5
Automatically generated by python-semantic-release (ba603cf
)
- chore: add Jan Kowalleck as a maintainer
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7aae26d
)
-
fix(tests): include tests in
sdist
builds (#337) -
feat: include
tests
insdist
builds for #336 -
delete unexpected
DS_Store
file
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (936ad7d
)
- test: mock
ThisTool.version
for constisten results (#335)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (57a9e5e
)
- 3.1.4
Automatically generated by python-semantic-release (0b19294
)
-
fix: serialize dependency graph for nested components (#329)
-
tests: regression tests for issue #328
-
fix: for issue #328
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fb3f835
)
-
test: tidy up test beds (#333)
-
test: consolidate imports
-
test: recreate all fixtures
-
test: docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ab862e7
)
- 3.1.3
Automatically generated by python-semantic-release (11a420c
)
- chore: editorconfig
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8c75b1b
)
- ci: fix py36 (#320)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf9f790
)
- docs: typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (539b57a
)
- docs: fix shields (#324)
caused by badges/shields#8671
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (555dad4
)
- docs: fix typo (#318)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (63bfb87
)
- fix: prevent errors on metadata handling for some specification versions (#330)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f08a656
)
- style: split joined path segments (#331)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (493104c
)
- 3.1.2
Automatically generated by python-semantic-release (0853d14
)
- clarify sign-off step (#319)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (007fb96
)
-
chore: CHANGELOG typos (
6c0c174
) -
chore: update CHANGELOG to explain jump from
2.7.1
to3.1.0
. (1b8cd12
)
- fix: type hint for
get_component_by_purl
is incorrect
chore: force automated release
Signed-off-by: Paul Horton <paul.horton@owasp.org> (3f20bf0
)
- 3.1.1
Automatically generated by python-semantic-release (503955e
)
- Merge pull request #310 from gruebel/fix-method-type-hint
fix: type hint for get_component_by_purl
is incorrect (06037b9
)
- move tests to model bom file
Signed-off-by: gruebel <anton.gruebel@gmail.com> (4c8a3ab
)
- fix type hint for get_component_by_purl
Signed-off-by: gruebel <anton.gruebel@gmail.com> (735c05e
)
-
chore: fix release workflow (
5863622
) -
chore: fix poetry in tox
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7f8c668
)
- feat: out-factor SPDX compund detection
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fd4d537
)
- feat: out-factor SPDX compund detection
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2b69925
)
- feat: license factories
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (033bad2
)
- test: license factories
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (baf83f9
)
- 3.1.0
Automatically generated by python-semantic-release (e52c174
)
- Merge pull request #305 from CycloneDX/license-factories
feat: add license factories to more easily support creation of License
or LicenseChoice
from SPDX license strings #304 (5ff4494
)
- tests: refactor tests
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3644f13
)
- tests: rebase/fixup poetry lock
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (26817c0
)
- Merge pull request #301 from CycloneDX/fix-poetry-in-tox
chore: fix poetry in tox (92aea8d
)
- remove v3 from CHANGELOG #286 (#287)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7029721
)
- 3.0.0
Automatically generated by python-semantic-release (69582ff
)
- chore: manual fix release publication
2.7.1
Signed-off-by: Paul Horton <paul.horton@owasp.org> (b569548
)
- chore: resolve hang issue with running isort as pre-commit hook
Signed-off-by: Paul Horton <paul.horton@owasp.org> (fb25b70
)
- chore: re-added
isort
to pre-commit hooks ran isort
Signed-off-by: Paul Horton <paul.horton@owasp.org> (051e543
)
- ci: change pinned version of python-semantic-release as preventing automated releases
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6e12be7
)
- fix: pinned
mypy <= 0.961
due to #278
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d6955cb
)
- fix: properly support nested
components
andservices
#275
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6597db7
)
- Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275
fix: BOM validation fails when Components or Services are nested #275
fix: updated dependencies #271, #270, #269 and #256 (68a0cdd
)
-
Merge branch 'main' into fix/bom-validation-nested-components-isue-275 (
6caee65
) -
added tests to cover new
Component.get_all_nested_components()
method
Signed-off-by: Paul Horton <paul.horton@owasp.org> (75a77ed
)
- Revert "chore: re-added
isort
to pre-commit hooks"
This reverts commit f50ee1eb79f3f4e5b9d21824e64192d0af43d3f0.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5f7f30e
)
- removed tests where services are part of dependency tree - see #277
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f26862b
)
- aded XML output tests for Issue #275
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ebef5f2
)
- updated XML output tests
Signed-off-by: Paul Horton <paul.horton@owasp.org> (356c37e
)
- addressed JSON output for #275 including test addiitions
Signed-off-by: Paul Horton <paul.horton@owasp.org> (692c005
)
-
feat: support for CycloneDX schema
1.4.2
- addsvulnerability.properties
to the schema (32e7929
) -
feat: support for CycloneDX schema version
1.4.2
- Provides support for
vulnerability.properties
Signed-off-by: Paul Horton <paul.horton@owasp.org> (db7445c
)
- feat: added updated CycloneDX 1.4.2 schemas
Signed-off-by: Paul Horton <paul.horton@owasp.org> (7fb27ae
)
- 2.7.0
Automatically generated by python-semantic-release (96d155e
)
- feat: reduce unnessessarry type casting of
set
/SortedSet
(#203)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (089d971
)
- 2.6.0
Automatically generated by python-semantic-release (8481e9b
)
- fix: add expected lower-than comparators for
OrganizationalEntity
andVulnerabilityCredits
(#248)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0046ee1
)
- 2.5.2
Automatically generated by python-semantic-release (fb9a796
)
- fix: add missing
Vulnerability
comparator for sorting (#246)
Partial fix for #245.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (c3f3d0d
)
- 2.5.1
Automatically generated by python-semantic-release (1ea5b20
)
- build: move typing to dev-dependencies
Move types-setuptools
and types-toml
to dev-dependencies (#226)
Signed-off-by: Adam Johnson <me@adamj.eu> (0e2376b
)
- ci: fix run with lowest compat dependencies (#240)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a4596c8
)
- ci: pin GH-action
semantic-release
to v7.28.1 (#234)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (91e1297
)
- docs: fix typo "This is out" -> "This is our"
Fix typo in comments: "This is out" -> "This is our" (#233)
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ef0278a
)
- feat: use
SortedSet
in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson
Signed-off-by: Paul Horton <paul.horton@owasp.org> (8a1c404
)
- test: tests calculate versions if needed
Don't hardcode component version in test (#229)
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (7b3ce65
)
- 2.5.0
Automatically generated by python-semantic-release (c820423
)
- Merge pull request #235 from RodneyRichardson/use-sorted-set
feat: use SortedSet
in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (c43f6d8
)
-
Merge branch 'CycloneDX:main' into use-sorted-set (
1b8ac25
) -
Fix SortedSet type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (71eeb4a
)
- Fix line length warning.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (e9ee712
)
- Fix more type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (f042bce
)
- Fix SortedSet type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (2e283ab
)
- Fix type hint on ComparableTuple
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (43ef908
)
- Sort usings.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (8f86c12
)
- Fix sonatype-lift warnings
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (f1e92e3
)
- Fix warnings.
Change tuple -> Tuple Fix Diff initialization Add sorting to AttachedText
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (2b47ff6
)
- Reduce sortedcontainers.pyi to only the functions used.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ef0fbe2
)
- Remove flake8 warnings
Remove unused imports and trailing whitespace. Sort usings in pyi file.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (41d1bee
)
- Add type hints for SortedSet
Fix use of set/Set.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (df0f554
)
- Replace object type hint in lt with Any
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ec22f68
)
- Make reorder() return type explicit List (as flagged by sonatype-lift bot)
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (695ee86
)
- Use SortedSet in model to improve reproducibility
Added __lt__()
to all model classes used in SortedSet, with tests
Explicitly declared Enums as (str, Enum) to allow sorting
Added dependency to sortedcollections package
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (368f522
)
- feat(deps): remove unused
typing-extensions
constraints
PullRequest and details via #224
Signed-off-by: gruebel <anton.gruebel@gmail.com> (2ce358a
)
- 2.4.0
Automatically generated by python-semantic-release (4874354
)
- revert
types-toml
on lowest setup (32ece98
)
- feat: add support for Dependency Graph in Model and output serialisation
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ea34513
)
- 2.3.0
Automatically generated by python-semantic-release (5c1047a
)
- Merge pull request #210 from CycloneDX/feat/support-bom-dependencies
feat: add support for Dependency Graph in Model and output serialisation (JSON and XML) (938169c
)
- Merge pull request #214 from CycloneDX/feat/support-bom-dependencies-no-cast
no cast (2551545
)
- no cast
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dec3b70
)
- update to use
Set
operators (more Pythonic)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f01665e
)
- missing closing
>
inBomRef.__repr__
Signed-off-by: Paul Horton <paul.horton@owasp.org> (2c7c4be
)
- removed unnecessary condition -
self.get_bom().components
is always aSet
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5eb5669
)
- added additional tests to validate Component in Metadata is properly represented in Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (b8d526e
)
- adjusted unit tests to account for inclusion of Component in Bom Metadata in Dependency Graphy
Signed-off-by: Paul Horton <paul.horton@owasp.org> (c605f2b
)
- updates based on feedback from @jkowalleck
Signed-off-by: Paul Horton <paul.horton@owasp.org> (04511f3
)
-
Merge branch 'feat/support-bom-dependencies' of github.com:CycloneDX/cyclonedx-python-lib into feat/support-bom-dependencies (
8fb408c
) -
doc: updated docs to reflect support for Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a680544
)
- updated file hash in test
Signed-off-by: Paul Horton <paul.horton@owasp.org> (56f3d5d
)
- removed unused import
Signed-off-by: Paul Horton <paul.horton@owasp.org> (61c3338
)
- doc: updated docs to reflect support for Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (3df017f
)
- updated file hash in test
Signed-off-by: Paul Horton <paul.horton@owasp.org> (449cb1e
)
- removed unused import
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f487c4a
)
- ci: introduce
timeout-minutes
and dropdependabot
branches for CI #206
Signed-off-by: Paul Horton <phorton@sonatype.com> (e5b426f
)
- feat: Bump XML schemas to latest fix version for 1.2-1.4 - see: CycloneDX/specification#122
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd2e756
)
- feat: bump JSON schemas to latest fix verison for 1.2 and 1.3 - see:
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd6a088
)
- 2.2.0
Automatically generated by python-semantic-release (67ecfac
)
- Merge pull request #207 from CycloneDX/feat/update-schemas
feat: Update CycloneDX Schemas to latest patch versions (2c55cb5
)
- mark schema files as vendored
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9c3e77
)
- Merge pull request #191 from CycloneDX/feat/pre-commit-hooks
[DEV] Add pre-commit hooks (91ceeb1
)
- chore: shield icons in README (
87c490e
)
- fix: prevent error if
version
not set
Signed-off-by: Paul Horton <phorton@sonatype.com> (b9a84b5
)
- 2.1.1
Automatically generated by python-semantic-release (f78d608
)
- Merge pull request #194 from CycloneDX/fix/json-output-version-optional-bug-193
fix: version
being optional in JSON output can raise error (6f7e09a
)
- chore: added autopep8 to pre-commit and clarified command in CONTRIBUTING for performance
Signed-off-by: Paul Horton <phorton@sonatype.com> (5dafb1c
)
- chore: first pass pre-commit config
Signed-off-by: Paul Horton <phorton@sonatype.com> (fd6ab7a
)
- chore: added documentation to CONTRIBUTING guidelines
Signed-off-by: Paul Horton <phorton@sonatype.com> (67cefe1
)
-
chore: dependabot prefix
chore
, not eco-system (c96cea4
) -
chore: make isort and flake8-isort available
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b211de5
)
- chore: poetry(deps): bump pyparsing from 3.0.6 to 3.0.7 (#140)
Bumps pyparsing from 3.0.6 to 3.0.7.
updated-dependencies:
- dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1bdb798
)
- chore: poetry(deps): bump types-setuptools from 57.4.7 to 57.4.9 (#168)
Bumps types-setuptools from 57.4.7 to 57.4.9.
updated-dependencies:
- dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (48c3f99
)
- chore: poetry(deps): bump filelock from 3.4.0 to 3.4.1 (#116)
Bumps filelock from 3.4.0 to 3.4.1.
updated-dependencies:
- dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (17f1a5f
)
- chore: poetry(deps): bump attrs from 21.2.0 to 21.4.0 (#113)
Bumps attrs from 21.2.0 to 21.4.0.
updated-dependencies:
- dependency-name: attrs dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3c39ae5
)
- chore: poetry(deps): bump typed-ast from 1.5.1 to 1.5.2 (#144)
Bumps typed-ast from 1.5.1 to 1.5.2.
updated-dependencies:
- dependency-name: typed-ast dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ac5809e
)
- chore: poetry(deps): bump packageurl-python from 0.9.6 to 0.9.9 (#177)
Bumps packageurl-python from 0.9.6 to 0.9.9.
updated-dependencies:
- dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4bfba14
)
- chore: poetry(deps): bump virtualenv from 20.13.1 to 20.13.2 (#181)
Bumps virtualenv from 20.13.1 to 20.13.2.
updated-dependencies:
- dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (20e3368
)
- feat: output errors are verbose
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bfe8fb1
)
- fix:
version
being optional in JSON output can raise error
Signed-off-by: Paul Horton <phorton@sonatype.com> (ba0c82f
)
- style: sorted all imports
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4780a84
)
- 2.1.0
Automatically generated by python-semantic-release (c58f8f8
)
- Merge pull request #198 from CycloneDX/verbose_outout_errors
fix: improved output errors - file/directory is now included (4618c62
)
- updated to be more pythonic
Signed-off-by: Paul Horton <phorton@sonatype.com> (a1bbf00
)
- doc: added CONTRIBUTING to public docs doc: included pre-commit hooks in CONTRIBUTING
Signed-off-by: Paul Horton <phorton@sonatype.com> (f38215f
)
- Merge pull request #182 from CycloneDX/sort-imports
style: sort imports (aa37e56
)
- feat: bump dependencies
BREAKING CHANGE: Adopt PEP-3102
BREAKING CHANGE: Optional Lists are now non-optional Sets
BREAKING CHANGE: Remove concept of DEFAULT schema version - replaced with LATEST schema version
BREAKING CHANGE: Added BomRef
data type
Signed-off-by: Paul Horton <phorton@sonatype.com> (da3f0ca
)
- chore: poetry(deps): bump virtualenv from 20.13.0 to 20.13.1 (#167)
Bumps virtualenv from 20.13.0 to 20.13.1.
updated-dependencies:
- dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9e80258
)
- chore: poetry(deps): bump types-toml from 0.10.3 to 0.10.4 (#166)
Bumps types-toml from 0.10.3 to 0.10.4.
updated-dependencies:
- dependency-name: types-toml dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (02449f6
)
- chore: bump dependencies
Signed-off-by: Paul Horton <phorton@sonatype.com> (6c280e7
)
- feat: completed work on #155 (#172)
fix: resolved #169 (part of #155) feat: as part of solving #155, #147 has been implemented
Signed-off-by: Paul Horton <phorton@sonatype.com> (a926b34
)
-
feat: support complete model for
bom.metadata
(#162) -
feat: support complete model for
bom.metadata
fix: JSON comparison in unit tests was broken chore: corrected some source license headers
Signed-off-by: Paul Horton <phorton@sonatype.com> (2938a6c
)
- feat: support for
bom.externalReferences
in JSON and XML #124
Signed-off-by: Paul Horton <phorton@sonatype.com> (1b733d7
)
-
feat: Complete support for
bom.components
(#155) -
fix: implemented correct
__hash__
methods in models (#153)
Signed-off-by: Paul Horton <phorton@sonatype.com> (32c0139
)
- feat: support services in XML BOMs feat: support nested services in JSON and XML BOMs
Signed-off-by: Paul Horton <phorton@sonatype.com> (9edf6c9
)
- fix:
license_url
not serialised in XML output #179 (#180)
Signed-off-by: Paul Horton <phorton@sonatype.com> (f014d7c
)
- fix:
Component.bom_ref
is not Optional in our model implementation (in the schema it is) - we generate a UUID ifbom_ref
is not supplied explicitly
Signed-off-by: Paul Horton <phorton@sonatype.com> (5c954d1
)
- fix: temporary fix for
__hash__
of Component withproperties
#153
Signed-off-by: Paul Horton <phorton@sonatype.com> (a51766d
)
- fix: further fix for #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (1f55f3e
)
- fix: regression introduced by first fix for #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (c09e396
)
- fix: Components with no version (optional since 1.4) produce invalid BOM output in XML #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (70d25c8
)
- fix:
expression
not supported in Component Licsnes for version 1.0
Signed-off-by: Paul Horton <phorton@sonatype.com> (15b081b
)
- test: refactor to work on PY < 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com> (0ce5de6
)
- test: refactored fixtures for tests which has uncovered #150, #151 and #152
Signed-off-by: Paul Horton <phorton@sonatype.com> (df43a9b
)
- 2.0.0
Automatically generated by python-semantic-release (a4af3dc
)
-
Merge pull request #148 from CycloneDX/feat/add-bom-services (
631e400
) -
Merge branch 'main' into feat/add-bom-services (
9a32351
) -
doc: added RTD badge to README
Signed-off-by: Paul Horton <phorton@sonatype.com> (b20d9d1
)
- implemented
__str__
forBomRef
Signed-off-by: Paul Horton <phorton@sonatype.com> (670bde4
)
-
Continuation of #170 - missed updating Vulnerability to use
BomRef
(#175) -
BREAKING CHANGE: added new model
BomRef
unlocking logic later to ensure uniquness and dependency references
Signed-off-by: Paul Horton <phorton@sonatype.com>
- updated Vulnerability to also use new
BomRef
model
Signed-off-by: Paul Horton <phorton@sonatype.com> (0d82c01
)
- BREAKING CHANGE: added new model
BomRef
unlocking logic later to ensure uniquness and dependency references (#174)
Signed-off-by: Paul Horton <phorton@sonatype.com> (d189f2c
)
- BREAKING CHANGE: replaced concept of default schema version with latest supported #171 (#173)
Signed-off-by: Paul Horton <phorton@sonatype.com> (020fcf0
)
- BREAKING CHANGE: Updated default schema version to 1.4 from 1.3 (#164)
Signed-off-by: Paul Horton <phorton@sonatype.com> (9b6ce4b
)
-
BREAKING CHANGE: update models to use
Set
rather thanList
(#160) -
BREAKING CHANGE: update models to use
Set
andIterable
rather thanList[..]
BREAKING CHANGE: update final models to use@property
wip
Signed-off-by: Paul Horton <phorton@sonatype.com> (142b8bf
)
- removed unnecessary calls to
hash()
in__hash__()
methods as pointed out by @jkowalleck
Signed-off-by: Paul Horton <phorton@sonatype.com> (0f1fd6d
)
- BREAKING CHANGE: adopted PEP-3102 for model classes (#158)
Signed-off-by: Paul Horton <phorton@sonatype.com> (b3c8d9a
)
- doc: added page to docs to call out which parts of the specification this library supports
Signed-off-by: Paul Horton <phorton@sonatype.com> (41a4be0
)
- attempt to resolve Lift finding
Signed-off-by: Paul Horton <phorton@sonatype.com> (2090c08
)
- removed unused imports
Signed-off-by: Paul Horton <phorton@sonatype.com> (a35d540
)
-
WIP on
bom.services
-
WIP but a lil hand up for @madpah
Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com>
- chore: added missing license header
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
No default values for required fields
-
Add Services to BOM
-
Typo fix
-
aligned classes with standards, commented out Signature work for now, added first tests for Services
Signed-off-by: Paul Horton <phorton@sonatype.com>
- addressed standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- 1.2.0
Automatically generated by python-semantic-release
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
feat:
bom-ref
for Component and Vulnerability default to a UUID (#142) -
feat:
bom-ref
for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: updated documentation to reflect change
Signed-off-by: Paul Horton <phorton@sonatype.com>
- patched other tests to support UUID for bom-ref
Signed-off-by: Paul Horton <phorton@sonatype.com>
- better syntax
Signed-off-by: Paul Horton <phorton@sonatype.com>
- 1.3.0
Automatically generated by python-semantic-release
Signed-off-by: Paul Horton <phorton@sonatype.com>
- WIP but a lil hand up for @madpah
Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Paul Horton <phorton@sonatype.com>
- chore: added missing license header
Signed-off-by: Paul Horton <phorton@sonatype.com>
- aligned classes with standards, commented out Signature work for now, added first tests for Services
Signed-off-by: Paul Horton <phorton@sonatype.com>
- removed signature from this branch
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
Add Services to BOM
-
Typo fix
-
addressed standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- resolved typing issues from merge
Signed-off-by: Paul Horton <phorton@sonatype.com>
- added a bunch more tests for JSON output
Signed-off-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: github-actions <action@github.com> (b45ff18
)
-
feat:
bom-ref
for Component and Vulnerability default to a UUID (#142) -
feat:
bom-ref
for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: updated documentation to reflect change
Signed-off-by: Paul Horton <phorton@sonatype.com>
- patched other tests to support UUID for bom-ref
Signed-off-by: Paul Horton <phorton@sonatype.com>
- better syntax
Signed-off-by: Paul Horton <phorton@sonatype.com> (3953bb6
)
- 1.3.0
Automatically generated by python-semantic-release (4178181
)
-
feat: add CPE to component (#138)
-
Added CPE to component
Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component.
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixing problems with CPE addition
- Fixed styling errors
- Added reference to CPE Spec
- Adding CPE parameter as last parameter to not break arguments
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Again fixes for Style and CPE reference
Missing in the last commit
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Added CPE as argument before deprecated arguments
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Added testing for CPE addition and error fixing
- Added output tests for CPE in XML and JSON
- Fixes style error in components
- Fixes order for CPE output in XML (CPE has to come before PURL)
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed output tests
CPE was still in the wrong position in one of the tests - fixed
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed minor test fixtures issues
- cpe was still in wrong position in 1.2 JSON
- Indentation fixed in 1.4 JSON
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed missing comma in JSON 1.2 test file
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> (269ee15
)
- 1.2.0
Automatically generated by python-semantic-release (97c215c
)
- fix: bump dependencies (#136)
Signed-off-by: Paul Horton <phorton@sonatype.com> (18ec498
)
- 1.1.1
Automatically generated by python-semantic-release (dec63de
)
-
feat: add support for
bom.metadata.component
(#118) -
Add support for metadata component
Part of #6
Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com>
- Better docs and simpler ifs
Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> (1ac31f4
)
- 1.1.0
Automatically generated by python-semantic-release (d4007bd
)
- chore: attempt to produce manual GitHub action to release a RC version
Signed-off-by: Paul Horton <phorton@sonatype.com> (3058afc
)
- chore: attempt to produce manual GitHub action to release a RC version
Signed-off-by: Paul Horton <phorton@sonatype.com> (6799e63
)
- chore: disable poetry-cache in gh-workflow (#112)
closes #91
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (42f7952
)
- chore: removed pdoc3 from main dev dependencies as now covered in docs/requirements.txt
Signed-off-by: Paul Horton <phorton@sonatype.com> (89d8382
)
- chore: isolate dependencies for building documentation (#107)
Signed-off-by: Paul Horton <phorton@sonatype.com> (f2403f6
)
-
chore: bump
flake8
to v4 and addautopep8
(#93) -
chore: bump
flake8
to v4 and addautopep8
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- chore: make pep8 known in the contrib docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6553dbf
)
- chore: poetry(deps-dev): bump mypy from 0.910 to 0.920 (#103)
Bumps mypy from 0.910 to 0.920.
updated-dependencies:
- dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fdd20ca
)
-
Manually generated release (
3509fb6
) -
Support for CycloneDX schema version 1.4 (#108)
BREAKING CHANGE: Support for CycloneDX 1.4. This includes:
- Support for
tools
havingexternalReferences
- Allowing
version
for aComponent
to be optional in 1.4 - Support for
releaseNotes
perComponent
- Support for the core schema implementation of Vulnerabilities (VEX)
Other changes included in this PR:
- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
- Fixes to ensure schema is adhered to in 1.0
- URI's are now used throughout the library through a new
XsUri
class to provide URI validation - Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
$schema
is now included in JSON BOMs- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
- Added reference to release of this library on Anaconda
Signed-off-by: Paul Horton <phorton@sonatype.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7fb6da9
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
d26970b
) -
Update CONTRIBUTING.md (
4448d9b
)
- fix: removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98)
Signed-off-by: Paul Horton <phorton@sonatype.com> (3677d9f
)
- 0.12.3
Automatically generated by python-semantic-release (cfc9d38
)
- fix: tightened dependency
packageurl-python
(#95)
fixes #94
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (eb4ae5c
)
- 0.12.2
Automatically generated by python-semantic-release (54b9f74
)
- chore: reordered deps & updated poetry lock
Merge pull request #90 from CycloneDX/update-poetry-lock (d8c7ee2
)
- chore: updated poetry lock
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (91b97be
)
- fix: further loosened dependency definitions
see #44
updated some locked dependencies to latest versions
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bef6ec
)
- 0.12.1
Automatically generated by python-semantic-release (43fc36e
)
-
ci: update to run tox for both our favoured versions of dependencies and lowest supported versions
-
add tox env for minimal required dependencies
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- try to fix
TypedDict
typing
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fix: typing definitions to be PY 3.6 compatible
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fix: typing definitions to be PY 3.6 compatible
Signed-off-by: Paul Horton <phorton@sonatype.com>
- straigtened up
sys.version_info
constraints/code-branches
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- removed unused type ignores
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- try to fix type variants
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- try to fix type variants
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- typing for py3.6
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fixed invalid unittest
Signed-off-by: Paul Horton <phorton@sonatype.com>
- typing for py3.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- mypy silence
warn_unused_ignores
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- mypy in tox for lowest version is pinned
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Paul Horton <phorton@sonatype.com> (07ebedc
)
-
feat: loosed dependency versions to make this library more consumable
-
feat: lowering minimum dependency versions
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement
Signed-off-by: Paul Horton <phorton@sonatype.com> (55f10fb
)
- 0.12.0
Automatically generated by python-semantic-release (1a907ea
)
- Merge pull request #88 from CycloneDX/contributing-file
initial CONTRIBUTING file (20035bb
)
- initial CONTRIBUTING file
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6ffe14d
)
- CHORE: poetry(deps): bump filelock from 3.3.2 to 3.4.0
poetry(deps): bump filelock from 3.3.2 to 3.4.0 (e144aa2
)
- CHORE: poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4
poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 (5fcdcb7
)
- poetry(deps): bump filelock from 3.3.2 to 3.4.0
Bumps filelock from 3.3.2 to 3.4.0.
updated-dependencies:
- dependency-name: filelock dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (8d4520e
)
- CHORE: poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29
poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 (fc6e3ac
)
- poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4
Bumps types-setuptools from 57.4.2 to 57.4.4.
updated-dependencies:
- dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (00dcbb8
)
- CHORE: poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2
poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 (28f9676
)
- poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29
Bumps flake8-bugbear from 21.9.2 to 21.11.29.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (1eec2e8
)
- CHORE: poetry(deps-dev): bump coverage from 6.1.2 to 6.2
poetry(deps-dev): bump coverage from 6.1.2 to 6.2 (bdd9365
)
- CHORE: poetry(deps): bump mako from 1.1.5 to 1.1.6
poetry(deps): bump mako from 1.1.5 to 1.1.6 (33d3ecc
)
- poetry(deps-dev): bump coverage from 6.1.2 to 6.2
Bumps coverage from 6.1.2 to 6.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (be1af9b
)
-
DOCS: fix README shields & links (
43b1121
) -
doc: readme maintenance - shields & links (#72)
-
README: restructure links
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: add lan to fenced code blocks
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: fix some formatting
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: modernized shields
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: harmonize links
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: add language to code fences
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: markdown fixes
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: removed py version shield
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d0ea2f
)
- poetry(deps): bump mako from 1.1.5 to 1.1.6
Bumps mako from 1.1.5 to 1.1.6.
updated-dependencies:
- dependency-name: mako dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (3344b86
)
- Merge pull request #47 from CycloneDX/dependabot/pip/filelock-3.3.2
poetry(deps): bump filelock from 3.3.1 to 3.3.2 (3f967b3
)
-
FIX: update Conda package parsing to handle
build
containing underscore (#66) -
fix: update conda package parsing to handle
build
containing underscore
Signed-off-by: Paul Horton <phorton@sonatype.com>
- updated some typings
Signed-off-by: Paul Horton <phorton@sonatype.com> (2c6020a
)
- poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2
Bumps importlib-metadata from 4.8.1 to 4.8.2.
updated-dependencies:
- dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (003f6b4
)
- poetry(deps): bump filelock from 3.3.1 to 3.3.2
Bumps filelock from 3.3.1 to 3.3.2.
updated-dependencies:
- dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (55022b7
)
- Merge pull request #45 from CycloneDX/dependabot/pip/importlib-resources-5.4.0
poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 (b8acf9f
)
- Merge pull request #70 from CycloneDX/dependabot/pip/pyparsing-3.0.6
poetry(deps): bump pyparsing from 3.0.5 to 3.0.6 (faa8628
)
- Merge pull request #69 from CycloneDX/dependabot/pip/coverage-6.1.2
poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2 (eba56dc
)
- poetry(deps): bump pyparsing from 3.0.5 to 3.0.6
Bumps pyparsing from 3.0.5 to 3.0.6.
updated-dependencies:
- dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (4f2b2d8
)
- poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2
Bumps coverage from 6.1.1 to 6.1.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (1d0f5ea
)
- fix: constructor for
Vulnerability
to correctly defineratings
as optional
Signed-off-by: William Woodruff <william@trailofbits.com> (395a0ec
)
- 0.11.1
Automatically generated by python-semantic-release (a80f87a
)
-
FEAT: Support Python 3.10 (#64)
-
fix: tested with Python 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com>
- added trove classifier for Python 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: python-poetry/poetry#4210)
Signed-off-by: Paul Horton <phorton@sonatype.com> (385b835
)
- poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0
Bumps importlib-resources from 5.3.0 to 5.4.0.
updated-dependencies:
- dependency-name: importlib-resources dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (a1dd775
)
-
feat: Typing & PEP 561
-
adde file for type checkers according to PEP 561
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added static code analysis as a dev-test
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added the "typed" trove
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added
flake8-annotations
to the tests
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added type hints
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- further typing updates
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing additions and test updates
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing - added type stubs for toml and setuptools
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing
Signed-off-by: Paul Horton <phorton@sonatype.com>
- typing work
Signed-off-by: Paul Horton <phorton@sonatype.com>
- coding standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fixed tox and mypy running in correct python version
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- supressed mypy for
cyclonedx.utils.conda.parse_conda_json_to_conda_package
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fixed type hints
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fixed some typing related flaws
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added flake8-bugbear for code analysis
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Paul Horton <phorton@sonatype.com> (9144765
)
- 0.11.0
Automatically generated by python-semantic-release (7262783
)
- Merge pull request #41 from jkowalleck/improv-abstract
fixed some abstract definitions (f34e2c2
)
- Merge pull request #42 from jkowalleck/improv-pipenv
slacked pipenv parser (08bc4ab
)
- Merge pull request #43 from jkowalleck/improv-conda-typehints
fixed typehints/docs in _BaseCondaParser
(931016d
)
- Merge pull request #54 from jkowalleck/create-CODEOWNERS
created CODEOWNERS (7f28bef
)
- Merge pull request #56 from CycloneDX/dependabot/pip/py-1.11.0
poetry(deps): bump py from 1.10.0 to 1.11.0 (f1cda3c
)
- Merge pull request #58 from CycloneDX/dependabot/pip/pyparsing-3.0.5
poetry(deps): bump pyparsing from 2.4.7 to 3.0.5 (0525439
)
- Merge pull request #19 from CycloneDX/dependabot/pip/zipp-3.6.0
poetry(deps): bump zipp from 3.5.0 to 3.6.0 (c54c968
)
- poetry(deps): bump py from 1.10.0 to 1.11.0
Bumps py from 1.10.0 to 1.11.0.
updated-dependencies:
- dependency-name: py dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (330711f
)
- Merge pull request #57 from CycloneDX/dependabot/pip/coverage-6.1.1
poetry(deps-dev): bump coverage from 5.5 to 6.1.1 (fa55e5c
)
- poetry(deps): bump pyparsing from 2.4.7 to 3.0.5
Bumps pyparsing from 2.4.7 to 3.0.5.
updated-dependencies:
- dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <support@github.com> (3bedaff
)
- Merge pull request #55 from CycloneDX/dependabot/pip/virtualenv-20.10.0
poetry(deps): bump virtualenv from 20.8.1 to 20.10.0 (4c3df85
)
-
CI/CT runs on main & master branch (
2d0df7b
) -
poetry(deps-dev): bump coverage from 5.5 to 6.1.1
Bumps coverage from 5.5 to 6.1.1.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <support@github.com> (e322d74
)
- poetry(deps): bump virtualenv from 20.8.1 to 20.10.0
Bumps virtualenv from 20.8.1 to 20.10.0.
updated-dependencies:
- dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (3927cdc
)
- created CODEOWNERS
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e8e499c
)
- fixed typehints/docs in
_BaseCondaParser
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (af6ddfd
)
- slacked pipenv parser
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a3572ba
)
- fixed some abstract definitions
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e67998
)
- fix: correct way to write utf-8 encoded files
Signed-off-by: Paul Horton <phorton@sonatype.com> (49f9369
)
- 0.10.2
Automatically generated by python-semantic-release (79538e9
)
- ci: disable git automatic line ending conversions
Signed-off-by: Paul Horton <phorton@sonatype.com> (350c097
)
- ci: update to run on OSX and Windows
Signed-off-by: Paul Horton <phorton@sonatype.com> (6588c4c
)
- fix: ensure output to file is UTF-8
Signed-off-by: Paul Horton <phorton@sonatype.com> (a10da20
)
- fix: ensure output to file is UTF-8
Signed-off-by: Paul Horton <phorton@sonatype.com> (193bf64
)
- 0.10.1
Automatically generated by python-semantic-release (e6451a3
)
- Merge pull request #40 from CycloneDX/fix/issue-39-windows-UnicodeEncodeError
FIX: Resolve file encoding issues on Windows (48329e0
)
- remove memoryview from sha1 file hashing
Signed-off-by: Paul Horton <phorton@sonatype.com> (a56be0f
)
- added debug to CI to aid understanding of miss matching SHA1 hashes on Windows
Signed-off-by: Paul Horton <phorton@sonatype.com> (10c6b51
)
- feat: add support for Conda
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd29c78
)
- 0.10.0
Automatically generated by python-semantic-release (eea3598
)
- Merge pull request #38 from CycloneDX/feat/conda-support
feat: add support for Conda (ee5d36d
)
- add support pre Python 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (2d01116
)
- doc: updated documentation with Conda support (and missed updates for externalReferences)
Signed-off-by: Paul Horton <phorton@sonatype.com> (57e9dc7
)
- fix: missing check for Classifiers in Environment Parser
Signed-off-by: Paul Horton <phorton@sonatype.com> (b7fa38e
)
- 0.9.1
Automatically generated by python-semantic-release (f132c92
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
51a1e50
)
- feat: add support for parsing package licenses when using the
Environment
Parsers
Signed-off-by: Paul Horton <phorton@sonatype.com> (c414eaf
)
- 0.9.0
Automatically generated by python-semantic-release (ad65564
)
- Merge pull request #36 from CycloneDX/feat/add-license-support
Add support for parsing package licenses from installed packages (d45f75b
)
- fix: coding standards violations
Signed-off-by: Paul Horton <phorton@sonatype.com> (00cd1ca
)
- fix: handle
Pipfile.lock
dependencies without anindex
specified fix: multiple fixes in variable scoping to prevent accidental data sharing
Signed-off-by: Paul Horton <phorton@sonatype.com> (26c62fb
)
- 0.8.3
Automatically generated by python-semantic-release (91f9a8b
)
- Merge pull request #34 from CycloneDX/fix/issue-33-pipfile-lock-parse-failure
BUG: Fixe for Pipfile.lock
parsing + accidental data sharing issues identified during testing (4079323
)
- fix: add namespace and subpath support to Component to complete PackageURL Spec support
Signed-off-by: Paul Horton <phorton@sonatype.com> (780adeb
)
- 0.8.2
Automatically generated by python-semantic-release (298318f
)
- Merge pull request #32 from CycloneDX/feat/full-packageurl-support
Add namespace
and subpath
support to Component
(bb3af91
)
- fix: multiple hashes being created for an externalRefernce which is not as required
Signed-off-by: Paul Horton <phorton@sonatype.com> (970d192
)
- 0.8.1
Automatically generated by python-semantic-release (70689a2
)
- feat: add support for
externalReferneces
forComponents
and associated enhancements to parsers to obtain information where possible/known
Signed-off-by: Paul Horton <phorton@sonatype.com> (a152852
)
- 0.8.0
Automatically generated by python-semantic-release (7a49f9d
)
- Merge pull request #29 from CycloneDX/feat/component-external-references
FEATURE: Add support for externalReferences
against Component
s (bdee0ea
)
- doc: notable improvements to API documentation generation (added search, branding, a little styling)
Signed-off-by: Paul Horton <phorton@sonatype.com> (e7a5b5a
)
- feat: support for pipenv.lock file parsing
Signed-off-by: Paul Horton <phorton@sonatype.com> (68a2dff
)
- 0.7.0
Automatically generated by python-semantic-release (827bd1c
)
- Merge pull request #27 from CycloneDX/feat/add-pipenv-support
FEATURE: Add Pipfile.lock
(pipenv) support (2c42e2a
)
- doc: updated README.md to include Pipfile.lock parsing
Signed-off-by: Paul Horton <phorton@sonatype.com> (2c66834
)
- fix: added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances
Signed-off-by: Paul Horton <phorton@sonatype.com> (e03a25c
)
- 0.6.2
Automatically generated by python-semantic-release (e68fbc2
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
2bf2711
)
- ci: update to deploy to pypi.org upon PR merge
Signed-off-by: Paul Horton <phorton@sonatype.com> (04e86b5
)
- fix: better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance
Signed-off-by: Paul Horton <phorton@sonatype.com> (5fee85f
)
- 0.6.1
Automatically generated by python-semantic-release (c530460
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
eb3a46b
)
- feat: helper method for representing a File as a Component taking into account versioning for files as per CycloneDX/cyclonedx.org#34
Signed-off-by: Paul Horton <phorton@sonatype.com> (7e0fb3c
)
- feat: support for non-PyPi Components - PackageURL type is now definable when creating a Component
Signed-off-by: Paul Horton <phorton@sonatype.com> (fde79e0
)
- 0.6.0
Automatically generated by python-semantic-release (907cd2d
)
- Merge pull request #25 from CycloneDX/feat/additions-to-enable-integration-into-checkov
Support for representing File as Component (63a86b0
)
- build: updated dependencies, moved pdoc3 to a dev dependency
Signed-off-by: Paul Horton <phorton@sonatype.com> (6a9947d
)
- feat: add support for tool(s) that generated the SBOM
Signed-off-by: Paul Horton <phorton@sonatype.com> (7d1e6ef
)
- fix: bumped a dependency version
Signed-off-by: Paul Horton <phorton@sonatype.com> (efc1053
)
- 0.5.0
Automatically generated by python-semantic-release (a655d29
)
- Merge pull request #20 from CycloneDX/feat/additional-metadata
feat: add support for tool(s) that generated the SBOM (b33cbf4
)
- fix for Pytho< 3.8 support in tests
Signed-off-by: Paul Horton <phorton@sonatype.com> (c9b6019
)
- ensure support for Python < 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (53a82cf
)
- ensure support for Python < 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (2a9e56a
)
- doc: added documentation
Signed-off-by: Paul Horton <phorton@sonatype.com> (cf13c68
)
- poetry(deps): bump zipp from 3.5.0 to 3.6.0
Bumps zipp from 3.5.0 to 3.6.0.
updated-dependencies:
- dependency-name: zipp dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (30f2547
)
- doc: bumped gh-action for publishing docs
Signed-off-by: Paul Horton <phorton@sonatype.com> (ac70eee
)
- doc: added documentation to model/bom
Signed-off-by: Paul Horton <phorton@sonatype.com> (fe98ada
)
- doc: formatting
Signed-off-by: Paul Horton <phorton@sonatype.com> (1ad7fb1
)
- doc: added missing docstrings to allow documentation to generate
Signed-off-by: Paul Horton <phorton@sonatype.com> (ed743d9
)
- Merge pull request #10 from coderpatros/docs
Add initial doc generation and publishing (7873ad9
)
- build: dependencies updated
Signed-off-by: Paul Horton <phorton@sonatype.com> (0411826
)
- fix: improved handling for
requirements.txt
content without pinned or declared versions
Signed-off-by: Paul Horton <phorton@sonatype.com> (7f318cb
)
- test: additional tests around issue #8 which confirm level of support currently
Signed-off-by: Paul Horton <phorton@sonatype.com> (bc54bed
)
- test: additional tests added to validate comments in requirements.txt and that hashes within requirements.txt are not currently supported
Signed-off-by: Paul Horton <phorton@sonatype.com> (3a27d54
)
- 0.4.1
Automatically generated by python-semantic-release (d5b7a2f
)
- Merge pull request #15 from CycloneDX/fix/issue-14-requirements-unpinned-versions
fix: improved handling for requirements.txt
content without pinned … (f248015
)
- Add initial doc generation and publishing
Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org> (cd1b558
)
- feat: support for localising vectors (i.e. stripping out any scheme prefix)
Signed-off-by: Paul Horton <phorton@sonatype.com> (b9e9e17
)
- feat: helper methods for deriving Severity and SourceType
Signed-off-by: Paul Horton <phorton@sonatype.com> (6a86ec2
)
- fix: removed print call
Signed-off-by: Paul Horton <phorton@sonatype.com> (8806553
)
- fix: relaxed typing of parameter to be compatible with Python < 3.9
Signed-off-by: Paul Horton <phorton@sonatype.com> (f9c7990
)
- fix: removed print call
Signed-off-by: Paul Horton <phorton@sonatype.com> (d272d2e
)
- fix: remove unused commented out code
Signed-off-by: Paul Horton <phorton@sonatype.com> (ba4f285
)
- 0.4.0
Automatically generated by python-semantic-release (f441413
)
- feat: adding support for extension schema that descriptions vulnerability disclosures
Signed-off-by: Paul Horton <phorton@sonatype.com> (d496695
)
- refactor: moved Vulnerabilities to be nested inside the Component
Signed-off-by: Paul Horton <phorton@sonatype.com> (8b4034d
)
- test: added test to confirm no Vulnerabilities are output for Schema Version 1.0 (not supported by schema)
Signed-off-by: Paul Horton <phorton@sonatype.com> (d5aabcf
)
- 0.3.0
Automatically generated by python-semantic-release (a5c3dab
)
- Merge pull request #5 from CycloneDX/feat/support-schema-extension-vulnerability-1.0
FEATURE: add support for Vulnerability Disclosures (6914272
)
- doc: updated README to explain support for Vulnerability Disclosures
Signed-off-by: Paul Horton <phorton@sonatype.com> (f477bf0
)
- feat: added helper method to return a PackageURL object representing a Component
Signed-off-by: Paul Horton <phorton@sonatype.com> (367bef1
)
- fix: whitespace on empty line removed
Signed-off-by: Paul Horton <phorton@sonatype.com> (cfc952e
)
- 0.2.0
Automatically generated by python-semantic-release (866eda7
)
- Merge pull request #4 from CycloneDX/feat/component-as-packageurl
fix: whitespace on empty line removed (ddc37f3
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
6142d2e
)
- feat: add poetry support
Signed-off-by: Paul Horton <phorton@sonatype.com> (f3ac42f
)
- 0.1.0
Automatically generated by python-semantic-release (0da668f
)
- Merge pull request #3 from CycloneDX/feat/poetry-lock-support
FEATURE: Adde poetry.lock parser support (37ba7c6
)
- feat(parser) - added support for parsing dependencies from poetry.lock files.
Signed-off-by: Paul Horton <phorton@sonatype.com> (15bc553
)
- fix(parser) parsers were able to share state unexpectedly
Signed-off-by: Paul Horton <phorton@sonatype.com> (dc59914
)
- fix(test): test was not updated for revised author statement
Signed-off-by: Paul Horton <phorton@sonatype.com> (d1c9d37
)
- fix(build): test failure and dependency missing
Fixed failing tests due to dependency on now removed VERSION file Added flake8 officially as a DEV dependency to poetry
Signed-off-by: Paul Horton <phorton@sonatype.com> (9a2cfe9
)
- fix(build): removed artefacts associtated with non-poetry build
Tidied up project to remove items associated with non-Poetry build process. Also aligned a few references in README to new home of this project under CycloneDX.
Signed-off-by: Paul Horton <phorton@sonatype.com> (f9119d4
)
- 0.0.11
Automatically generated by python-semantic-release (1c0aa71
)
- Merge pull request #2 from CycloneDX/fix/tidy-up-build-remove-pip
fix(build): removed artefacts associated with non-poetry build (b7de7b3
)
- fix: add in pypi badge (
6098c36
)
- 0.0.10
Automatically generated by python-semantic-release (245d809
)
- fix: additional info to poetry, remove circleci (
2fcfa5a
)
- 0.0.9
Automatically generated by python-semantic-release (e4a90cf
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
69aaba5
)
- fix: initial release to pypi, tell poetry to include cyclonedx package (
a030177
)
- 0.0.8
Automatically generated by python-semantic-release (fc3f24c
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
da2d18c
)
- fix: release with full name (
4c620ed
)
- 0.0.7
Automatically generated by python-semantic-release (19943e8
)
- fix: initial release to pypi (
99687db
)
- 0.0.6
Automatically generated by python-semantic-release (98ad249
)
- Switch to using action (
cce468a
)
- 0.0.5
Automatically generated by python-semantic-release (9bf4b9a
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
eeec0bb
) -
Try this on for size (
aa93310
)
- 0.0.4
Automatically generated by python-semantic-release (b16d6c5
)
- Use python3 to install (
4c810e1
)
- 0.0.3
Automatically generated by python-semantic-release (05306ee
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
f1d120c
) -
Bump up version of poetry (
89db268
)
- 0.0.2
Automatically generated by python-semantic-release (e15dec6
)
-
Remove check for push (
71b1270
) -
Manual deploy workflow (
9b4ac33
) -
License headers, OWASP etc... (
559b8d2
) -
Fixed unit tests pinned to a VERISON. (
5d907d5
) -
Bump to version 0.0.2 (
1050839
) -
Implemented writing SBOM to a file. (
74f4153
) -
Updated badge in README to include Python 3.6+ support. (
0a5903c
) -
Removed print() statement accidentally left in. (
22965a7
) -
Merge pull request #1 from sonatype-nexus-community/features/initial-port-of-v1.1-generation-from-jake
Initial port of library code to new library (2f2634b
)
-
Added license headers to all source files. Added classifiers for Python version to setup.py. (
bb6bb24
) -
Renamed model file to not reference CycloneDX as the models are agnostic on purpose. (
03d03ed
) -
Forgot to add updated poetry.lock file relfecting Python 3.6+ support (
5d3d491
) -
Updated project to state support from Python v3.6+ (
619ee1d
) -
Adding Python 3.6 support for test & CI. (
daa12ba
) -
Fixing CircleCI config. (
a446f4c
) -
Fixes to GitHub actions. (
d2aa277
) -
Disabled Py3.6 checks and added flake8. (
8c01da3
) -
Attempt to fix CI's for multiple Python environments. (
affb6b2
) -
Added support for Python versions 3.7+ (
ae24ba9
) -
Added missing ENV var for GH actions. (
c750ec6
) -
Missed wrapping a coverage command with poetry. (
3c74c82
) -
Added poetry virtualenv caching + wrapped tox and coverage with poetry to ensure they run in the poetry venv. (
780e3df
) -
Fixed typo in Github action. (
3953675
) -
Correction: Supported Python version in setup.py (
2f4917b
) -
Updated poetry dependencies and configuration. (
75041e5
) -
Initial draft GitHub actions being added. (
e2403e8
) -
Added Poetry supprot. (
e9a67f8
) -
Addressing issues reported by flake8. (
3ad394c
) -
Refactored output classes to use multiple inheritance allowing a single place to define which schema version support various attributes and elements. (
95c5b38
) -
Updated README to reflect support for author. (
bff5954
) -
Skeleton support for 'author' + v1.1 and v1.0 for JSON added (along with tests). (
e987f35
) -
Corrected typo in README (
0d2c355
) -
Updated README to include a summary of the support this library provides across the different schema versions. (
34f421f
) -
Initial support for V1.0 and V1.1 in XML output format. (
37f6b00
) -
Added 'serialNumber' to SBOMs (JSON and XML). (
50e3c75
) -
Added a bunch more content to the README to explain how the library can be used. (
bb41dc6
) -
Added metadata initial support to JSON output format. (
8c5590f
) -
Addition of simple 'metadata' element for XML SBOM's. (
f9e9773
) -
Added initial JSON outputter and associated tests. (
3e1f5ec
) -
Fix to generate HTML coverage reports and stash in CircleCI builds. (
dd88603
) -
Added HTML coverage report. (
ce700e5
) -
Missed coverage as a dependency for testing. (
01643d6
) -
Added coverage reporting for tests (
c34b1a6
) -
Added first tests for XML SBOM generation (v1.3 and v1.2). (
cb4337a
) -
WIP: Starting to generate XML output for BOMs (
35bdfca
) -
Updated CircleCI config to run tox. Fixed fomratting in tests. (
9a56230
) -
Rebasing from main. (
822ab8b
) -
Initial skeleton tests for output genereation. (
a614f3e
) -
pretty badge (
60e975c
) -
initial CI for discussion (
7e88cd5
) -
Added a little more information to the README. (
460c624
) -
Fixed issue reported by Flake8. Ensuring tests run on PY 3.9. (
cce130f
) -
Basic structure without any output generation available (very basic Component definition). (
6ac5dc2
) -
Added tox config with flake8 and py3.9 support. (
1def201
) -
Initially added skeleton packaging structure and official CycloneDX schemas. (
ac519c9
) -
Added inital blank README prior to branching for initial work. (
b175f6a
) -
Added inital blank README prior to branching for initial work. (
e8b5d48
) -
Initial commit (
62353b0
)