From 60361f781a1b356f24a553e133e0f58a2ad37a7d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 2 Jun 2024 19:03:12 +0200 Subject: [PATCH] docs: exclude dep bumps from changelog (#627) fixes #616 --------- Signed-off-by: Jan Kowalleck --- CHANGELOG.md | 5478 ++++++++++-------------------------------------- pyproject.toml | 4 +- 2 files changed, 1160 insertions(+), 4322 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb9a30d9..45d5ded2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,729 +1,8 @@ # CHANGELOG - ## v7.4.0 (2024-05-23) -### Chore - -* chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 (#620) - -Updates the requirements on [xmldiff](https://github.com/Shoobx/xmldiff) -to permit the latest version. -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst">xmldiff's -changelog</a>.</em></p> -<blockquote> -<h2>2.7.0 (2024-05-13)</h2> -<ul> -<li> -<p>Changed the comparison to make accurate and standard more accurate, -although fast gets less accurate as a result.</p> -</li> -<li> -<p>Changed usage of deprecated <code>pkg_resources</code> package to -<code>importlib.metadata</code>.</p> -</li> -<li> -<p>A <code>use_replace</code> flag was added to the -<code>XMLFormatter</code> by Thomas Pfitzinger. -It changes text replacement from delete and insert tags to a replace -tag. -It's not currently accessaible thtough the CLI, the question is it is -better -to add a new formatter name, or an option to pass in formatter -flags.</p> -<ul> -<li>Added option to XMLFormatter to use replace tags</li> -<li>in _make_diff_tags after diffing, neighboring delete/insert diffs -are joined to a replace tag</li> -<li>the deleted text is added as an attribute -(&quot;old-text&quot;)</li> -<li>the inserted text is the element's text</li> -</ul> -</li> -</ul> -<h2>2.6.3 (2023-05-21)</h2> -<ul> -<li>And there was a namespace bug in the patch as well. <a -href="https://redirect.github.com/Shoobx/xmldiff/issues/118">#118</a></li> -</ul> -<h2>2.6.2 (2023-05-21)</h2> -<ul> -<li>Solved an error in the xmlformatter when using default namespaces. -<a -href="https://redirect.github.com/Shoobx/xmldiff/issues/89">#89</a></li> -</ul> -<h2>2.6.1 (2023-04-05)</h2> -<ul> -<li><a -href="https://redirect.github.com/Shoobx/xmldiff/issues/108">#108</a>: -Fixed an error that happens if using namespaces like ns0 or ns1.</li> -</ul> -<h2>2.6 (2023-04-03)</h2> -<ul> -<li>Added <code>InsertNamespace</code> and <code>DeleteNamespace</code> -actions for better handling -of changing namespaces. Should improve any &quot;Unknown namespace -prefix&quot; -errors. Changing the URI of a a namespace prefix is not supported, and -will -raise an error.</li> -</ul> -<h2>2.6b1 (2023-01-12)</h2> -<ul> -<li> -<p>Used geometric mean for the node_ratio, for better handling of simple -nodes.</p> -</li> -<li> -<p>Added an experimental --best-match method that is slower, but -generate</p> -</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li>See full diff in <a -href="https://github.com/Shoobx/xmldiff/commits">compare view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c3e17cf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c3e17cfe9e4b7389a5be7768d201ad51932f7934)) - -* chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 (#619) - -Updates the requirements on -[pep8-naming](https://github.com/PyCQA/pep8-naming) to permit the latest -version. -<details> -<summary>Release notes</summary> -<p><em>Sourced from <a -href="https://github.com/PyCQA/pep8-naming/releases">pep8-naming's -releases</a>.</em></p> -<blockquote> -<h2>0.14.1</h2> -<ul> -<li>Require Python 3.8 or later.</li> -</ul> -</blockquote> -</details> -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/PyCQA/pep8-naming/blob/main/CHANGELOG.rst">pep8-naming's -changelog</a>.</em></p> -<blockquote> -<h2>0.14.1 - 2024-05-17</h2> -<ul> -<li>Require Python 3.8 or later.</li> -</ul> -<h2>0.14.0 - 2024-05-16</h2> -<ul> -<li>Drop support for Python 3.7.</li> -<li>Add support for Python 3.12.</li> -<li>Ignore methods decorated by <code>@typing.override</code>.</li> -<li>Perform case-sensitive <code>ignore-names</code> globbing on all -platforms.</li> -</ul> -<h2>0.13.3 - 2022-12-19</h2> -<ul> -<li>Formally require flake8 5.0.0 or later.</li> -<li>Add support for Python 3.11.</li> -</ul> -<h2>0.13.2 - 2022-08-19</h2> -<ul> -<li>Formally require Python 3.7 or later using -<code>python_requires</code>.</li> -</ul> -<h2>0.13.1 - 2022-07-15</h2> -<ul> -<li>Fix warnings related to deprecated options syntax.</li> -</ul> -<h2>0.13.0 - 2022-06-22</h2> -<ul> -<li> -<p>Python 3.7 or later is now required.</p> -</li> -<li> -<p><code>setUpModule</code> and <code>tearDownModule</code> are now -exempted by default.</p> -</li> -</ul> -<h2>0.12.1 - 2021-08-06</h2> -<ul> -<li>Fix potential stack exhaustion in the N818 check.</li> -</ul> -<h2>0.12.0 - 2021-07-06</h2> -<ul> -<li> -<p>flake8 3.9.1 or later is now required.</p> -</li> -<li> -<p>N818 checks exception class names for an &quot;Error&quot; suffix -(disabled by default).</p> -</li> -<li> -<p><code>asyncSetUp</code> and <code>asyncTearDown</code> are now -exempted by default.</p> -</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/f0edf20bd88cbd0950240ebeeea4fe6f4d90a094"><code>f0edf20</code></a> -Prepare the 0.14.1 release</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/b652e8f72b1352d4915a69e1d45a308da05e8dba"><code>b652e8f</code></a> -Merge pull request <a -href="https://redirect.github.com/PyCQA/pep8-naming/issues/231">#231</a> -from PyCQA/sigmavirus24-patch-1</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/a960999da40e598c0bd6b5de099fcad2f5c0d5ac"><code>a960999</code></a> -Fix python_version</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/94517379f5993e1f0f8e79c379ebcc66c9cdf753"><code>9451737</code></a> -Update setup.py</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/c0bcb7f7c80abcbc4f157226f43536da672dcf6d"><code>c0bcb7f</code></a> -Prepare the 0.14.0 release</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/975beede1be69afa9c39622825d80fb5827a6570"><code>975beed</code></a> -Refactor FunctionArgNamesCheck (N803,N804,N805)</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/01df3f37b933c71a986a31865b9339bf4b69714a"><code>01df3f3</code></a> -Pass 'parents' as a parameter when walking the tree</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/de0963ca5b2d1e7ad8c0e6133ca6010262f82e4c"><code>de0963c</code></a> -Merge Python 3.8+ tests into main test modules</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/0ddfceaf2be9ccf39f9c0882011c0dd42d338280"><code>0ddfcea</code></a> -Remove Python 3.7 compatibility code</li> -<li><a -href="https://github.com/PyCQA/pep8-naming/commit/0e8f745949700a99c87e42846de13a01836f5a8b"><code>0e8f745</code></a> -Drop support for Python 3.7</li> -<li>Additional commits viewable in <a -href="https://github.com/PyCQA/pep8-naming/compare/0.13.3...0.14.1">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c036912`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c036912e4d4a15c8928094bed6ddf43cae65400c)) - -* chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 (#618) - -Updates the requirements on -[flake8-annotations](https://github.com/sco1/flake8-annotations) to -permit the latest version. -<details> -<summary>Release notes</summary> -<p><em>Sourced from <a -href="https://github.com/sco1/flake8-annotations/releases">flake8-annotations's -releases</a>.</em></p> -<blockquote> -<h2>Release v3.1.1</h2> -<h2>[v3.1.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/167">#167</a> -Add module-level support for the <code>--respect-type-ignore</code> -flag</li> -</ul> -</blockquote> -</details> -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/sco1/flake8-annotations/blob/main/CHANGELOG.md">flake8-annotations's -changelog</a>.</em></p> -<blockquote> -<h2>[v3.1.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/167">#167</a> -Add module-level support for the <code>--respect-type-ignore</code> -flag</li> -</ul> -<h2>[v3.1.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/164">#164</a> -Add <code>--respect-type-ignore</code> to support suppression of errors -for functions annotated with <code>type: ignore</code></li> -</ul> -<h2>[v3.0.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/155">#155</a> -Remove upper bound on Python constraint</li> -</ul> -<h2>[v3.0.0]</h2> -<h3>Added</h3> -<ul> -<li>Add <code>ANN402</code> for the presence of type comments</li> -</ul> -<h3>Changed</h3> -<ul> -<li>Python 3.8.1 is now the minimum supported version</li> -<li>Flake8 v5.0 is now the minimum supported version</li> -</ul> -<h3>Removed</h3> -<ul> -<li>Remove support for <a -href="https://www.python.org/dev/peps/pep-0484/#type-comments">PEP -484-style</a> type comments -<ul> -<li>See: <a -href="https://mail.python.org/archives/list/typing-sig@python.org/thread/66JDHQ2I3U3CPUIYA43W7SPEJLLPUETG/">https://mail.python.org/archives/list/typing-sig@python.org/thread/66JDHQ2I3U3CPUIYA43W7SPEJLLPUETG/</a></li> -<li>See: <a -href="https://redirect.github.com/python/mypy/issues/12947">python/mypy#12947</a></li> -</ul> -</li> -<li>Remove <code>ANN301</code></li> -</ul> -<h2>[v2.9.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/144">#144</a> -Unpin the version ceiling for <code>attrs</code>.</li> -</ul> -<h3>Fixed</h3> -<ul> -<li>(Internal) Fix unit tests for opinionated warning codes in -<code>flake8 &gt;= 5.0</code> (See: <a -href="https://redirect.github.com/pycqa/flake8/issues/284">pycqa/flake8#284</a>)</li> -</ul> -<h2>[v2.9.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/135">#135</a> -Add <code>--allow-star-arg-any</code> to support suppression of -<code>ANN401</code> for <code>*args</code> and -<code>**kwargs</code>.</li> -</ul> -<h2>[v2.8.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/131">#131</a> -Add the <code>ANN4xx</code> error level for opinionated warnings that -are disabled by default.</li> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/131">#131</a> -Add <code>ANN401</code> for use of <code>typing.Any</code> as an -argument annotation.</li> -</ul> -<h3>Changed</h3> -<ul> -<li>Python 3.7 is now the minimum supported version</li> -</ul> -<h2>[v2.7.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/122">#122</a> -Add support for Flake8 v4.x</li> -</ul> -<h3>Fixed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/117">#117</a> -Stop including <code>CHANGELOG.md</code> when building wheels.</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/d27be86996bb75bf0867eb24fe710cdb39ec5188"><code>d27be86</code></a> -Release v3.1.1</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/30976acb5519994266ee59e464162ac36c5bd0da"><code>30976ac</code></a> -Add test for linting empty source</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/3faf64747fba3b347a857ddf6d5c71372f676d4c"><code>3faf647</code></a> -Bump ver</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/62d013ee6e8c13b9fd085fcddb90ce6bf9f8a4ec"><code>62d013e</code></a> -Add support for module-level type ignore</li> -<li>See full diff in <a -href="https://github.com/sco1/flake8-annotations/compare/v3.1.0...v3.1.1">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9ee5a97`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9ee5a9799e04e9522278e4d17cb7e1a3e9972ecc)) - -* chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 (#615) - -Updates the requirements on -[flake8-annotations](https://github.com/sco1/flake8-annotations) to -permit the latest version. -<details> -<summary>Release notes</summary> -<p><em>Sourced from <a -href="https://github.com/sco1/flake8-annotations/releases">flake8-annotations's -releases</a>.</em></p> -<blockquote> -<h2>Release v3.1.0</h2> -<h2>[v3.1.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/164">#164</a> -Add <code>--respect-type-ignore</code> to support suppression of errors -for functions annotated with <code>type: ignore</code></li> -</ul> -</blockquote> -</details> -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/sco1/flake8-annotations/blob/main/CHANGELOG.md">flake8-annotations's -changelog</a>.</em></p> -<blockquote> -<h2>[v3.1.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/164">#164</a> -Add <code>--respect-type-ignore</code> to support suppression of errors -for functions annotated with <code>type: ignore</code></li> -</ul> -<h2>[v3.0.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/155">#155</a> -Remove upper bound on Python constraint</li> -</ul> -<h2>[v3.0.0]</h2> -<h3>Added</h3> -<ul> -<li>Add <code>ANN402</code> for the presence of type comments</li> -</ul> -<h3>Changed</h3> -<ul> -<li>Python 3.8.1 is now the minimum supported version</li> -<li>Flake8 v5.0 is now the minimum supported version</li> -</ul> -<h3>Removed</h3> -<ul> -<li>Remove support for <a -href="https://www.python.org/dev/peps/pep-0484/#type-comments">PEP -484-style</a> type comments -<ul> -<li>See: <a -href="https://mail.python.org/archives/list/typing-sig@python.org/thread/66JDHQ2I3U3CPUIYA43W7SPEJLLPUETG/">https://mail.python.org/archives/list/typing-sig@python.org/thread/66JDHQ2I3U3CPUIYA43W7SPEJLLPUETG/</a></li> -<li>See: <a -href="https://redirect.github.com/python/mypy/issues/12947">python/mypy#12947</a></li> -</ul> -</li> -<li>Remove <code>ANN301</code></li> -</ul> -<h2>[v2.9.1]</h2> -<h3>Changed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/144">#144</a> -Unpin the version ceiling for <code>attrs</code>.</li> -</ul> -<h3>Fixed</h3> -<ul> -<li>(Internal) Fix unit tests for opinionated warning codes in -<code>flake8 &gt;= 5.0</code> (See: <a -href="https://redirect.github.com/pycqa/flake8/issues/284">pycqa/flake8#284</a>)</li> -</ul> -<h2>[v2.9.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/135">#135</a> -Add <code>--allow-star-arg-any</code> to support suppression of -<code>ANN401</code> for <code>*args</code> and -<code>**kwargs</code>.</li> -</ul> -<h2>[v2.8.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/131">#131</a> -Add the <code>ANN4xx</code> error level for opinionated warnings that -are disabled by default.</li> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/131">#131</a> -Add <code>ANN401</code> for use of <code>typing.Any</code> as an -argument annotation.</li> -</ul> -<h3>Changed</h3> -<ul> -<li>Python 3.7 is now the minimum supported version</li> -</ul> -<h2>[v2.7.0]</h2> -<h3>Added</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/122">#122</a> -Add support for Flake8 v4.x</li> -</ul> -<h3>Fixed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/117">#117</a> -Stop including <code>CHANGELOG.md</code> when building wheels.</li> -</ul> -<h2>[v2.6.2]</h2> -<h3>Fixed</h3> -<ul> -<li><a -href="https://redirect.github.com/sco1/flake8-annotations/issues/107">#107</a>, -<a -href="https://redirect.github.com/sco1/flake8-annotations/issues/108">#108</a> -Change incorrect column index yielded for return annotation errors.</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/ec8b88b35613b5274148a87decf2dfbecec1df31"><code>ec8b88b</code></a> -Merge pull request <a -href="https://redirect.github.com/sco1/flake8-annotations/issues/165">#165</a> -from sco1/type-ignore-opt</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/e698866920a8afbad9f2511399688ce4954d9bfb"><code>e698866</code></a> -Bump ver</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/2ce2fa5b64d258e8ccbf3c4b26e8ab047713d504"><code>2ce2fa5</code></a> -Add <code>--respect-type-ignore</code> flag</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/ef0cfc0e4f4622c3072d1721fe74bbf00287e4c7"><code>ef0cfc0</code></a> -Bump black from 24.2.0 to 24.3.0 (<a -href="https://redirect.github.com/sco1/flake8-annotations/issues/163">#163</a>)</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/483cdd3ce0261cb290ce7235a16b5580e67c8a80"><code>483cdd3</code></a> -Swap some to Ruff</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/26b6ba5ca9517d16760196d9c8b2ab0859a070c8"><code>26b6ba5</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/sco1/flake8-annotations/issues/161">#161</a>)</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/897648efc24715fc5c762cf89352a4dfd5e4ee03"><code>897648e</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/sco1/flake8-annotations/issues/160">#160</a>)</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/01c330874dcdee8231e733a2c336a9ff27829528"><code>01c3308</code></a> -Automatically publish wheel to GitHub release</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/c9a5d30b5edda312a1374a2a4ad1cb65bd944385"><code>c9a5d30</code></a> -Remove <code>ast.NameConstant</code> references</li> -<li><a -href="https://github.com/sco1/flake8-annotations/commit/50ad178c8aa02cb05110a04f3806003b6d0d16bf"><code>50ad178</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/sco1/flake8-annotations/issues/158">#158</a>)</li> -<li>Additional commits viewable in <a -href="https://github.com/sco1/flake8-annotations/compare/v3.0.1...v3.1.0">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`22474d8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/22474d895a4382cd50e77799c148eec1ae1a426a)) - ### Documentation * docs: OSSP best practice percentage @@ -743,10 +22,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3f9770a`](https: * fix: allow suppliers with empty-string names (#611) -fixes #600 - ---------- - +fixes #600 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b331aeb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b331aeb4b7261c7b1359c592b2dcda27bd35e369)) @@ -758,880 +37,19 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b331aeb`](https: Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0d00496`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d00496ca2191394276d0410cc8e81e5630d674d)) -* chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 (#608) - -Updates the requirements on -[coverage](https://github.com/nedbat/coveragepy) to permit the latest -version. -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's -changelog</a>.</em></p> -<blockquote> -<h2>Version 7.5.1 — 2024-05-04</h2> -<ul> -<li> -<p>Fix: a pragma comment on the continuation lines of a multi-line -statement -now excludes the statement and its body, the same as if the pragma is -on the first line. This closes <code>issue 754</code><em>. The fix was -contributed by -<code>Daniel Diniz &lt;pull 1773_&gt;</code></em>.</p> -</li> -<li> -<p>Fix: very complex source files like <code>this one -&lt;resolvent_lookup_&gt;</code>_ could -cause a maximum recursion error when creating an HTML report. This is -now -fixed, closing <code>issue 1774</code>_.</p> -</li> -<li> -<p>HTML report improvements:</p> -<ul> -<li> -<p>Support files (JavaScript and CSS) referenced by the HTML report now -have -hashes added to their names to ensure updated files are used instead of -stale cached copies.</p> -</li> -<li> -<p>Missing branch coverage explanations that said &quot;the condition -was never -false&quot; now read &quot;the condition was always true&quot; because -it's easier to -understand.</p> -</li> -<li> -<p>Column sort order is remembered better as you move between the index -pages, -fixing <code>issue 1766</code><em>. Thanks, <code>Daniel Diniz &lt;pull -1768_&gt;</code></em>.</p> -</li> -</ul> -</li> -</ul> -<p>.. _resolvent_lookup: <a -href="https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py">https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py</a> -.. _issue 754: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/754">nedbat/coveragepy#754</a> -.. _issue 1766: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1766">nedbat/coveragepy#1766</a> -.. _pull 1768: <a -href="https://redirect.github.com/nedbat/coveragepy/pull/1768">nedbat/coveragepy#1768</a> -.. _pull 1773: <a -href="https://redirect.github.com/nedbat/coveragepy/pull/1773">nedbat/coveragepy#1773</a> -.. _issue 1774: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1774">nedbat/coveragepy#1774</a></p> -<p>.. _changes_7-5-0:</p> -<h2>Version 7.5.0 — 2024-04-23</h2> -<ul> -<li> -<p>Added initial support for function and class reporting in the HTML -report. -There are now three index pages which link to each other: files, -functions, -and classes. Other reports don't yet have this information, but it will -be -added in the future where it makes sense. Feedback gladly accepted! -Finishes <code>issue 780</code>_.</p> -</li> -<li> -<p>Other HTML report improvements:</p> -<ul> -<li>There is now a &quot;hide covered&quot; checkbox to filter out 100% -files, finishing -<code>issue 1384</code>_.</li> -</ul> -</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/nedbat/coveragepy/commit/be938eaa195a52dd89f3a13aa68bb80de3425b11"><code>be938ea</code></a> -docs: sample HTML for 7.5.1</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/02c66d76912259c8a03282d153007a569f05f495"><code>02c66d7</code></a> -docs: prep for 7.5.1</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/5fa9f67853a7112e08185ed416de7907b8e524da"><code>5fa9f67</code></a> -fix: avoid max recursion errors in ast code. <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1774">#1774</a></li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/34af01dfc877e7f35b49f5ec402c39437ae7c1f1"><code>34af01d</code></a> -build: easier to run metasmoke on desired python version</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/6b0cac5843d0cbfb68391f36397e6759e13e297d"><code>6b0cac5</code></a> -perf: cache _human_key to speed html report by about 10%</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/fdc0ee896825334bfa13735d94b2da78da72f76b"><code>fdc0ee8</code></a> -docs: oops, typo</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/60e6cb4267c1f25690e37198e1e55130ae94b4e1"><code>60e6cb4</code></a> -docs: changelog for <a -href="https://redirect.github.com/nedbat/coveragepy/issues/754">#754</a> -and <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1773">#1773</a></li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/277c8c43c9ee59c941ec8fd7da8ea2a49049d1e0"><code>277c8c4</code></a> -fix: '# pragma: no branch' in multiline if statements. <a -href="https://redirect.github.com/nedbat/coveragepy/issues/754">#754</a> -(<a -href="https://redirect.github.com/nedbat/coveragepy/issues/1773">#1773</a>)</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/34d3eb76b7833268019ac25e5265c2c1b192abcb"><code>34d3eb7</code></a> -docs: update changelog for <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1786">#1786</a>. -Thanks, Daniel Diniz</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/2bb5ef22787185fd90a525e8e26bbe360a3492f1"><code>2bb5ef2</code></a> -fix(html): make HTML column sorting consistent across index pages (fix -<a -href="https://redirect.github.com/nedbat/coveragepy/issues/1766">#1766</a>)...</li> -<li>Additional commits viewable in <a -href="https://github.com/nedbat/coveragepy/compare/7.5.0...7.5.1">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`4f9174b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4f9174b52fd7e9c940d447b8149559b624b1539e)) - * chore(ci): update GH action versions (#606) - -Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6d1bc5b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6d1bc5b5e3c6cecc8681b7a197d07632819dc994)) -* chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 (#603) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to -permit the latest version. -<details> -<summary>Release notes</summary> -<p><em>Sourced from <a -href="https://github.com/tox-dev/tox/releases">tox's -releases</a>.</em></p> -<blockquote> -<h2>4.15.0</h2> -<!-- raw HTML omitted --> -<h2>What's Changed</h2> -<ul> -<li>Remove duplicated and misleading configuration section by <a -href="https://github.com/jugmac00"><code>@​jugmac00</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3251">tox-dev/tox#3251</a></li> -<li>Fix dropped leading characters <code>c</code> from constraints' -packages by <a -href="https://github.com/jugmac00"><code>@​jugmac00</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3250">tox-dev/tox#3250</a></li> -<li>Fix type-checking by <a -href="https://github.com/stefanor"><code>@​stefanor</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3260">tox-dev/tox#3260</a></li> -<li>Update installation.rst by <a -href="https://github.com/shenxianpeng"><code>@​shenxianpeng</code></a> -in <a -href="https://redirect.github.com/tox-dev/tox/pull/3257">tox-dev/tox#3257</a></li> -<li>Allow appending to deps with the command line by <a -href="https://github.com/stefanor"><code>@​stefanor</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3259">tox-dev/tox#3259</a></li> -<li>Support multiple override appends by <a -href="https://github.com/amitschang"><code>@​amitschang</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3261">tox-dev/tox#3261</a></li> -<li>Add bang to invert exit code by <a -href="https://github.com/sillydan1"><code>@​sillydan1</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3271">tox-dev/tox#3271</a></li> -<li>fix(parser): Fix --discover parsed incorrectly from env by <a -href="https://github.com/mimre25"><code>@​mimre25</code></a> in <a -href="https://redirect.github.com/tox-dev/tox/pull/3274">tox-dev/tox#3274</a></li> -</ul> -<h2>New Contributors</h2> -<ul> -<li><a -href="https://github.com/shenxianpeng"><code>@​shenxianpeng</code></a> -made their first contribution in <a -href="https://redirect.github.com/tox-dev/tox/pull/3257">tox-dev/tox#3257</a></li> -<li><a -href="https://github.com/amitschang"><code>@​amitschang</code></a> made -their first contribution in <a -href="https://redirect.github.com/tox-dev/tox/pull/3261">tox-dev/tox#3261</a></li> -<li><a href="https://github.com/sillydan1"><code>@​sillydan1</code></a> -made their first contribution in <a -href="https://redirect.github.com/tox-dev/tox/pull/3271">tox-dev/tox#3271</a></li> -<li><a href="https://github.com/mimre25"><code>@​mimre25</code></a> made -their first contribution in <a -href="https://redirect.github.com/tox-dev/tox/pull/3274">tox-dev/tox#3274</a></li> -</ul> -<p><strong>Full Changelog</strong>: <a -href="https://github.com/tox-dev/tox/compare/4.14.2...4.15.0">https://github.com/tox-dev/tox/compare/4.14.2...4.15.0</a></p> -</blockquote> -</details> -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's -changelog</a>.</em></p> -<blockquote> -<h2>v4.15.0 (2024-04-26)</h2> -<p>Features - 4.15.0</p> -<pre><code>- Add support for multiple appending override options (-x, ---override) on command line - by :user:`amitschang`. (:issue:`3261`) -- Add support for inverting exit code success criteria using bang (!) -(:issue:`3271`) -<p>Bugfixes - 4.15.0 -</code></pre></p> -<ul> -<li>Fix issue that the leading character <code>c</code> was dropped from -packages in constraints files - by :user:<code>jugmac00</code>. -(:issue:<code>3247</code>)</li> -<li>Allow appending to <code>deps</code> with <code>--override -testenv.deps+=foo</code> - by :user:<code>stefanor</code>. -(:issue:<code>3256</code>)</li> -<li>Fix non-existing branch <code>rewrite</code> in the documentation to -<code>main</code>. (:issue:<code>3257</code>)</li> -<li>Update test typing for build 1.2.0, which has an explicit -<code>Distribution</code> type - by :user:<code>stefanor</code>. -(:issue:<code>3260</code>)</li> -<li>Fix broken input parsing for <code>--discover</code> flag. - by -:user:<code>mimre25</code> (:issue:<code>3272</code>)</li> -</ul> -<p>Improved Documentation - 4.15.0</p> -<pre><code>- Rephrase ``--discover`` flag's description to avoid -confusion between paths and executables. - by :user:`mimre25` -(:issue:`3274`) -<h2>v4.14.2 (2024-03-22)</h2> -<p>Bugfixes - 4.14.2</p> -<pre><code>- Add provision arguments to ToxParser to fix crash when -provisioning new tox environment without list-dependencies by -:user:`seyidaniels` (:issue:`3190`) - -Improved Documentation - 4.14.2 -&lt;/code&gt;&lt;/pre&gt; -&lt;ul&gt; -&lt;li&gt;Removed unused line from the 'fresh_subprocess' documentation. -(:issue:&lt;code&gt;3241&lt;/code&gt;)&lt;/li&gt; -&lt;/ul&gt; -&lt;h2&gt;v4.14.1 (2024-03-06)&lt;/h2&gt; -&lt;p&gt;Bugfixes - 4.14.1&lt;/p&gt; -&lt;pre&gt;&lt;code&gt;- Fix crash with fresh subprocess, if the build -backend is setuptools automatically enable fresh subprocesses for - build backend calls - by :user:`gaborbernat`. (:issue:`3235`) - -v4.14.0 (2024-03-05) --------------------- - -Features - 4.14.0 -&lt;/code&gt;&lt;/pre&gt; -&lt;ul&gt; -&lt;li&gt;Support enabling fresh subprocess for packaging build backends -via :ref:&lt;code&gt;fresh_subprocess&lt;/code&gt; - by -:user:&lt;code&gt;gaborbernat&lt;/code&gt;. -(:issue:&lt;code&gt;3227&lt;/code&gt;)&lt;/li&gt; -&lt;li&gt;Allow plugins attaching additional information to -&lt;code&gt;--version&lt;/code&gt; via -&lt;code&gt;tox_append_version_info&lt;/code&gt; method in the plugin -module - by :user:&lt;code&gt;gaborbernat&lt;/code&gt;. -(:issue:&lt;code&gt;3234&lt;/code&gt;)&lt;/li&gt; -&lt;/ul&gt; -&lt;h2&gt;v4.13.0 (2024-02-16)&lt;/h2&gt; -&lt;!-- raw HTML omitted --&gt; -&lt;/blockquote&gt; -&lt;p&gt;... (truncated)&lt;/p&gt; -&lt;/details&gt; -&lt;details&gt; -&lt;summary&gt;Commits&lt;/summary&gt; - -&lt;ul&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/261b4ca55686059489b1314c440f0e2fca21aca5&quot;&gt;&lt;code&gt;261b4ca&lt;/code&gt;&lt;/a&gt; -release 4.15.0&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/c54dfbd9ad4aad9f0ef5503b7dff2558cdf64208&quot;&gt;&lt;code&gt;c54dfbd&lt;/code&gt;&lt;/a&gt; -fix(parser): Fix --discover parsed incorrectly from env (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3274&quot;&gt;#3274&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/809e10f9871e75cf7b07063f47393f9c10861174&quot;&gt;&lt;code&gt;809e10f&lt;/code&gt;&lt;/a&gt; -Add bang to invert exit code (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3271&quot;&gt;#3271&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/822c9d07699aa090fb8d37cb94247ea0d085125b&quot;&gt;&lt;code&gt;822c9d0&lt;/code&gt;&lt;/a&gt; -[pre-commit.ci] pre-commit autoupdate (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3267&quot;&gt;#3267&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/0e5a3dbb9a1c7eb1df56421cc4bca5e187626ccd&quot;&gt;&lt;code&gt;0e5a3db&lt;/code&gt;&lt;/a&gt; -[pre-commit.ci] pre-commit autoupdate (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3265&quot;&gt;#3265&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/f5850c0d3a893cbb6d9de192fe8e6e857573499b&quot;&gt;&lt;code&gt;f5850c0&lt;/code&gt;&lt;/a&gt; -Support multiple override appends (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3261&quot;&gt;#3261&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/c2be62972e7f7b3e79260e5c96e4fe5bf76f5929&quot;&gt;&lt;code&gt;c2be629&lt;/code&gt;&lt;/a&gt; -Allow appending to deps with the command line (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3259&quot;&gt;#3259&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/d28a9ee0ea28b2356b24a0d0e0ed70c0141d41cc&quot;&gt;&lt;code&gt;d28a9ee&lt;/code&gt;&lt;/a&gt; -Update installation.rst (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3257&quot;&gt;#3257&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/a19a9467cfae5a0fc2c1b6faf1845d412898c693&quot;&gt;&lt;code&gt;a19a946&lt;/code&gt;&lt;/a&gt; -[pre-commit.ci] pre-commit autoupdate (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3258&quot;&gt;#3258&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;&lt;a -href=&quot;https://github.com/tox-dev/tox/commit/a22fe8ffce73acdfc2aefd70228ede0337aac19b&quot;&gt;&lt;code&gt;a22fe8f&lt;/code&gt;&lt;/a&gt; -Fix type-checking (&lt;a -href=&quot;https://redirect.github.com/tox-dev/tox/issues/3260&quot;&gt;#3260&lt;/a&gt;)&lt;/li&gt; -&lt;li&gt;Additional commits viewable in &lt;a -href=&quot;https://github.com/tox-dev/tox/compare/4.14.2...4.15.0&quot;&gt;compare -view&lt;/a&gt;&lt;/li&gt; -&lt;/ul&gt; -&lt;/details&gt; - -&lt;br /&gt; -</code></pre> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`f566c82`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f566c82ff2e31f9be50966c76e17e6657853ae81)) - -* chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 (#605) - -Updates the requirements on -[coverage](https://github.com/nedbat/coveragepy) to permit the latest -version. -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's -changelog</a>.</em></p> -<blockquote> -<h2>Version 7.5.0 — 2024-04-23</h2> -<ul> -<li> -<p>Added initial support for function and class reporting in the HTML -report. -There are now three index pages which link to each other: files, -functions, -and classes. Other reports don't yet have this information, but it will -be -added in the future where it makes sense. Feedback gladly accepted! -Finishes <code>issue 780</code>_.</p> -</li> -<li> -<p>Other HTML report improvements:</p> -<ul> -<li> -<p>There is now a &quot;hide covered&quot; checkbox to filter out 100% -files, finishing -<code>issue 1384</code>_.</p> -</li> -<li> -<p>The index page is always sorted by one of its columns, with clearer -indications of the sorting.</p> -</li> -<li> -<p>The &quot;previous file&quot; shortcut key didn't work on the index -page, but now it -does, fixing <code>issue 1765</code>_.</p> -</li> -</ul> -</li> -<li> -<p>The debug output showing which configuration files were tried now -shows -absolute paths to help diagnose problems where settings aren't taking -effect, -and is renamed from &quot;attempted_config_files&quot; to the more -logical -&quot;config_files_attempted.&quot;</p> -</li> -<li> -<p>Python 3.13.0a6 is supported.</p> -</li> -</ul> -<p>.. _issue 780: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/780">nedbat/coveragepy#780</a> -.. _issue 1384: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1384">nedbat/coveragepy#1384</a> -.. _issue 1765: <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1765">nedbat/coveragepy#1765</a></p> -<p>.. _changes_7-4-4:</p> -<h2>Version 7.4.4 — 2024-03-14</h2> -<ul> -<li> -<p>Fix: in some cases, even with <code>[run] relative_files=True</code>, -a data file -could be created with absolute path names. When combined with other -relative -data files, it was random whether the absolute file names would be made -relative or not. If they weren't, then a file would be listed twice in -reports, as detailed in <code>issue 1752</code>_. This is now fixed: -absolute file -names are always made relative when combining. Thanks to Bruno Rodrigues -dos -Santos for support.</p> -</li> -<li> -<p>Fix: the last case of a match/case statement had an incorrect message -if the -branch was missed. It said the pattern never matched, when actually the -branch is missed if the last case always matched.</p> -</li> -<li> -<p>Fix: clicking a line number in the HTML report now positions more -accurately.</p> -</li> -</ul> -<!-- raw HTML omitted --> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/nedbat/coveragepy/commit/5f4e0348da6b51bcc6171685081062f9565ec1cc"><code>5f4e034</code></a> -docs: sample HTML for 7.5.0</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/ed97cfb375dc9a7ecb6b2f9c5e513f29b9286646"><code>ed97cfb</code></a> -docs: prep for 7.5.0</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/41e01d3ef0f98ec256173fd1864488cc72ab6f73"><code>41e01d3</code></a> -build: use macos 13 for 3.8 and 3.9 while GitHub rolls out macos 14</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/583f0c0deb0c0f232019521ad574ce24a61d66dc"><code>583f0c0</code></a> -test: add a test for skipping covered functions</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/b115ed34fcf65bdf444e4d79fc15a9a987aad24d"><code>b115ed3</code></a> -refactor: keep Analysis private</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/40a052e2fa31496e52347d880657a552ce2d642c"><code>40a052e</code></a> -docs: document CodeRegion and its plugin methods</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/2ff9933ee74a8d8048968fef9cdec68ba372b4dc"><code>2ff9933</code></a> -docs: remove comment that now explains nothing.</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/a6ba1c8ea6f780d8d351a237d47aff9d396ccb48"><code>a6ba1c8</code></a> -fix: html report pages fully validate</li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/74c87a821b8db7f0dc131e42756d58f3a7abc784"><code>74c87a8</code></a> -fix: previous page shortcut works in index page. <a -href="https://redirect.github.com/nedbat/coveragepy/issues/1765">#1765</a></li> -<li><a -href="https://github.com/nedbat/coveragepy/commit/e016967ca656414f8372f3de6cab648a2b0778ae"><code>e016967</code></a> -feat: main index page links to other index pages</li> -<li>Additional commits viewable in <a -href="https://github.com/nedbat/coveragepy/compare/7.4.4...7.5.0">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`1257861`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1257861f0b1df2cd9057c6ffe2d50427fc13b9fa)) - -* chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 (#604) - -Updates the requirements on -[flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) to permit the -latest version. -<details> -<summary>Release notes</summary> -<p><em>Sourced from <a -href="https://github.com/PyCQA/flake8-bugbear/releases">flake8-bugbear's -releases</a>.</em></p> -<blockquote> -<h2>24.4.6</h2> -<ul> -<li>B909: Fix false positive affecting containers of mutables (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/469">#469</a>)</li> -</ul> -</blockquote> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/8d524af8739b042e813976e88e75b7106ccfd4c3"><code>8d524af</code></a> -Update CHANGES + move to version 24.4.26 to release</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/b4986aafd409f9a3cd0e9c9c9ec1dea86a67f703"><code>b4986aa</code></a> -fix(b909): Fix false positive affecting containers of mutables (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/469">#469</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/b9f9dce9258a2440f203d87a529ea2f3b174c884"><code>b9f9dce</code></a> -Update CHANGES + move to version 24.4.21 to release</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/54ecfbcfd98e9dc78e22c2478b805a85c3a4a271"><code>54ecfbc</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/466">#466</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/1855fae573137def68ec1c751b726a0fbb1a1c90"><code>1855fae</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/464">#464</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/fa48bc1efe6a75d3949434c343539c57b6a015f3"><code>fa48bc1</code></a> -Add pragma comment to line length ignores (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/463">#463</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/6bf907ced61739dcb298ffc1abf3d3e9a112e41a"><code>6bf907c</code></a> -B909 improvements (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/460">#460</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/28fe268a6607ea82095a4b0f144b5b1bc4e0a767"><code>28fe268</code></a> -[pre-commit.ci] pre-commit autoupdate (<a -href="https://redirect.github.com/PyCQA/flake8-bugbear/issues/461">#461</a>)</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/76a71f4aa517b0b475c36c34cabbc84845ad6b5f"><code>76a71f4</code></a> -Revert &quot;Remove debug print seems was left&quot;</li> -<li><a -href="https://github.com/PyCQA/flake8-bugbear/commit/23cf46dfa3f9b6e7e2013260b70fd29ca6b727ed"><code>23cf46d</code></a> -Remove debug print seems was left</li> -<li>See full diff in <a -href="https://github.com/PyCQA/flake8-bugbear/compare/24.2.6...24.4.26">compare -view</a></li> -</ul> -</details> -<br /> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`e64258d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e64258dd1bfde3230c9b1b59680f1d09416b764d)) - -* chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 (#602) - -Updates the requirements on [mypy](https://github.com/python/mypy) to -permit the latest version. -<details> -<summary>Changelog</summary> -<p><em>Sourced from <a -href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's -changelog</a>.</em></p> -<blockquote> -<h1>Mypy Release Notes</h1> -<h2>Next release</h2> -<h2>Mypy 1.10</h2> -<p>We’ve just uploaded mypy 1.10 to the Python Package Index (<a -href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type -checker for Python. This release includes new features, performance -improvements and bug fixes. You can install it as follows:</p> -<pre><code>python3 -m pip install -U mypy -</code></pre> -<p>You can read the full documentation for this release on <a -href="http://mypy.readthedocs.io">Read the Docs</a>.</p> -<h4>Support TypeIs (PEP 742)</h4> -<p>Mypy now supports <code>TypeIs</code> (<a -href="https://peps.python.org/pep-0742/">PEP 742</a>), which allows -functions to narrow the type of a value, similar to -<code>isinstance()</code>. Unlike <code>TypeGuard</code>, -<code>TypeIs</code> can narrow in both the <code>if</code> and -<code>else</code> branches of an if statement:</p> -<pre lang="python"><code>from typing_extensions import TypeIs -<p>def is_str(s: object) -&gt; TypeIs[str]: -return isinstance(s, str)</p> -<p>def f(o: str | int) -&gt; None: -if is_str(o): -# Type of o is 'str' -... -else: -# Type of o is 'int' -... -</code></pre></p> -<p><code>TypeIs</code> will be added to the <code>typing</code> module -in Python 3.13, but it -can be used on earlier Python versions by importing it from -<code>typing_extensions</code>.</p> -<p>This feature was contributed by Jelle Zijlstra (PR <a -href="https://redirect.github.com/python/mypy/pull/16898">16898</a>).</p> -<h4>Support TypeVar Defaults (PEP 696)</h4> -<p><a href="https://peps.python.org/pep-0696/">PEP 696</a> adds support -for type parameter defaults. -Example:</p> -<pre lang="python"><code>from typing import Generic -from typing_extensions import TypeVar -<p>&lt;/tr&gt;&lt;/table&gt; -</code></pre></p> -</blockquote> -<p>... (truncated)</p> -</details> -<details> -<summary>Commits</summary> -<ul> -<li><a -href="https://github.com/python/mypy/commit/3faf0fc4798ec3ee6b1cd123965193dc0a753fb0"><code>3faf0fc</code></a> -Remove +dev for version for release 1.10</li> -<li><a -href="https://github.com/python/mypy/commit/a5998d20402515f0c0bf05c7fe1029e93aa9bfa8"><code>a5998d2</code></a> -Update CHANGELOG.md (<a -href="https://redirect.github.com/python/mypy/issues/17159">#17159</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/62ea5b01f0c0c99e7db93326cb8d219eecfb3cb6"><code>62ea5b0</code></a> -Various updates to changelog for 1.10 (<a -href="https://redirect.github.com/python/mypy/issues/17158">#17158</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/2f0864c4e55a74700d8ce2d97ab2d3ca2b288513"><code>2f0864c</code></a> -Update CHANGELOG.md with draft for release 1.10 (<a -href="https://redirect.github.com/python/mypy/issues/17150">#17150</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/e1443bbade91118794055449cc8b4b4f7fd08b7d"><code>e1443bb</code></a> -fix: incorrect returned type of access descriptors on unions of types -(<a -href="https://redirect.github.com/python/mypy/issues/16604">#16604</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/5161ac2e5b73dc7597536eb4444219868317e5d9"><code>5161ac2</code></a> -Sync typeshed (<a -href="https://redirect.github.com/python/mypy/issues/17124">#17124</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/e2fc1f28935806ca04b18fab277217f583b51594"><code>e2fc1f2</code></a> -Fix crash when expanding invalid Unpack in a <code>Callable</code> alias -(<a -href="https://redirect.github.com/python/mypy/issues/17028">#17028</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/3ff6e47c57a67e807e0b4579a816b4f66ab16824"><code>3ff6e47</code></a> -Docs: docstrings in checker.py, ast_helpers.py (<a -href="https://redirect.github.com/python/mypy/issues/16908">#16908</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/732d98ecb2a98e4eaea14aba1ed8ac9c1f5ccdb6"><code>732d98e</code></a> -Fix string formatting for string enums (<a -href="https://redirect.github.com/python/mypy/issues/16555">#16555</a>)</li> -<li><a -href="https://github.com/python/mypy/commit/80190101f68b52e960c22572ed6cc814de078b9c"><code>8019010</code></a> -Narrow individual items when matching a tuple to a sequence pattern (<a -href="https://redirect.github.com/python/mypy/issues/16905">#16905</a>)</li> -<li>Additional commits viewable in <a -href="https://github.com/python/mypy/compare/1.9.0...v1.10.0">compare -view</a></li> -</ul> -</details> -<br /> - -<details> -<summary>Most Recent Ignore Conditions Applied to This Pull -Request</summary> - -| Dependency Name | Ignore Conditions | -| --- | --- | -| mypy | [>= 0.971.a, < 0.972] | -</details> - - -Dependabot will resolve any conflicts with this PR as long as you don't -alter it yourself. You can also trigger a rebase manually by commenting -`@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -<details> -<summary>Dependabot commands and options</summary> -<br /> - -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits -that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after -your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge -and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating -it. You can achieve the same result by closing it manually -- `@dependabot show <dependency name> ignore conditions` will show all -of the ignore conditions of the specified dependency -- `@dependabot ignore this major version` will close this PR and stop -Dependabot creating any more for this major version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop -Dependabot creating any more for this minor version (unless you reopen -the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop -Dependabot creating any more for this dependency (unless you reopen the -PR or upgrade to it yourself) - - -</details> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`40aa0cd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/40aa0cdf8852e09794bdacf085db2f157505df83)) +Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6d1bc5b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6d1bc5b5e3c6cecc8681b7a197d07632819dc994)) ### Fix * fix: json validation allow arbitrary `$schema` value (#613) -fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/612 - ---------- - +fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/612 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`08b7c60`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/08b7c607360b65215d9d29d42ae86e60c6efe49b)) @@ -1641,14 +59,14 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`08b7c60`](https: * fix: properly sort components based on all properties (#599) -reverts #587 - as this one introduced errors -fixes #598 -fixes #586 - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> +reverts #587 - as this one introduced errors +fixes #598 +fixes #586 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Paul Horton <paul.horton@owasp.org> ([`8df488c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8df488cb422a6363421fee39714df4e8e8e7a593)) @@ -1664,8 +82,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d437c40`](https: * fix: include all fields of `Component` in `__lt__` function for #586 (#587) -Fixes #586. - +Fixes #586. + Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d784685`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d7846850d1ad33184d1d58b59fdf41a778d05900)) @@ -1675,8 +93,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d784685`](https://gi * feat: license factory set `acknowledgement` (#593) -add a parameter to `LicenseFactory.make_*()` methods, to set the `LicenseAcknowledgement`. - +add a parameter to `LicenseFactory.make_*()` methods, to set the `LicenseAcknowledgement`. + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7ca2455`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7ca2455018d0e191afaaa2fd136a7e4d5b325ec6)) @@ -1686,47 +104,47 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7ca2455`](https: * feat: disjunctive license acknowledgement (#591) - ---------- - + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9bf1839`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bf1839859a244e790e91c3e1edd82d333598d60)) ### Unknown * tests: add meaningful names to validation tests (#588) -When packaging cyclonedx-python-lib for a Linux distribution, it’s -pretty common that some JSON validation tests fail. [1] - -Due to the large number of combinations and the fact that these tests -are consecutively numbered, it has been tedious to figure out which -tests are exactly failing and why. This in turn makes it difficult to -decide which tests to disable or report upstream. - -Append meaningful names to validation tests so that instead of e.g.: - - […]::TestJsonValidator::test_validate_no_none_001 - […]::TestJsonValidator::test_validate_no_none_002 - […]::TestJsonValidator::test_validate_no_none_003 - […]::TestJsonValidator::test_validate_no_none_004 - […]::TestJsonValidator::test_validate_no_none_005 - […]::TestJsonValidator::test_validate_no_none_006 - […]::TestJsonValidator::test_validate_no_none_007 - […]::TestJsonValidator::test_validate_no_none_008 - -the tests are named: - - […]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6 - […]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6 - […]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6 - […]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6 - […]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6 - […]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6 - […]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6 - […]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6 - -[1]: https://aur.archlinux.org/cgit/aur.git/diff/PKGBUILD?h=python-cyclonedx-lib&id=9c6ae556874a633a521407a77a9a85bb31da2047 - +When packaging cyclonedx-python-lib for a Linux distribution, it’s +pretty common that some JSON validation tests fail. [1] + +Due to the large number of combinations and the fact that these tests +are consecutively numbered, it has been tedious to figure out which +tests are exactly failing and why. This in turn makes it difficult to +decide which tests to disable or report upstream. + +Append meaningful names to validation tests so that instead of e.g.: + + […]::TestJsonValidator::test_validate_no_none_001 + […]::TestJsonValidator::test_validate_no_none_002 + […]::TestJsonValidator::test_validate_no_none_003 + […]::TestJsonValidator::test_validate_no_none_004 + […]::TestJsonValidator::test_validate_no_none_005 + […]::TestJsonValidator::test_validate_no_none_006 + […]::TestJsonValidator::test_validate_no_none_007 + […]::TestJsonValidator::test_validate_no_none_008 + +the tests are named: + + […]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6 + […]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6 + […]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6 + […]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6 + […]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6 + […]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6 + […]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6 + […]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6 + +[1]: https://aur.archlinux.org/cgit/aur.git/diff/PKGBUILD?h=python-cyclonedx-lib&id=9c6ae556874a633a521407a77a9a85bb31da2047 + Signed-off-by: Claudia <claui@users.noreply.github.com> ([`ae3f79c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ae3f79cbaeecda94948bff6a64ab797c5ddd934a)) * doc: poor merge resolved @@ -1755,300 +173,169 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`1d1c45a`](https://gi * feat!: Support for CycloneDX v1.6 -* added draft v1.6 schemas and boilerplate for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* re-generated test snapshots for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* note `bom.metadata.manufacture` as deprecated - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work on `bom.metadata` for v1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Deprecated `.component.author`. Added `.component.authors` and `.component.manufacturer` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work to add `.component.omniborid` - but tests deserialisation tests fail due to schema differences (`.component.author` not in 1.6) - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* work to get deserialization tests passing - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore(deps): bump `py-serializable` to >=1.0.3 to resolve issues with deserialization to XML - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* imports tidied - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* properly added `.component.swhid` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* add `.component.cryptoProperties` - with test failures for SchemaVersion < 1.6 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* typing and bandit ignores - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* test filtering - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* additional tests to increase code coverage - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* corrected CryptoMode enum - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Added `address` to `organizationalEntity` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* Added `address` to `organizationalEntity` - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* raise `UserWarning` in `.component.version` has length > 1024 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* coding standards and typing - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* add `acknowledgement` to `LicenseExpression` (#582) - - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* more proper way to filter test cases - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* update schema to published versions - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fetch schema 1.6 JSON - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fetch test data for CDX 1.6 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* reformat - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* reformat - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* refactor - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* style - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* refactor - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* docs - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bbdf46`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bbdf461434ab66673a496a8305c2878bf5c88da)) +* added draft v1.6 schemas and boilerplate for v1.6 -### Chore +Signed-off-by: Paul Horton <paul.horton@owasp.org> -* chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573) - -Updates the requirements on [autopep8](https://github.com/hhatto/autopep8) to permit the latest version. -- [Release notes](https://github.com/hhatto/autopep8/releases) -- [Commits](https://github.com/hhatto/autopep8/compare/v2.0.4...v2.1.0) - ---- -updated-dependencies: -- dependency-name: autopep8 - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`35749c6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35749c6cd18ebb8911b7cefac8a381d2ee57177a)) - -* chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.14.1...4.14.2) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`d60f457`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d60f4570621246ce3d68e7f2e7f1aa831fb818f0)) +* re-generated test snapshots for v1.6 +Signed-off-by: Paul Horton <paul.horton@owasp.org> -## v6.4.4 (2024-03-18) +* note `bom.metadata.manufacture` as deprecated -### Chore +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work on `bom.metadata` for v1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Deprecated `.component.author`. Added `.component.authors` and `.component.manufacturer` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work to add `.component.omniborid` - but tests deserialisation tests fail due to schema differences (`.component.author` not in 1.6) + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* work to get deserialization tests passing + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore(deps): bump `py-serializable` to >=1.0.3 to resolve issues with deserialization to XML + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* imports tidied + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* properly added `.component.swhid` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* add `.component.cryptoProperties` - with test failures for SchemaVersion < 1.6 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* typing and bandit ignores + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* test filtering + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* additional tests to increase code coverage + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* corrected CryptoMode enum + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* coding standards + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Added `address` to `organizationalEntity` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* Added `address` to `organizationalEntity` + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* raise `UserWarning` in `.component.version` has length > 1024 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> -* chore(deps-dev): update coverage requirement from 7.4.3 to 7.4.4 (#570) - -Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.3...7.4.4) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3a2e427`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3a2e427ba9967f11c15cd1a47c59a933b699c87b)) - -* chore(deps): bump python-semantic-release/python-semantic-release (#564) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 8.5.1 to 9.1.1. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v8.5.1...v9.1.1) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`d20a590`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d20a5902582facab0636e9ff8a261edcaf886a3e)) - -* chore(deps-dev): update tox requirement from 4.13.0 to 4.14.1 (#567) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.13.0...4.14.1) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`2dcc60e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2dcc60e53ec66d642c728596ff25fed4df5659a0)) - -* chore(deps-dev): update bandit requirement from 1.7.7 to 1.7.8 (#566) - -Updates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version. -- [Release notes](https://github.com/PyCQA/bandit/releases) -- [Commits](https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8) - ---- -updated-dependencies: -- dependency-name: bandit - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`eb1a252`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eb1a2525c09e0dd10f11ff83b451a4db4fb00d9b)) - -* chore(deps-dev): update mypy requirement from 1.8.0 to 1.9.0 (#565) - -Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. -- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python/mypy/compare/v1.8.0...1.9.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3ce0f3a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3ce0f3a373d9f1b07af50d9b707f766ea446e518)) +* coding standards and typing + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* add `acknowledgement` to `LicenseExpression` (#582) + + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* more proper way to filter test cases + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* update schema to published versions + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fetch schema 1.6 JSON + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fetch test data for CDX 1.6 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* reformat + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* reformat + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* refactor + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* style + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* refactor + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* docs + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bbdf46`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bbdf461434ab66673a496a8305c2878bf5c88da)) + + +## v6.4.4 (2024-03-18) ### Fix * fix: wrong extra name for xml validation (#571) - - -Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> ([`10e38e2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/10e38e25095de4b2dafbfcd1fd81dce7a9c0f124)) -## v6.4.3 (2024-03-04) +Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> ([`10e38e2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/10e38e25095de4b2dafbfcd1fd81dce7a9c0f124)) -### Chore -* chore(deps-dev): update ddt requirement from 1.7.1 to 1.7.2 (#563) - -Updates the requirements on [ddt](https://github.com/datadriventests/ddt) to permit the latest version. -- [Release notes](https://github.com/datadriventests/ddt/releases) -- [Commits](https://github.com/datadriventests/ddt/compare/1.7.1...1.7.2) - ---- -updated-dependencies: -- dependency-name: ddt - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`53cb8a9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/53cb8a9aa2630e992467525ff246a0f6e6759100)) +## v6.4.3 (2024-03-04) ### Fix * fix: serialization of `model.component.Diff` (#557) -Fixes #556 - ---------- - -Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Fixes #556 + +--------- + +Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`22fa873`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/22fa8734bf1a3a8789ad7578bfa0c86cf0a49d4a)) @@ -2060,91 +347,12 @@ Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`22fa873`](https Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6f81dfa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6f81dfaed32b76f251647f6291791e714ab158a3)) -### Chore - -* chore(deps-dev): update coverage requirement from 7.4.1 to 7.4.3 (#558) - -Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.1...7.4.3) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`2b7f261`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2b7f261585faa6237e635b18d5ecaf03d81439ba)) - -* chore(deps): bump Gr1N/setup-poetry from 8 to 9 (#555) - -Bumps [Gr1N/setup-poetry](https://github.com/gr1n/setup-poetry) from 8 to 9. -- [Release notes](https://github.com/gr1n/setup-poetry/releases) -- [Commits](https://github.com/gr1n/setup-poetry/compare/v8...v9) - ---- -updated-dependencies: -- dependency-name: Gr1N/setup-poetry - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`178ce32`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/178ce32c0da822b8f1b4d13b427d6f21ea252b59)) - -* chore(deps-dev): update tox requirement from 4.12.1 to 4.13.0 (#553) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.12.1...4.13.0) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`77fb2ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/77fb2ec3593fac577a48894f329a77a7ac6d417c)) - -* chore(deps-dev): update flake8-quotes requirement from 3.3.2 to 3.4.0 (#552) - -Updates the requirements on [flake8-quotes](https://github.com/zheller/flake8-quotes) to permit the latest version. -- [Commits](https://github.com/zheller/flake8-quotes/compare/3.3.2...3.4.0) - ---- -updated-dependencies: -- dependency-name: flake8-quotes - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`cd8e67c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cd8e67c15ae09a07f51f15855c1ae05734352f52)) - -* chore(deps-dev): update flake8-bugbear requirement (#549) - -Updates the requirements on [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) to permit the latest version. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/24.1.17...24.2.6) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`153d83e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/153d83e5a18a2696d49884319fd156628a19cd7b)) - ### Documentation * docs: update architecture description and examples (#550) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a19fd28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a19fd2828355ae031164ef7a0dda2a8ea2365108)) * docs: exclude internal docs from rendering (#545) @@ -2164,39 +372,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b0e5b43`](https: ## v6.4.1 (2024-01-30) -### Chore - -* chore(deps-dev): update bandit requirement from 1.7.6 to 1.7.7 (#542) - -Updates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version. -- [Release notes](https://github.com/PyCQA/bandit/releases) -- [Commits](https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7) - ---- -updated-dependencies: -- dependency-name: bandit - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`0d159c2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d159c29cab7cd57e2028a302ef24f1947de235d)) - -* chore(deps-dev): update coverage requirement from 7.4.0 to 7.4.1 (#541) - -Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.0...7.4.1) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`fa82a24`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fa82a2413f1aa350d16ad3ac0c5163da97e29e34)) - ### Documentation * docs: ship docs with `sdist` build (#544) @@ -2211,11 +386,11 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c1776b7`](https: * fix: `model.BomRef` no longer equal to unset peers (#543) - fixes [#539](https://github.com/CycloneDX/cyclonedx-python-lib/issues/539) - - ---------- - + fixes [#539](https://github.com/CycloneDX/cyclonedx-python-lib/issues/539) + + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1fd7fee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1fd7fee9dec888c10087921f2e5a7a60062fb419)) ### Unknown @@ -2229,57 +404,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`394cc87`](https: ### Chore -* chore(deps-dev): update tox requirement from 4.12.0 to 4.12.1 (#533) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.12.0...4.12.1) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`74094d7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/74094d70c15afdd9991f8b731d318f66b686cf62)) - -* chore(deps-dev): update flake8-bugbear requirement (#534) - -Updates the requirements on [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) to permit the latest version. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/23.12.2...24.1.17) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`6e6f374`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6e6f374ba282a67c9458b414704a3d86f4b593b4)) - * chore: doc flake8 config Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bd4c078`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bd4c0781139bc93e28438390650ef1c7484597bb)) -* chore(deps-dev): update tox requirement from 4.11.4 to 4.12.0 (#530) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.11.4...4.12.0) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`130918a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/130918a78d003255f1d80e6fe2031752c3baa6d1)) - ### Documentation * docs: add OpenSSF Best Practices shield (#532) @@ -2295,37 +423,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e1e7277`](https: ## v6.3.0 (2024-01-06) -### Chore - -* chore(deps-dev): update flake8 requirement from 6.1.0 to 7.0.0 (#528) - -Updates the requirements on [flake8](https://github.com/pycqa/flake8) to permit the latest version. -- [Commits](https://github.com/pycqa/flake8/compare/6.1.0...7.0.0) - ---- -updated-dependencies: -- dependency-name: flake8 - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`6b7ed78`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6b7ed786845d21bf079c0a636d9e689ce278644c)) - -* chore(deps-dev): update ddt requirement from 1.7.0 to 1.7.1 (#527) - -Updates the requirements on [ddt](https://github.com/datadriventests/ddt) to permit the latest version. -- [Release notes](https://github.com/datadriventests/ddt/releases) -- [Commits](https://github.com/datadriventests/ddt/compare/1.7.0...1.7.1) - ---- -updated-dependencies: -- dependency-name: ddt - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9a58e7e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9a58e7ee921a077425ee45f23e9cfbb8341d7ef5)) - ### Documentation * docs: add `Documentation` url to project meta @@ -2351,39 +448,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9f24220`](https: Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f8af156`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f8af156c9c38f737b7067722d2a96f8a2a4fcb48)) -### Chore - -* chore(deps-dev): update coverage requirement from 7.3.3 to 7.4.0 (#524) - -Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.3...7.4.0) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9bcc223`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bcc223b783306cf2255b3910acf5518d7ea223c)) - -* chore(deps-dev): update mypy requirement from 1.7.1 to 1.8.0 (#521) - -Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. -- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python/mypy/compare/v1.7.1...v1.8.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`720046e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/720046e2f69c64216b5ef847ad5f76a95f450a8f)) - ### Documentation * docs: fix typo @@ -2402,18 +466,18 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b3e9ab7`](https: * feat: allow `lxml` requirement in range of `>=4,<6` (#523) -Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. -- [Release notes](https://github.com/lxml/lxml/releases) -- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) -- [Commits](https://github.com/lxml/lxml/compare/lxml-4.0.0...lxml-5.0.0) - ---- -updated-dependencies: -- dependency-name: lxml - dependency-type: direct:production -... - -Signed-off-by: dependabot[bot] <support@github.com> +Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. +- [Release notes](https://github.com/lxml/lxml/releases) +- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) +- [Commits](https://github.com/lxml/lxml/compare/lxml-4.0.0...lxml-5.0.0) + +--- +updated-dependencies: +- dependency-name: lxml + dependency-type: direct:production +... + +Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`7d12b9a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7d12b9a9f7a2fdc5e6bb12f891c6f4291e20e65e)) ### Unknown @@ -2431,61 +495,12 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7dcd166`](https: Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`87c72d7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/87c72d7f589faea67c5f90f041531468f8ae480c)) -* chore(deps): bump python-semantic-release/python-semantic-release (#515) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 8.5.0 to 8.5.1. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v8.5.0...v8.5.1) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`0f56ec4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0f56ec471268d0b27c5956b93021a982945873a2)) - -* chore(deps-dev): update coverage requirement from 7.3.2 to 7.3.3 (#517) - -Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`a57e2f6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a57e2f6ee14d015e58e2175dcbb087d971731f92)) - -* chore(deps-dev): update isort requirement from 5.13.0 to 5.13.2 (#516) - -Updates the requirements on [isort](https://github.com/pycqa/isort) to permit the latest version. -- [Release notes](https://github.com/pycqa/isort/releases) -- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) -- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.2) - ---- -updated-dependencies: -- dependency-name: isort - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`84874a3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/84874a39610b0108335413da23f50b2911c20c78)) - ### Feature * feat: add function to map python `hashlib` algorithms to CycloneDX (#519) -new API: `model.HashType.from_hashlib_alg()` - +new API: `model.HashType.from_hashlib_alg()` + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`81f8cf5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/81f8cf59b1f40ffbd213789a8b1b621a01e3f631)) @@ -2495,295 +510,106 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`81f8cf5`](https: * feat!: v6.0.0 (#492) -### Breaking Changes - -* Removed symbols that were already marked as deprecated (via [#493]) -* Removed symbols in `parser.*` ([#489] via [#495]) -* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) -* Serialization of unsupported enum values might downgrade/migrate/omit them ([#490] via [#496]) - Handling might raise warnings if a data loss occurred due to omitting. - The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. -* Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496]) -* Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505]) - This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering. -* Removed helpers from public API ([#503] via [#506]) - -### Added - -* Basic support for CycloneDX 1.5 ([#404] via [#488]) - * No data models were enhanced nor added, yet. - Pull requests to add functionality are welcome. - * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488]) - * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488]) - -### Tests - -* Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488]) -* Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496]) - -### Misc - -* Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496]) - - ----- - -### API Changes — the details for migration - -* Added new sub-package `exception.serialization` (via [#496]) -* Removed class `models.ComparableTuple` ([#503] via [#506]) -* Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed function `models.get_now_utc` ([#503] via [#506]) -* Removed function `models.sha1sum` ([#503] via [#506]) -* Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493]) - Use kwarg `group` instead. -* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493]) - Use kwarg `licenses` instead. -* Removed deprecated method `model.component.Component.get_namespace()` (via [#493]) -* Removed class `models.dependency.DependencyDependencies` ([#503] via [#506]) -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493]) - Use kwarg `source` instead. -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493]) - Use kwarg `source` instead. -* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493]) - Use kwarg `recommendation` instead. -* Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493]) - Use kwarg `score` instead. -* Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) -* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) -* Removed deprecated function `output.get_instance()` (via [#493]) - Use function `output.make_outputter()` instead. -* Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) -* Removed class `parser.ParserWarning` ([#489] via [#495]) -* Removed class `parser.BaseParser` ([#489] via [#495]) -* Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488]) - - -[#404]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/404 -[#488]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/488 -[#489]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/489 -[#490]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/490 -[#491]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/491 -[#493]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/493 -[#494]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/494 -[#495]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/495 -[#496]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/496 -[#503]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/503 -[#504]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/504 -[#505]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/505 -[#506]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/506 - ---------- - -Signed-off-by: Johannes Feichtner <johannes@web-wack.at> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: semantic-release <semantic-release> -Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> +### Breaking Changes + +* Removed symbols that were already marked as deprecated (via [#493]) +* Removed symbols in `parser.*` ([#489] via [#495]) +* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) +* Serialization of unsupported enum values might downgrade/migrate/omit them ([#490] via [#496]) + Handling might raise warnings if a data loss occurred due to omitting. + The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. +* Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496]) +* Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505]) + This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering. +* Removed helpers from public API ([#503] via [#506]) + +### Added + +* Basic support for CycloneDX 1.5 ([#404] via [#488]) + * No data models were enhanced nor added, yet. + Pull requests to add functionality are welcome. + * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488]) + * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488]) + +### Tests + +* Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488]) +* Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496]) + +### Misc + +* Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496]) + + +---- + +### API Changes — the details for migration + +* Added new sub-package `exception.serialization` (via [#496]) +* Removed class `models.ComparableTuple` ([#503] via [#506]) +* Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed function `models.get_now_utc` ([#503] via [#506]) +* Removed function `models.sha1sum` ([#503] via [#506]) +* Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493]) + Use kwarg `group` instead. +* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493]) + Use kwarg `licenses` instead. +* Removed deprecated method `model.component.Component.get_namespace()` (via [#493]) +* Removed class `models.dependency.DependencyDependencies` ([#503] via [#506]) +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493]) + Use kwarg `source` instead. +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493]) + Use kwarg `source` instead. +* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493]) + Use kwarg `recommendation` instead. +* Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493]) + Use kwarg `score` instead. +* Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) +* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) +* Removed deprecated function `output.get_instance()` (via [#493]) + Use function `output.make_outputter()` instead. +* Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) +* Removed class `parser.ParserWarning` ([#489] via [#495]) +* Removed class `parser.BaseParser` ([#489] via [#495]) +* Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488]) + + +[#404]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/404 +[#488]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/488 +[#489]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/489 +[#490]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/490 +[#491]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/491 +[#493]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/493 +[#494]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/494 +[#495]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/495 +[#496]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/496 +[#503]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/503 +[#504]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/504 +[#505]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/505 +[#506]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/506 + +--------- + +Signed-off-by: Johannes Feichtner <johannes@web-wack.at> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: semantic-release <semantic-release> +Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> Co-authored-by: semantic-release <semantic-release> ([`74865f8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/74865f8e498c9723c2ce3556ceecb6a3cfc4c490)) -### Chore - -* chore(deps): bump python-semantic-release/python-semantic-release (#509) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 8.0.8 to 8.5.0. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v8.0.8...v8.5.0) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9ed9ab1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9ed9ab129e5123b061a9cd358d418f026d2e8b7a)) - -* chore(deps-dev): update isort requirement from 5.12.0 to 5.13.0 (#512) - -Updates the requirements on [isort](https://github.com/pycqa/isort) to permit the latest version. -- [Release notes](https://github.com/pycqa/isort/releases) -- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) -- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0) - ---- -updated-dependencies: -- dependency-name: isort - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`0eba631`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0eba631c628faab454eabba66755d311606c536a)) - -* chore(deps-dev): update bandit requirement from 1.7.5 to 1.7.6 (#510) - -Updates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version. -- [Release notes](https://github.com/PyCQA/bandit/releases) -- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6) - ---- -updated-dependencies: -- dependency-name: bandit - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`153b07a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/153b07a28047c408e0dc442330aa1505e74c175e)) - -* chore(deps): bump actions/setup-python from 4 to 5 (#508) - -Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. -- [Release notes](https://github.com/actions/setup-python/releases) -- [Commits](https://github.com/actions/setup-python/compare/v4...v5) - ---- -updated-dependencies: -- dependency-name: actions/setup-python - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`4e3e0e0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4e3e0e0e873ff45a4d6605728cb1160cd912e3cf)) - -* chore(deps): update sphinx-rtd-theme requirement (#499) - -Updates the requirements on [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) to permit the latest version. -- [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) -- [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/1.3.0...2.0.0) - ---- -updated-dependencies: -- dependency-name: sphinx-rtd-theme - dependency-type: direct:production -... - -Signed-off-by: dependabot[bot] <support@github.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`5d6dd41`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5d6dd417e0c13e596dab6c76b610788bbbb96093)) - -* chore(deps-dev): update flake8-bugbear requirement (#500) - -Updates the requirements on [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) to permit the latest version. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/23.9.16...23.11.28) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`e9a12b9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e9a12b93a9866dcb6d9a48396a7c5378d5c5f5e5)) - -* chore(deps): update py-serializable requirement (#501) - -Updates the requirements on [py-serializable](https://github.com/madpah/serializable) to permit the latest version. -- [Release notes](https://github.com/madpah/serializable/releases) -- [Changelog](https://github.com/madpah/serializable/blob/main/CHANGELOG.md) -- [Commits](https://github.com/madpah/serializable/compare/v0.15.0...v0.16.0) - ---- -updated-dependencies: -- dependency-name: py-serializable - dependency-type: direct:production -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`04435ab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/04435abe926b6fa877bd0194733ae87b3bad9610)) - -* chore(deps-dev): update tox requirement from 4.11.3 to 4.11.4 (#502) - -Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/4.11.3...4.11.4) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`8bf0e39`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bf0e39f62c57c8afb6b7c152156e7af1f02bd5d)) - ## v5.2.0 (2023-12-02) ### Chore -* chore(deps-dev): update mypy requirement from 1.7.0 to 1.7.1 (#487) - -Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. -- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`78957e6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/78957e6592be2106de7933f5b54a0916194980e3)) - -* chore(deps-dev): update mypy requirement from 1.6.1 to 1.7.0 (#484) - -Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. -- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c716ba3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c716ba3751017e2f88367b660dbc11866c2feb1d)) - -* chore(deps-dev): update ddt requirement from 1.6.0 to 1.7.0 (#483) - -Updates the requirements on [ddt](https://github.com/datadriventests/ddt) to permit the latest version. -- [Release notes](https://github.com/datadriventests/ddt/releases) -- [Commits](https://github.com/datadriventests/ddt/compare/1.6.0...1.7.0) - ---- -updated-dependencies: -- dependency-name: ddt - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`8a1f7b9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8a1f7b9678e888654a373965b7902428525f7d60)) - * chore: mograte dev-dependencies to new poetry layout (#482) -see https://python-poetry.org/docs/managing-dependencies/#dependency-groups - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a85585c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a85585cf5e445ba5e67a027b4d1161911df6467d)) +see https://python-poetry.org/docs/managing-dependencies/#dependency-groups -* chore(deps-dev): update flake8-isort requirement from 6.1.0 to 6.1.1 (#481) - -Updates the requirements on [flake8-isort](https://github.com/gforcada/flake8-isort) to permit the latest version. -- [Changelog](https://github.com/gforcada/flake8-isort/blob/main/CHANGES.rst) -- [Commits](https://github.com/gforcada/flake8-isort/compare/6.1.0...6.1.1) - ---- -updated-dependencies: -- dependency-name: flake8-isort - dependency-type: direct:development -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`fc74ddd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fc74dddc8add79be31d3747ddce9241bce2e4fed)) +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a85585c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a85585cf5e445ba5e67a027b4d1161911df6467d)) ### Documentation @@ -2795,10 +621,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3189e59`](https: * feat: `model.XsUri` migrate control characters according to spec (#498) -fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 - ---------- - +fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e490429`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e49042976f8577af4061c34394db270612488cdf)) @@ -2823,8 +649,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f61a730`](https: * feat: guarantee unique `BomRef`s in serialization result (#479) -Incorporate `output.BomRefDiscriminator` on serialization - +Incorporate `output.BomRefDiscriminator` on serialization + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a648775`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a648775bb5195621e17fdbae92950ab6d56a665a)) @@ -2832,23 +658,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a648775`](https: ### Chore -* chore(deps): bump python-semantic-release/python-semantic-release (#474) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 8.0.8 to 8.3.0. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v8.0.8...v8.3.0) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9c3ffac`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9c3ffac34e89610ccc4f9701444127e1e6f5ee07)) - * chore: make `pyproject` parsable by dependabot (#477) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c4eaaa5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c4eaaa54d98da43d0cdbb19b5f61e06a21f1cc58)) @@ -2878,122 +687,122 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`aae7304`](https: * feat!: v5.0.0 (#440) -BREAKING CHANGES ----------------- -* Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) -* Reworked license related models, collections, and factories ([#365] via [#466]) -* Behavior - * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) - * Fixed tuple comparison when unequal lengths (via [#461]) -* API - * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) - * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) - * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) - * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) - * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) - * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) - The old functionality was integrated into `factory.license.LicenseFactory`. - * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) - * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) - The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` - * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) - * Removed class `module.LicenseChoice` ([#365] via [#466]) - Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead - * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) - * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) - - -Fixed ----------------- -* Serialization of multy-licenses ([#365] via [#466]) -* Detect unused "dependent" components in `model.bom.validate()` (via [#464]) - - -Changed ----------------- -* Updated latest supported list of supported SPDX license identifiers (via [#433]) -* Shipped schema files are moved to a protected space (via [#433]) - These files were never intended for public use. -* XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) - - -Added ----------------- -* Support for Python 3.12 (via [#460]) -* JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) - The functionality might require additional dependencies, that can be installed with the extra "validation". - See the docs in section "Installation" for details. -* JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) -* Type hints, typings & overloads for better integration downstream (via [#463]) -* API - * New function `output.make_outputter()` (via [#469]) - This replaces the deprecated function `output.get_instance()`. - * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) - * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) - * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) - * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) - * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) - * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) - * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) - * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) - * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) - * New class `model.license.LicenseExpression` ([#365] via [#466]) - * New class `model.license.LicenseRepository` ([#365] via [#466]) - * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) - - -Deprecated ----------------- -* Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) - - -Tests ----------------- -* Added validation tests with official CycloneDX schema test data ([#432] via [#433]) -* Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) -* Added regression test for bug [#365] (via [#466], [#467]) - - -Misc ----------------- -* Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) -* Style: streamlined quotes and strings (via [#472]) -* Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) -* Chore: added more QA tools to prevent common security issues (via [#473]) - - -[#432]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/432 -[#433]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/433 -[#436]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/436 -[#437]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 -[#365]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/365 -[#438]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/438 -[#440]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/440 -[#441]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/441 -[#442]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/442 -[#446]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/446 -[#447]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/447 -[#448]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/448 -[#452]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/452 -[#453]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/453 -[#458]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/458 -[#460]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/460 -[#461]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/461 -[#462]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/462 -[#463]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/463 -[#464]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/464 -[#466]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/466 -[#467]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/467 -[#468]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/468 -[#469]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/469 -[#472]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/472 -[#473]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/473 - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> -Signed-off-by: semantic-release <semantic-release> +BREAKING CHANGES +---------------- +* Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) +* Reworked license related models, collections, and factories ([#365] via [#466]) +* Behavior + * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) + * Fixed tuple comparison when unequal lengths (via [#461]) +* API + * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) + * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) + * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) + * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) + * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) + * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) + The old functionality was integrated into `factory.license.LicenseFactory`. + * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) + * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) + The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` + * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) + * Removed class `module.LicenseChoice` ([#365] via [#466]) + Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead + * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) + * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) + + +Fixed +---------------- +* Serialization of multy-licenses ([#365] via [#466]) +* Detect unused "dependent" components in `model.bom.validate()` (via [#464]) + + +Changed +---------------- +* Updated latest supported list of supported SPDX license identifiers (via [#433]) +* Shipped schema files are moved to a protected space (via [#433]) + These files were never intended for public use. +* XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) + + +Added +---------------- +* Support for Python 3.12 (via [#460]) +* JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) + The functionality might require additional dependencies, that can be installed with the extra "validation". + See the docs in section "Installation" for details. +* JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) +* Type hints, typings & overloads for better integration downstream (via [#463]) +* API + * New function `output.make_outputter()` (via [#469]) + This replaces the deprecated function `output.get_instance()`. + * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) + * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) + * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) + * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) + * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) + * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) + * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) + * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) + * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) + * New class `model.license.LicenseExpression` ([#365] via [#466]) + * New class `model.license.LicenseRepository` ([#365] via [#466]) + * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) + + +Deprecated +---------------- +* Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) + + +Tests +---------------- +* Added validation tests with official CycloneDX schema test data ([#432] via [#433]) +* Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) +* Added regression test for bug [#365] (via [#466], [#467]) + + +Misc +---------------- +* Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) +* Style: streamlined quotes and strings (via [#472]) +* Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) +* Chore: added more QA tools to prevent common security issues (via [#473]) + + +[#432]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/432 +[#433]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/433 +[#436]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/436 +[#437]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 +[#365]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/365 +[#438]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/438 +[#440]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/440 +[#441]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/441 +[#442]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/442 +[#446]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/446 +[#447]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/447 +[#448]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/448 +[#452]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/452 +[#453]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/453 +[#458]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/458 +[#460]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/460 +[#461]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/461 +[#462]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/462 +[#463]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/463 +[#464]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/464 +[#466]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/466 +[#467]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/467 +[#468]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/468 +[#469]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/469 +[#472]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/472 +[#473]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/473 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> +Signed-off-by: semantic-release <semantic-release> Co-authored-by: semantic-release <semantic-release> ([`26b151c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/26b151cba7d7d484f23ee7888444f09ad6d016b1)) @@ -3024,26 +833,9 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5fa66a0`](https: * chore: dont lock poetry (#431) -fixes #430 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`49b144b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/49b144be519705b03adc510ddcc6b9e4504b7a40)) +fixes #430 -* chore(deps): bump actions/checkout from 3 to 4 (#429) - -Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. -- [Release notes](https://github.com/actions/checkout/releases) -- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) -- [Commits](https://github.com/actions/checkout/compare/v3...v4) - ---- -updated-dependencies: -- dependency-name: actions/checkout - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`a70754d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a70754d602e109538c06e06e59f563953c21ab1b)) +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`49b144b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/49b144be519705b03adc510ddcc6b9e4504b7a40)) ### Documentation @@ -3073,25 +865,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e1bdfdd`](https: ## v4.2.0 (2023-09-06) -### Chore - -* chore(deps): bump python-semantic-release/python-semantic-release (#423) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 8.0.7 to 8.0.8. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v8.0.7...v8.0.8) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`13e441d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/13e441d581e2c419b46719148078155d44786e52)) - ### Feature * feat: complete SPDX license expression (#425) @@ -3115,87 +888,6 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0e35d88`](https: Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`adf5a36`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/adf5a3668c7c9aa3e0478fd1eabf3b3163fae691)) -* chore(deps-dev): bump distlib from 0.3.6 to 0.3.7 (#412) - -Bumps [distlib](https://github.com/pypa/distlib) from 0.3.6 to 0.3.7. -- [Release notes](https://github.com/pypa/distlib/releases) -- [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst) -- [Commits](https://github.com/pypa/distlib/compare/0.3.6...0.3.7) - ---- -updated-dependencies: -- dependency-name: distlib - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`bc9f01d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bc9f01dd90688ef57f755d1b8ca5c5f7739d9d5d)) - -* chore(deps-dev): bump pluggy from 1.0.0 to 1.2.0 (#413) - -Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 1.0.0 to 1.2.0. -- [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/pytest-dev/pluggy/compare/1.0.0...1.2.0) - ---- -updated-dependencies: -- dependency-name: pluggy - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`be8af3e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/be8af3e950d3908179e0f194132222bd04310c36)) - -* chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#411) - -Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.4 to 1.5.5. -- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) -- [Commits](https://github.com/python/typed_ast/compare/1.5.4...1.5.5) - ---- -updated-dependencies: -- dependency-name: typed-ast - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`75302b1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75302b1de9ad9245327fa3b09181c7ff381fefe8)) - -* chore(deps-dev): bump lxml from 4.9.2 to 4.9.3 (#405) - -Bumps [lxml](https://github.com/lxml/lxml) from 4.9.2 to 4.9.3. -- [Release notes](https://github.com/lxml/lxml/releases) -- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) -- [Commits](https://github.com/lxml/lxml/compare/lxml-4.9.2...lxml-4.9.3) - ---- -updated-dependencies: -- dependency-name: lxml - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`6aa057b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6aa057bb2f0e3804e57b799fd9c3f969fb328fb7)) - -* chore(deps-dev): bump mypy from 1.4.0 to 1.4.1 (#400) - -Bumps [mypy](https://github.com/python/mypy) from 1.4.0 to 1.4.1. -- [Commits](https://github.com/python/mypy/compare/v1.4.0...v1.4.1) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`54d6a1a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/54d6a1a676d0d9715acd0d9275410b95bd9b82cf)) - ### Ci * ci: streamline concurrency for deploy (#406) @@ -3204,16 +896,16 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6a7ddfa`](https: * ci: run examples on prod-deps only (#402) -* ci: run examples on prod-deps only - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* ci: simplify ci - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - +* ci: run examples on prod-deps only + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* ci: simplify ci + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf40048`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf40048f00d4d9a70306ee414ebf5a1f970c6a70)) * ci: run examples (#401) @@ -3230,8 +922,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8b32efb`](https: * feat: programmatic access to library's version (#417) -adds `cyclonedx.__version__` - +adds `cyclonedx.__version__` + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3585ea9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3585ea9911ae521e86793ef18f5891289fb0b604)) @@ -3239,223 +931,28 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3585ea9`](https: ### Chore -* chore(deps): bump python-semantic-release/python-semantic-release (#393) - -Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 7.33.2 to 7.34.6. -- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v7.33.2...v7.34.6) - ---- -updated-dependencies: -- dependency-name: python-semantic-release/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`2180d31`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2180d31e21736f535745878d2459ba6603b2b0d3)) - -* chore(deps-dev): bump mypy from 1.3.0 to 1.4.0 (#395) - -* chore(deps-dev): bump mypy from 1.3.0 to 1.4.0 - -Bumps [mypy](https://github.com/python/mypy) from 1.3.0 to 1.4.0. -- [Commits](https://github.com/python/mypy/compare/v1.3.0...v1.4.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -* style: ignore type confusion - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - -Signed-off-by: dependabot[bot] <support@github.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> -Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ab36db4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ab36db4a77e4a343f8699726c438e5b5233badbe)) - -* chore(deps): bump filelock from 3.10.7 to 3.12.2 (#394) - -Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.10.7 to 3.12.2. -- [Release notes](https://github.com/tox-dev/py-filelock/releases) -- [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/py-filelock/compare/3.10.7...3.12.2) - ---- -updated-dependencies: -- dependency-name: filelock - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`90b339b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/90b339b34c3afeb11d1044d9dd3fcb3feea47327)) - -* chore(deps-dev): bump coverage from 7.2.6 to 7.2.7 (#390) - -Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.6 to 7.2.7. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.6...7.2.7) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`638d472`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/638d472d474f286c3adff6e35b5ea354ef140153)) - -* chore(deps-dev): bump xmldiff from 2.6.1 to 2.6.3 (#388) - -Bumps [xmldiff](https://github.com/Shoobx/xmldiff) from 2.6.1 to 2.6.3. -- [Release notes](https://github.com/Shoobx/xmldiff/releases) -- [Changelog](https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst) -- [Commits](https://github.com/Shoobx/xmldiff/compare/2.6.1...2.6.3) - ---- -updated-dependencies: -- dependency-name: xmldiff - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`b5fa67c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b5fa67c50216029af16d0643d6032e4a8bcde5e4)) - -* chore(deps-dev): bump coverage from 7.2.5 to 7.2.6 (#387) - -Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.5 to 7.2.6. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.5...7.2.6) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c49c320`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c49c3203b3afc41e44355b403c2b495a322e4d8a)) - -* chore(deps-dev): bump mypy from 1.2.0 to 1.3.0 (#385) - -Bumps [mypy](https://github.com/python/mypy) from 1.2.0 to 1.3.0. -- [Commits](https://github.com/python/mypy/compare/v1.2.0...v1.3.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`bb6d8bc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bb6d8bcdec1c10ca143396818d7605cc2f3277a6)) - -* chore(deps-dev): bump xmldiff from 2.5 to 2.6.1 (#375) - -Bumps [xmldiff](https://github.com/Shoobx/xmldiff) from 2.5 to 2.6.1. -- [Release notes](https://github.com/Shoobx/xmldiff/releases) -- [Changelog](https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst) -- [Commits](https://github.com/Shoobx/xmldiff/compare/2.5...2.6.1) - ---- -updated-dependencies: -- dependency-name: xmldiff - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`27b9ec5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/27b9ec57a48bcb0c29499df8e915b956c7b06b50)) - -* chore(deps-dev): bump mypy from 1.1.1 to 1.2.0 (#372) - -Bumps [mypy](https://github.com/python/mypy) from 1.1.1 to 1.2.0. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v1.1.1...v1.2.0) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`5e5a8c2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5e5a8c25979dc0769048d36abba5b1623b797f2e)) - -* chore(deps-dev): bump coverage from 7.2.2 to 7.2.5 (#383) - -Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.2 to 7.2.5. -- [Release notes](https://github.com/nedbat/coveragepy/releases) -- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) -- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.2...7.2.5) - ---- -updated-dependencies: -- dependency-name: coverage - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`b288d94`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b288d9406ff592c1f12be82746ccf7fd527413d7)) - -* chore(deps): update poetry and other dependency versions (#369) - -* update packageurl type hints - -Signed-off-by: gruebel <anton.gruebel@gmail.com> - -* lower bound packageurl-python dependency - -Signed-off-by: gruebel <anton.gruebel@gmail.com> - -* update deps.lowest.r - -Signed-off-by: gruebel <anton.gruebel@gmail.com> - ---------- - -Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`aa5b936`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/aa5b936f17c5a9840a0f436b8d4540439cf4c0a5)) - * chore: CI/QA/Build meintenance (#358) -* build: streamlined ci and builds - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* chore: upgrade lockfile with poetry1.4 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* removed extra brace - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fixed long line - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> +* build: streamlined ci and builds + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* chore: upgrade lockfile with poetry1.4 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* removed extra brace + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fixed long line + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Paul Horton <paul.horton@owasp.org> ([`9779af0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9779af02f5f3cd99fe3e1a088f5547f4991b05b7)) * chore: followup of #340 (#360) @@ -3482,7 +979,7 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`aa0eab1`](https://gi * ci: add concurrency rules (#361) - + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f65d646`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f65d64699a48bd6fe540c7503491ce29b1ce38d1)) ### Documentation @@ -3499,8 +996,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`65e22bd`](https: * fix: conditional warning if no root dependencies were found (#398) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c8175bb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c8175bb6aebac7f129d42d7a5a0ae928212c20cb)) ### Unknown @@ -3511,9 +1008,9 @@ Automatically generated by python-semantic-release ([`4a72f51`](https://github.c * Add missing space in warning message. (#364) - - -Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> + + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> ([`dad0d28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dad0d28ceb7381d1b503e5b29776fc01513f8b04)) @@ -3523,147 +1020,130 @@ Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> * feat: Release 4.0.0 #341) -Highlights of this release include: -* Support for De-serialization from JSON and XML to this Pythonic Model -* Deprecation of Python 3.6 support -* Support for Python 3.11 -* Support for `BomLink` -* Support VEX without needing `Component` in the same `Bom` -* Support for `services` having `dependencies` - -BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: support VEX without Components in the same BOM - -BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: support VEX without Components in the same BOM - -BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -feat: allow `version` of BOM to be defined - -feat: allow `serial_number` of BOM to be prescribed - -feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore: fix release workflow - -* chore: editorconfig - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* feat: support for deserialization from JSON and XML (#290) - -BREAKING CHANGE: - -* feat: drop Python 3.6 support - -Signed-off-by: Hakan Dilek <hakandilek@gmail.com> -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Co-authored-by: Hakan Dilek <hakandilek@gmail.com> -Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> - -* fix: update `serializable` to include XML safety changes - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* feat: Support for Python 3.11 (#349) - -* feat: officially test and support Python 3.11 - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* removed unused imports - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* bump `poetry` to `1.1.12` in CI - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: removed `types-toml` from dependencies - not used - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* chore: bump dev dependencies - -fix: removed `setuptools` as dependency -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* tests: compoennt versions optional (#350) - -* chore: exclude `venv*` from QA; add typing to QA - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* tests: component versions are optional - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* doc: doc updates for new deserialization feature - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - -* doc: doc updates for contribution - -Signed-off-by: Paul Horton <paul.horton@owasp.org> - ---------- - -Signed-off-by: Paul Horton <paul.horton@owasp.org> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Signed-off-by: Hakan Dilek <hakandilek@gmail.com> -Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: Hakan Dilek <hakandilek@gmail.com> +Highlights of this release include: +* Support for De-serialization from JSON and XML to this Pythonic Model +* Deprecation of Python 3.6 support +* Support for Python 3.11 +* Support for `BomLink` +* Support VEX without needing `Component` in the same `Bom` +* Support for `services` having `dependencies` + +BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: support VEX without Components in the same BOM + +BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: support VEX without Components in the same BOM + +BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +feat: allow `version` of BOM to be defined + +feat: allow `serial_number` of BOM to be prescribed + +feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore: fix release workflow + +* chore: editorconfig + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* feat: support for deserialization from JSON and XML (#290) + +BREAKING CHANGE: + +* feat: drop Python 3.6 support + +Signed-off-by: Hakan Dilek <hakandilek@gmail.com> +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Co-authored-by: Hakan Dilek <hakandilek@gmail.com> +Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> + +* fix: update `serializable` to include XML safety changes + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* feat: Support for Python 3.11 (#349) + +* feat: officially test and support Python 3.11 + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* removed unused imports + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* bump `poetry` to `1.1.12` in CI + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: removed `types-toml` from dependencies - not used + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* chore: bump dev dependencies + +fix: removed `setuptools` as dependency +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* tests: compoennt versions optional (#350) + +* chore: exclude `venv*` from QA; add typing to QA + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* tests: component versions are optional + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* doc: doc updates for new deserialization feature + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +* doc: doc updates for contribution + +Signed-off-by: Paul Horton <paul.horton@owasp.org> + +--------- + +Signed-off-by: Paul Horton <paul.horton@owasp.org> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Hakan Dilek <hakandilek@gmail.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> ([`8fb1b14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8fb1b14f5e04e85f21e654c44fa6b9b774867757)) ### Chore -* chore(deps): bump relekang/python-semantic-release from 7.31.2 to 7.33.1 (#345) - -Bumps [relekang/python-semantic-release](https://github.com/relekang/python-semantic-release) from 7.31.2 to 7.33.1. -- [Release notes](https://github.com/relekang/python-semantic-release/releases) -- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) -- [Commits](https://github.com/relekang/python-semantic-release/compare/v7.31.2...v7.33.1) - ---- -updated-dependencies: -- dependency-name: relekang/python-semantic-release - dependency-type: direct:production - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`a011d89`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a011d89ce6cee9e56bcfcc9a9338fa1e559721f7)) - * chore: package manifest fix link to homepage and documentation (#291) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f2350b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f2350b4e2b0fb7668ca987e523c53acb6ac6fefb)) ### Unknown @@ -3679,16 +1159,16 @@ Automatically generated by python-semantic-release ([`40fbfda`](https://github.c * chore: do not ship exra LICENSE file (#339) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b7f1028`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b7f1028156de8d1e14a391d84d24aa697814902a)) ### Fix * fix: mak test's schema paths relative to `cyclonedx` package (#338) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f0c05f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f0c05fe2b2a22bc84a1a437dd59390f2ceaf986)) ### Unknown @@ -3710,17 +1190,17 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7aae26d`](https: * fix(tests): include tests in `sdist` builds (#337) -* feat: include `tests` in `sdist` builds for #336 -* delete unexpected `DS_Store` file - +* feat: include `tests` in `sdist` builds for #336 +* delete unexpected `DS_Store` file + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`936ad7d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/936ad7d0c26d8f98040203d3234ca8f1afbd73ab)) ### Test * test: mock `ThisTool.version` for constisten results (#335) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`57a9e5e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/57a9e5e4f5b1eb785984be9d5a35aac60315232d)) ### Unknown @@ -3736,19 +1216,19 @@ Automatically generated by python-semantic-release ([`0b19294`](https://github.c * fix: serialize dependency graph for nested components (#329) -* tests: regression tests for issue #328 -* fix: for issue #328 - +* tests: regression tests for issue #328 +* fix: for issue #328 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`fb3f835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb3f8351881783281f8b7e796098a4c145b35927)) ### Test * test: tidy up test beds (#333) -* test: consolidate imports -* test: recreate all fixtures -* test: docs - +* test: consolidate imports +* test: recreate all fixtures +* test: docs + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ab862e7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ab862e79b72b808693e2ec7f6fe1fa3e99cae011)) ### Unknown @@ -3762,24 +1242,6 @@ Automatically generated by python-semantic-release ([`11a420c`](https://github.c ### Chore -* chore(deps): bump Gr1N/setup-poetry from 7 to 8 (#326) - -Bumps [Gr1N/setup-poetry](https://github.com/Gr1N/setup-poetry) from 7 to 8. -- [Release notes](https://github.com/Gr1N/setup-poetry/releases) -- [Commits](https://github.com/Gr1N/setup-poetry/compare/v7...v8) - ---- -updated-dependencies: -- dependency-name: Gr1N/setup-poetry - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Signed-off-by: dependabot[bot] <support@github.com> -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`f3af229`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f3af22979978f0c38c4c8f48b4271ee6a6c1e1bd)) - * chore: editorconfig Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8c75b1b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8c75b1ba63c10929c005ea27ebb6f63afa8b9719)) @@ -3788,7 +1250,7 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8c75b1b`](https: * ci: fix py36 (#320) - + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf9f790`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf9f790e30f5b430ea1ece8916b54323e1cdb5ee)) ### Documentation @@ -3799,29 +1261,29 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`539b57a`](https: * docs: fix shields (#324) -caused by https://github.com/badges/shields/issues/8671 - +caused by https://github.com/badges/shields/issues/8671 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`555dad4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/555dad4bc255066036ecca028192eb83df8ba5a0)) * docs: fix typo (#318) - + Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`63bfb87`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/63bfb8772fe78e9842675d17862c456150dbbc15)) ### Fix * fix: prevent errors on metadata handling for some specification versions (#330) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f08a656`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f08a65649aee750397edc061eb3b8325a69bb4b4)) ### Style * style: split joined path segments (#331) - - + + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`493104c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/493104c1bccc669ee55b89a2c360268d36f3f1b7)) ### Unknown @@ -3832,7 +1294,7 @@ Automatically generated by python-semantic-release ([`0853d14`](https://github.c * clarify sign-off step (#319) - + Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`007fb96`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/007fb96a1ec23b9516bc383afa85b3efc2707aa8)) @@ -3939,24 +1401,6 @@ Automatically generated by python-semantic-release ([`69582ff`](https://github.c Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`b569548`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b56954840ada89c0ba63b4be16e099cd74cc001d)) -* chore(deps-dev): bump flake8-isort from 4.1.1 to 4.1.2.post0 (#280) - -Bumps [flake8-isort](https://github.com/gforcada/flake8-isort) from 4.1.1 to 4.1.2.post0. -- [Release notes](https://github.com/gforcada/flake8-isort/releases) -- [Changelog](https://github.com/gforcada/flake8-isort/blob/master/CHANGES.rst) -- [Commits](https://github.com/gforcada/flake8-isort/compare/4.1.1...4.1.2.post0) - ---- -updated-dependencies: -- dependency-name: flake8-isort - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`01cb53b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/01cb53b9a29f0dfa35b57d4ac0ac56f2d8778f0a)) - * chore: resolve hang issue with running isort as pre-commit hook Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`fb25b70`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb25b70c0a3b5a5855332e1c5371219b97beb181)) @@ -3986,8 +1430,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6597db7`](https://gi * Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275 -fix: BOM validation fails when Components or Services are nested #275 - +fix: BOM validation fails when Components or Services are nested #275 + fix: updated dependencies #271, #270, #269 and #256 ([`68a0cdd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68a0cddc0a226947d76b6a275cfceba383797d3b)) * Merge branch 'main' into fix/bom-validation-nested-components-isue-275 ([`6caee65`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6caee657260e46f18cade24a73b4f17bc5ad6dd8)) @@ -4021,114 +1465,6 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`692c005`](https://gi ## v2.7.0 (2022-07-21) -### Chore - -* chore(deps): bump virtualenv from 20.15.0 to 20.15.1 (#255) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.15.0 to 20.15.1. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.15.0...20.15.1) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`d720a5f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d720a5fed662eaf19657d5a2d3f46a9b386d13de)) - -* chore(deps-dev): bump flake8-bugbear from 22.6.22 to 22.7.1 (#259) - -Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 22.6.22 to 22.7.1. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/22.6.22...22.7.1) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`1175f60`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1175f603f863bbcdb3d49dd84c66a25a5826c6ea)) - -* chore(deps-dev): bump jsonschema from 4.6.0 to 4.6.1 (#258) - -Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.6.0 to 4.6.1. -- [Release notes](https://github.com/python-jsonschema/jsonschema/releases) -- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.6.0...v4.6.1) - ---- -updated-dependencies: -- dependency-name: jsonschema - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`ddbfabc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ddbfabce2487f21ef204674dc5bd8de70c8fd204)) - -* chore(deps-dev): bump lxml from 4.9.0 to 4.9.1 (#257) - -Bumps [lxml](https://github.com/lxml/lxml) from 4.9.0 to 4.9.1. -- [Release notes](https://github.com/lxml/lxml/releases) -- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) -- [Commits](https://github.com/lxml/lxml/compare/lxml-4.9.0...lxml-4.9.1) - ---- -updated-dependencies: -- dependency-name: lxml - dependency-type: direct:development - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`f045b7f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f045b7ffcf318652dd8a13b7fe5c61f3b4d81a7b)) - -* chore(deps): bump virtualenv from 20.14.1 to 20.15.0 (#251) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.14.1 to 20.15.0. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.14.1...20.15.0) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`70270a9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/70270a97b481d976eea82bd3c35bbb5055104234)) - -* chore(deps-dev): bump flake8-bugbear from 22.4.25 to 22.6.22 (#252) - -Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 22.4.25 to 22.6.22. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/22.4.25...22.6.22) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c957226`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c957226543b43631d247f3417621668cc824232a)) - ### Feature * feat: support for CycloneDX schema `1.4.2` - adds `vulnerability.properties` to the schema ([`32e7929`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32e792928bdf37133e966ef72ec01b0bc698482d)) @@ -4151,26 +1487,6 @@ Automatically generated by python-semantic-release ([`96d155e`](https://github.c ## v2.6.0 (2022-06-20) -### Chore - -* chore(deps): bump colorama from 0.4.4 to 0.4.5 (#249) - -Bumps [colorama](https://github.com/tartley/colorama) from 0.4.4 to 0.4.5. -- [Release notes](https://github.com/tartley/colorama/releases) -- [Changelog](https://github.com/tartley/colorama/blob/master/CHANGELOG.rst) -- [Commits](https://github.com/tartley/colorama/compare/0.4.4...0.4.5) - ---- -updated-dependencies: -- dependency-name: colorama - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`39637ad`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/39637ade2668003c3bf7c22cf40c72bae324d8c1)) - ### Feature * feat: reduce unnessessarry type casting of `set`/`SortedSet` (#203) @@ -4186,25 +1502,6 @@ Automatically generated by python-semantic-release ([`8481e9b`](https://github.c ## v2.5.2 (2022-06-15) -### Chore - -* chore(deps): bump actions/setup-python from 3 to 4 (#247) - -Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4. -- [Release notes](https://github.com/actions/setup-python/releases) -- [Commits](https://github.com/actions/setup-python/compare/v3...v4) - ---- -updated-dependencies: -- dependency-name: actions/setup-python - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`ddd0144`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ddd01446e5fe201bfb0cebeee3c4afb25f54223b)) - ### Fix * fix: add expected lower-than comparators for `OrganizationalEntity` and `VulnerabilityCredits` (#248) @@ -4220,31 +1517,12 @@ Automatically generated by python-semantic-release ([`fb9a796`](https://github.c ## v2.5.1 (2022-06-10) -### Chore - -* chore(deps-dev): bump mypy from 0.960 to 0.961 (#244) - -Bumps [mypy](https://github.com/python/mypy) from 0.960 to 0.961. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.960...v0.961) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`48ea951`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/48ea951c92f0b944e5aae2cd1cfd299b02fb4322)) - ### Fix * fix: add missing `Vulnerability` comparator for sorting (#246) -Partial fix for #245. - +Partial fix for #245. + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`c3f3d0d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c3f3d0d105f0dcf991175040b6d6c2b6e7e25d8f)) ### Unknown @@ -4260,134 +1538,9 @@ Automatically generated by python-semantic-release ([`1ea5b20`](https://github.c * build: move typing to dev-dependencies -Move `types-setuptools` and `types-toml` to dev-dependencies (#226) - -Signed-off-by: Adam Johnson <me@adamj.eu> ([`0e2376b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0e2376baade068ae0490b05550837d104e9abfa4)) - -### Chore +Move `types-setuptools` and `types-toml` to dev-dependencies (#226) -* chore(deps-dev): bump jsonschema from 4.5.1 to 4.6.0 (#242) - -Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.5.1 to 4.6.0. -- [Release notes](https://github.com/python-jsonschema/jsonschema/releases) -- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.5.1...v4.6.0) - ---- -updated-dependencies: -- dependency-name: jsonschema - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`32af991`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32af991c8f69c7f9f2f06b68c014bc7af0498d5d)) - -* chore(deps-dev): bump lxml from 4.8.0 to 4.9.0 (#241) - -Bumps [lxml](https://github.com/lxml/lxml) from 4.8.0 to 4.9.0. -- [Release notes](https://github.com/lxml/lxml/releases) -- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) -- [Commits](https://github.com/lxml/lxml/compare/lxml-4.8.0...lxml-4.9.0) - ---- -updated-dependencies: -- dependency-name: lxml - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`6d5189e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6d5189e4612126a2fcc72ffe77857ab6fbea25bc)) - -* chore(deps-dev): bump mypy from 0.942 to 0.960 (#230) - -Bumps [mypy](https://github.com/python/mypy) from 0.942 to 0.960. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.942...v0.960) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`88d9d8b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/88d9d8b7ff18f495a0767e3ed9f37783030ca45d)) - -* chore(deps): bump types-setuptools from 57.4.12 to 57.4.17 (#238) - -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.12 to 57.4.17. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3d011ab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d011ab8f46a3486e1f0dc2a4bb099f7e68f31dd)) - -* chore(deps): bump types-setuptools from 57.4.12 to 57.4.17 (#237) - -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.12 to 57.4.17. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`a1d1bae`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a1d1bae1e5a1e3fdabba3082b3f1a94e3265312d)) - -* chore(deps): bump typed-ast from 1.5.2 to 1.5.4 (#232) - -Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.2 to 1.5.4. -- [Release notes](https://github.com/python/typed_ast/releases) -- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) -- [Commits](https://github.com/python/typed_ast/compare/1.5.2...1.5.4) - ---- -updated-dependencies: -- dependency-name: typed-ast - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`866f9ac`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/866f9ac4e4f270fd24b04766aa0082dac6116359)) - -* chore(deps-dev): bump jsonschema from 4.4.0 to 4.5.1 (#221) - -Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.4.0 to 4.5.1. -- [Release notes](https://github.com/python-jsonschema/jsonschema/releases) -- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.4.0...v4.5.1) - ---- -updated-dependencies: -- dependency-name: jsonschema - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`c65ce28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c65ce284d602b9218464cc8b2cfbcff6b13aa910)) +Signed-off-by: Adam Johnson <me@adamj.eu> ([`0e2376b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0e2376baade068ae0490b05550837d104e9abfa4)) ### Ci @@ -4403,8 +1556,8 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`91e1297`](https: * docs: fix typo "This is out" -> "This is our" -Fix typo in comments: "This is out" -> "This is our" (#233) - +Fix typo in comments: "This is out" -> "This is our" (#233) + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`ef0278a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ef0278a2044147e73a281c5a59f95049d4af7641)) ### Feature @@ -4417,8 +1570,8 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`8a1c404`](https://gi * test: tests calculate versions if needed -Don't hardcode component version in test (#229) - +Don't hardcode component version in test (#229) + Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`7b3ce65`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7b3ce65f92ff6009a1e29d4938eac5ea664b2538)) ### Unknown @@ -4505,84 +1658,12 @@ Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com& ## v2.4.0 (2022-05-17) -### Chore - -* chore(deps): bump virtualenv from 20.14.0 to 20.14.1 (#208) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.14.0 to 20.14.1. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.14.0...20.14.1) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`04f3671`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/04f3671de036b340faf18170603fad32095771cb)) - -* chore(deps-dev): bump tox from 3.24.5 to 3.25.0 (#209) - -Bumps [tox](https://github.com/tox-dev/tox) from 3.24.5 to 3.25.0. -- [Release notes](https://github.com/tox-dev/tox/releases) -- [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/tox/compare/3.24.5...3.25.0) - ---- -updated-dependencies: -- dependency-name: tox - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`8eee5d3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8eee5d354c3ee640bbc773d315f1c17e1a8334fd)) - -* chore(deps): bump types-toml from 0.10.4 to 0.10.7 (#222) - -Bumps [types-toml](https://github.com/python/typeshed) from 0.10.4 to 0.10.7. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-toml - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`5d19805`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5d19805c4e0568d4fc0894ed0b9d7cb3b99e219b)) - -* chore(deps-dev): bump flake8-bugbear from 22.3.23 to 22.4.25 (#220) - -Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 22.3.23 to 22.4.25. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/22.3.23...22.4.25) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`de7f4aa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/de7f4aae0378c6475d65ac9ec2303155d4062591)) - ### Feature * feat(deps): remove unused `typing-extensions` constraints -PullRequest and details via #224 - +PullRequest and details via #224 + Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`2ce358a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2ce358a37e6ce5f06aa9297aed17f8f5bea38e93)) ### Unknown @@ -4673,42 +1754,6 @@ Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`f487c4a`](https://gi ## v2.2.0 (2022-04-12) -### Chore - -* chore(deps): bump actions/upload-artifact from 2 to 3 (#204) - -Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. -- [Release notes](https://github.com/actions/upload-artifact/releases) -- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) - ---- -updated-dependencies: -- dependency-name: actions/upload-artifact - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`dad8538`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dad8538797352e1f2d0bb322b2df007370da19be)) - -* chore(deps): bump types-setuptools from 57.4.11 to 57.4.12 (#205) - -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.11 to 57.4.12. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`eae598a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eae598adca14eaa7125ab8bc6a2af4b213cdbd5c)) - ### Ci * ci: introduce `timeout-minutes` and drop `dependabot` branches for CI #206 @@ -4775,180 +1820,6 @@ fix: `version` being optional in JSON output can raise error ([`6f7e09a`](https: ### Chore -* chore(deps): bump virtualenv from 20.13.4 to 20.14.0 (#200) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.4 to 20.14.0. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.4...20.14.0) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`6ccb637`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6ccb63789fdc49c2b0b7f1349f4a4f168951ed73)) - -* chore(deps-dev): bump mypy from 0.941 to 0.942 (#199) - -Bumps [mypy](https://github.com/python/mypy) from 0.941 to 0.942. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.941...v0.942) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`51dadb9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/51dadb9ded4a49a9ad6e22dd689cbfbbe04547aa)) - -* chore(deps-dev): bump flake8-bugbear from 22.1.11 to 22.3.23 (#201) - -Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 22.1.11 to 22.3.23. -- [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) -- [Commits](https://github.com/PyCQA/flake8-bugbear/compare/22.1.11...22.3.23) - ---- -updated-dependencies: -- dependency-name: flake8-bugbear - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`4f9f169`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4f9f1693950caecdd6b01c25c2b47c7940f703b5)) - -* chore(deps): bump types-setuptools from 57.4.10 to 57.4.11 (#197) - -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.10 to 57.4.11. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`8f4db6b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8f4db6b99b1213949c69605019e468ca9598a8e0)) - -* chore(deps-dev): bump mypy from 0.940 to 0.941 (#195) - -Bumps [mypy](https://github.com/python/mypy) from 0.940 to 0.941. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.940...v0.941) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`8012c29`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8012c299634537340a061e9b1b3ad60071fd7c13)) - -* chore(deps): bump virtualenv from 20.13.3 to 20.13.4 (#196) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.3 to 20.13.4. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/20.13.4/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.3...20.13.4) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`f94bb64`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f94bb64f5216eb8de8f032368e3c73f914e0b737)) - -* chore(deps): bump testfixtures from 6.18.4 to 6.18.5 (#187) - -Bumps [testfixtures](https://github.com/Simplistix/testfixtures) from 6.18.4 to 6.18.5. -- [Release notes](https://github.com/Simplistix/testfixtures/releases) -- [Changelog](https://github.com/simplistix/testfixtures/blob/master/CHANGELOG.rst) -- [Commits](https://github.com/Simplistix/testfixtures/compare/6.18.4...6.18.5) - ---- -updated-dependencies: -- dependency-name: testfixtures - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3b92776`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3b92776d75ea0e75f5b41bdfb69b78851e0ffc52)) - -* chore(deps): bump types-setuptools from 57.4.9 to 57.4.10 (#188) - -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.9 to 57.4.10. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`dcfaf21`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dcfaf21f27fd490277de01eb0eb9b59a522d5353)) - -* chore(deps): bump virtualenv from 20.13.2 to 20.13.3 (#189) - -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.2 to 20.13.3. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.2...20.13.3) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`e71e5b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e71e5b3a46cb6c5c915d9b31eb8e0e815c511a3d)) - -* chore(deps-dev): bump mypy from 0.931 to 0.940 (#192) - -Bumps [mypy](https://github.com/python/mypy) from 0.931 to 0.940. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.931...v0.940) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9fce6bf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9fce6bf853032de9b2eec1f2b20341c8fbe6f639)) - * chore: added autopep8 to pre-commit and clarified command in CONTRIBUTING for performance Signed-off-by: Paul Horton <phorton@sonatype.com> ([`5dafb1c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5dafb1c88208caccaf82fc5abea41df0d295d5a4)) @@ -4961,41 +1832,6 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`fd6ab7a`](https://git Signed-off-by: Paul Horton <phorton@sonatype.com> ([`67cefe1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/67cefe1e5f9eb3bdb1d07c29e1ea351937c15bc0)) -* chore(deps): bump actions/checkout from 2 to 3 (#184) - -Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. -- [Release notes](https://github.com/actions/checkout/releases) -- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) -- [Commits](https://github.com/actions/checkout/compare/v2...v3) - ---- -updated-dependencies: -- dependency-name: actions/checkout - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`a3ed3c7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a3ed3c712a8a85361a59522efc356ab5194b0999)) - -* chore(deps): bump actions/setup-python from 2 to 3 (#183) - -Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3. -- [Release notes](https://github.com/actions/setup-python/releases) -- [Commits](https://github.com/actions/setup-python/compare/v2...v3) - ---- -updated-dependencies: -- dependency-name: actions/setup-python - dependency-type: direct:production - update-type: version-update:semver-major -... - -Signed-off-by: dependabot[bot] <support@github.com> - -Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`ee79ffa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ee79ffaaa6155f6890379a847b49a805c1ee7202)) - * chore: dependabot prefix `chore`, not eco-system ([`c96cea4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c96cea47f855add5edf2707305ef7b671da7db39)) * chore: make isort and flake8-isort available @@ -5004,127 +1840,127 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b211de5`](https: * chore: poetry(deps): bump pyparsing from 3.0.6 to 3.0.7 (#140) -Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.0.6 to 3.0.7. -- [Release notes](https://github.com/pyparsing/pyparsing/releases) -- [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) -- [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.0.6...pyparsing_3.0.7) - ---- -updated-dependencies: -- dependency-name: pyparsing - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.0.6 to 3.0.7. +- [Release notes](https://github.com/pyparsing/pyparsing/releases) +- [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) +- [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.0.6...pyparsing_3.0.7) + +--- +updated-dependencies: +- dependency-name: pyparsing + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`1bdb798`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1bdb7987a86af967d5a883626346f217a243bfda)) * chore: poetry(deps): bump types-setuptools from 57.4.7 to 57.4.9 (#168) -Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.7 to 57.4.9. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-setuptools - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.7 to 57.4.9. +- [Release notes](https://github.com/python/typeshed/releases) +- [Commits](https://github.com/python/typeshed/commits) + +--- +updated-dependencies: +- dependency-name: types-setuptools + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`48c3f99`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/48c3f997abf2560b648d85b907c001879e063551)) * chore: poetry(deps): bump filelock from 3.4.0 to 3.4.1 (#116) -Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.4.0 to 3.4.1. -- [Release notes](https://github.com/tox-dev/py-filelock/releases) -- [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) -- [Commits](https://github.com/tox-dev/py-filelock/compare/3.4.0...3.4.1) - ---- -updated-dependencies: -- dependency-name: filelock - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.4.0 to 3.4.1. +- [Release notes](https://github.com/tox-dev/py-filelock/releases) +- [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) +- [Commits](https://github.com/tox-dev/py-filelock/compare/3.4.0...3.4.1) + +--- +updated-dependencies: +- dependency-name: filelock + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`17f1a5f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/17f1a5f8555675913ea09318848dd28ce96d1c3c)) * chore: poetry(deps): bump attrs from 21.2.0 to 21.4.0 (#113) -Bumps [attrs](https://github.com/python-attrs/attrs) from 21.2.0 to 21.4.0. -- [Release notes](https://github.com/python-attrs/attrs/releases) -- [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/python-attrs/attrs/compare/21.2.0...21.4.0) - ---- -updated-dependencies: -- dependency-name: attrs - dependency-type: indirect - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [attrs](https://github.com/python-attrs/attrs) from 21.2.0 to 21.4.0. +- [Release notes](https://github.com/python-attrs/attrs/releases) +- [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) +- [Commits](https://github.com/python-attrs/attrs/compare/21.2.0...21.4.0) + +--- +updated-dependencies: +- dependency-name: attrs + dependency-type: indirect + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`3c39ae5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3c39ae5f7435b4e0240e674e47283ac3beb9f2b8)) * chore: poetry(deps): bump typed-ast from 1.5.1 to 1.5.2 (#144) -Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.1 to 1.5.2. -- [Release notes](https://github.com/python/typed_ast/releases) -- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) -- [Commits](https://github.com/python/typed_ast/compare/1.5.1...1.5.2) - ---- -updated-dependencies: -- dependency-name: typed-ast - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.1 to 1.5.2. +- [Release notes](https://github.com/python/typed_ast/releases) +- [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) +- [Commits](https://github.com/python/typed_ast/compare/1.5.1...1.5.2) + +--- +updated-dependencies: +- dependency-name: typed-ast + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`ac5809e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ac5809e93a3a5c54b04c75bd959216a4b21095ff)) * chore: poetry(deps): bump packageurl-python from 0.9.6 to 0.9.9 (#177) -Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.9.6 to 0.9.9. -- [Release notes](https://github.com/package-url/packageurl-python/releases) -- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) -- [Commits](https://github.com/package-url/packageurl-python/compare/v0.9.6...v0.9.9) - ---- -updated-dependencies: -- dependency-name: packageurl-python - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.9.6 to 0.9.9. +- [Release notes](https://github.com/package-url/packageurl-python/releases) +- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) +- [Commits](https://github.com/package-url/packageurl-python/compare/v0.9.6...v0.9.9) + +--- +updated-dependencies: +- dependency-name: packageurl-python + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`4bfba14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4bfba14bfacca773fd2e949e327f94b794fdef0b)) * chore: poetry(deps): bump virtualenv from 20.13.1 to 20.13.2 (#181) -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.1 to 20.13.2. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.1...20.13.2) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.1 to 20.13.2. +- [Release notes](https://github.com/pypa/virtualenv/releases) +- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) +- [Commits](https://github.com/pypa/virtualenv/compare/20.13.1...20.13.2) + +--- +updated-dependencies: +- dependency-name: virtualenv + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`20e3368`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/20e3368f35e28187f41ac0652384ea2104d45e35)) ### Feature @@ -5189,37 +2025,37 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`da3f0ca`](https://git * chore: poetry(deps): bump virtualenv from 20.13.0 to 20.13.1 (#167) -Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.0 to 20.13.1. -- [Release notes](https://github.com/pypa/virtualenv/releases) -- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) -- [Commits](https://github.com/pypa/virtualenv/compare/20.13.0...20.13.1) - ---- -updated-dependencies: -- dependency-name: virtualenv - dependency-type: indirect - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.0 to 20.13.1. +- [Release notes](https://github.com/pypa/virtualenv/releases) +- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) +- [Commits](https://github.com/pypa/virtualenv/compare/20.13.0...20.13.1) + +--- +updated-dependencies: +- dependency-name: virtualenv + dependency-type: indirect + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`9e80258`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9e802582bd9b9bdd0e1e91a0af551d3f2190fb5e)) * chore: poetry(deps): bump types-toml from 0.10.3 to 0.10.4 (#166) -Bumps [types-toml](https://github.com/python/typeshed) from 0.10.3 to 0.10.4. -- [Release notes](https://github.com/python/typeshed/releases) -- [Commits](https://github.com/python/typeshed/commits) - ---- -updated-dependencies: -- dependency-name: types-toml - dependency-type: direct:production - update-type: version-update:semver-patch -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [types-toml](https://github.com/python/typeshed) from 0.10.3 to 0.10.4. +- [Release notes](https://github.com/python/typeshed/releases) +- [Commits](https://github.com/python/typeshed/commits) + +--- +updated-dependencies: +- dependency-name: types-toml + dependency-type: direct:production + update-type: version-update:semver-patch +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`02449f6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/02449f6102e49f9e2425ab4e5b050f38832e6ba9)) * chore: bump dependencies @@ -5230,17 +2066,17 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6c280e7`](https://git * feat: completed work on #155 (#172) -fix: resolved #169 (part of #155) -feat: as part of solving #155, #147 has been implemented - +fix: resolved #169 (part of #155) +feat: as part of solving #155, #147 has been implemented + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a926b34`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a926b34c7facb8b3709936fe00b62a0b80338f31)) * feat: support complete model for `bom.metadata` (#162) -* feat: support complete model for `bom.metadata` -fix: JSON comparison in unit tests was broken -chore: corrected some source license headers - +* feat: support complete model for `bom.metadata` +fix: JSON comparison in unit tests was broken +chore: corrected some source license headers + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2938a6c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2938a6c001a5b0b25477241d4ad6601030c55165)) * feat: support for `bom.externalReferences` in JSON and XML #124 @@ -5249,8 +2085,8 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`1b733d7`](https://git * feat: Complete support for `bom.components` (#155) -* fix: implemented correct `__hash__` methods in models (#153) - +* fix: implemented correct `__hash__` methods in models (#153) + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`32c0139`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32c01396251834c69a5b23c82a5554faf8447f61)) * feat: support services in XML BOMs @@ -5318,12 +2154,12 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`670bde4`](https://git * Continuation of #170 - missed updating Vulnerability to use `BomRef` (#175) -* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* updated Vulnerability to also use new `BomRef` model - +* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* updated Vulnerability to also use new `BomRef` model + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`0d82c01`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d82c019afce3e4aefe56bff9607cfd60186c6b0)) * BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references (#174) @@ -5340,10 +2176,10 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`9b6ce4b`](https://git * BREAKING CHANGE: update models to use `Set` rather than `List` (#160) -* BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]` -BREAKING CHANGE: update final models to use `@property` -wip - +* BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]` +BREAKING CHANGE: update final models to use `@property` +wip + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`142b8bf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/142b8bf4dbb2e61d131b7ca2ec332aac472ef3cd)) * removed unnecessary calls to `hash()` in `__hash__()` methods as pointed out by @jkowalleck @@ -5368,92 +2204,92 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a35d540`](https://git * WIP on `bom.services` -* WIP but a lil hand up for @madpah - -Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> - -* chore: added missing license header - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* No default values for required fields - -* Add Services to BOM - -* Typo fix - -* aligned classes with standards, commented out Signature work for now, added first tests for Services - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* addressed standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* 1.2.0 - -Automatically generated by python-semantic-release - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) - -* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* doc: updated documentation to reflect change - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* patched other tests to support UUID for bom-ref - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* better syntax - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* 1.3.0 - -Automatically generated by python-semantic-release - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* WIP but a lil hand up for @madpah - -Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* chore: added missing license header - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* aligned classes with standards, commented out Signature work for now, added first tests for Services - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* removed signature from this branch - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* Add Services to BOM - -* Typo fix - -* addressed standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* resolved typing issues from merge - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* added a bunch more tests for JSON output - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -Co-authored-by: Paul Horton <phorton@sonatype.com> +* WIP but a lil hand up for @madpah + +Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> + +* chore: added missing license header + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* No default values for required fields + +* Add Services to BOM + +* Typo fix + +* aligned classes with standards, commented out Signature work for now, added first tests for Services + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* addressed standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* 1.2.0 + +Automatically generated by python-semantic-release + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) + +* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* doc: updated documentation to reflect change + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* patched other tests to support UUID for bom-ref + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* better syntax + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* 1.3.0 + +Automatically generated by python-semantic-release + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* WIP but a lil hand up for @madpah + +Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* chore: added missing license header + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* aligned classes with standards, commented out Signature work for now, added first tests for Services + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* removed signature from this branch + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* Add Services to BOM + +* Typo fix + +* addressed standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* resolved typing issues from merge + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* added a bunch more tests for JSON output + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +Co-authored-by: Paul Horton <phorton@sonatype.com> Co-authored-by: github-actions <action@github.com> ([`b45ff18`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b45ff187056893c5fb294cbf9de854fd130bb7be)) @@ -5463,20 +2299,20 @@ Co-authored-by: github-actions <action@github.com> ([`b45ff18`](https://gi * feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) -* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* doc: updated documentation to reflect change - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* patched other tests to support UUID for bom-ref - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* better syntax - +* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* doc: updated documentation to reflect change + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* patched other tests to support UUID for bom-ref + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* better syntax + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`3953bb6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3953bb676f423c325ca4d80f3fcee33ad042ad93)) ### Unknown @@ -5492,53 +2328,53 @@ Automatically generated by python-semantic-release ([`4178181`](https://github.c * feat: add CPE to component (#138) -* Added CPE to component - -Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixing problems with CPE addition - -- Fixed styling errors -- Added reference to CPE Spec -- Adding CPE parameter as last parameter to not break arguments - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Again fixes for Style and CPE reference - -Missing in the last commit - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Added CPE as argument before deprecated arguments - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Added testing for CPE addition and error fixing - -- Added output tests for CPE in XML and JSON -- Fixes style error in components -- Fixes order for CPE output in XML (CPE has to come before PURL) - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed output tests - -CPE was still in the wrong position in one of the tests - fixed - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed minor test fixtures issues - -- cpe was still in wrong position in 1.2 JSON -- Indentation fixed in 1.4 JSON - -Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> - -* Fixed missing comma in JSON 1.2 test file - +* Added CPE to component + +Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixing problems with CPE addition + +- Fixed styling errors +- Added reference to CPE Spec +- Adding CPE parameter as last parameter to not break arguments + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Again fixes for Style and CPE reference + +Missing in the last commit + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Added CPE as argument before deprecated arguments + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Added testing for CPE addition and error fixing + +- Added output tests for CPE in XML and JSON +- Fixes style error in components +- Fixes order for CPE output in XML (CPE has to come before PURL) + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed output tests + +CPE was still in the wrong position in one of the tests - fixed + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed minor test fixtures issues + +- cpe was still in wrong position in 1.2 JSON +- Indentation fixed in 1.4 JSON + +Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> + +* Fixed missing comma in JSON 1.2 test file + Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> ([`269ee15`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/269ee155f203d5771c56edb92f7279466bf2012f)) ### Unknown @@ -5569,14 +2405,14 @@ Automatically generated by python-semantic-release ([`dec63de`](https://github.c * feat: add support for `bom.metadata.component` (#118) -* Add support for metadata component - -Part of #6 - -Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> - -* Better docs and simpler ifs - +* Add support for metadata component + +Part of #6 + +Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> + +* Better docs and simpler ifs + Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> ([`1ac31f4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1ac31f4cb14b6c466e092ff38ee2aa472c883c5d)) ### Unknown @@ -5600,8 +2436,8 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6799e63`](https://git * chore: disable poetry-cache in gh-workflow (#112) -closes #91 - +closes #91 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`42f7952`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/42f7952fad512c84fd0a4d08c564af43d8bc5c87)) * chore: removed pdoc3 from main dev dependencies as now covered in docs/requirements.txt @@ -5614,29 +2450,29 @@ Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f2403f6`](https://git * chore: bump `flake8` to v4 and add `autopep8` (#93) -* chore: bump `flake8` to v4 and add `autopep8` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* chore: make pep8 known in the contrib docs - +* chore: bump `flake8` to v4 and add `autopep8` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* chore: make pep8 known in the contrib docs + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6553dbf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6553dbfefcf6865b28b72771a9a08f1387dbdf11)) * chore: poetry(deps-dev): bump mypy from 0.910 to 0.920 (#103) -Bumps [mypy](https://github.com/python/mypy) from 0.910 to 0.920. -- [Release notes](https://github.com/python/mypy/releases) -- [Commits](https://github.com/python/mypy/compare/v0.910...v0.920) - ---- -updated-dependencies: -- dependency-name: mypy - dependency-type: direct:development - update-type: version-update:semver-minor -... - -Signed-off-by: dependabot[bot] <support@github.com> - +Bumps [mypy](https://github.com/python/mypy) from 0.910 to 0.920. +- [Release notes](https://github.com/python/mypy/releases) +- [Commits](https://github.com/python/mypy/compare/v0.910...v0.920) + +--- +updated-dependencies: +- dependency-name: mypy + dependency-type: direct:development + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] <support@github.com> + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`fdd20ca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fdd20ca4be71be78b578f756f46b44d829a76212)) ### Unknown @@ -5645,27 +2481,27 @@ Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.githu * Support for CycloneDX schema version 1.4 (#108) -BREAKING CHANGE: Support for CycloneDX 1.4. This includes: -- Support for `tools` having `externalReferences` -- Allowing `version` for a `Component` to be optional in 1.4 -- Support for `releaseNotes` per `Component` -- Support for the core schema implementation of Vulnerabilities (VEX) - -Other changes included in this PR: -- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat) -- Fixes to ensure schema is adhered to in 1.0 -- URI's are now used throughout the library through a new `XsUri` class to provide URI validation -- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/) -- `$schema` is now included in JSON BOMs -- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python -- Added reference to release of this library on Anaconda - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -Co-authored-by: Paul Horton <phorton@sonatype.com> - +BREAKING CHANGE: Support for CycloneDX 1.4. This includes: +- Support for `tools` having `externalReferences` +- Allowing `version` for a `Component` to be optional in 1.4 +- Support for `releaseNotes` per `Component` +- Support for the core schema implementation of Vulnerabilities (VEX) + +Other changes included in this PR: +- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat) +- Fixes to ensure schema is adhered to in 1.0 +- URI's are now used throughout the library through a new `XsUri` class to provide URI validation +- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/) +- `$schema` is now included in JSON BOMs +- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python +- Added reference to release of this library on Anaconda + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +Co-authored-by: Paul Horton <phorton@sonatype.com> + Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7fb6da9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7fb6da9166050333ae5db7e35ab792b9bdee48d4)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`d26970b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d26970bcc52568645c303f060d71cbc25edbfe78)) @@ -5694,8 +2530,8 @@ Automatically generated by python-semantic-release ([`cfc9d38`](https://github.c * fix: tightened dependency `packageurl-python` (#95) -fixes #94 - +fixes #94 + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`eb4ae5c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eb4ae5ca8842877b780a755b6611feef847bdb8c)) ### Unknown @@ -5721,10 +2557,10 @@ Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`91b97be`](https: * fix: further loosened dependency definitions -see #44 - -updated some locked dependencies to latest versions - +see #44 + +updated some locked dependencies to latest versions + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bef6ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bef6ecad36f51a003b266d776c9520d33e06034)) ### Unknown @@ -5740,82 +2576,82 @@ Automatically generated by python-semantic-release ([`43fc36e`](https://github.c * ci: update to run tox for both our favoured versions of dependencies and lowest supported versions -* add tox env for minimal required dependencies - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix `TypedDict` typing - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fix: typing definitions to be PY 3.6 compatible - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fix: typing definitions to be PY 3.6 compatible - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* straigtened up `sys.version_info` constraints/code-branches - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* removed unused type ignores - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix type variants - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* try to fix type variants - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* typing for py3.6 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fixed invalid unittest - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* typing for py3.6 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* mypy silence `warn_unused_ignores` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* mypy in tox for lowest version is pinned - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +* add tox env for minimal required dependencies + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix `TypedDict` typing + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fix: typing definitions to be PY 3.6 compatible + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fix: typing definitions to be PY 3.6 compatible + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* straigtened up `sys.version_info` constraints/code-branches + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* removed unused type ignores + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix type variants + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* try to fix type variants + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* typing for py3.6 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fixed invalid unittest + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* typing for py3.6 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* mypy silence `warn_unused_ignores` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* mypy in tox for lowest version is pinned + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Co-authored-by: Paul Horton <phorton@sonatype.com> ([`07ebedc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/07ebedcbab1554970496780bb8bf167f6fe4ad5c)) ### Feature * feat: loosed dependency versions to make this library more consumable -* feat: lowering minimum dependency versions - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement - +* feat: lowering minimum dependency versions + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`55f10fb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55f10fb5524dafa68112c0836806c27bdd74fcbe)) ### Unknown @@ -5922,36 +2758,36 @@ Signed-off-by: dependabot[bot] <support@github.com> ([`be1af9b`](https://g * doc: readme maintenance - shields & links (#72) -* README: restructure links - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: add lan to fenced code blocks - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: fix some formatting - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: modernized shields - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: harmonize links - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: add language to code fences - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: markdown fixes - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* README: removed py version shield - +* README: restructure links + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: add lan to fenced code blocks + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: fix some formatting + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: modernized shields + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: harmonize links + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: add language to code fences + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: markdown fixes + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* README: removed py version shield + Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3d0ea2f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d0ea2f4c6ee5c2dedf1abb779f46543896fff4a)) * poetry(deps): bump mako from 1.1.5 to 1.1.6 @@ -5976,12 +2812,12 @@ poetry(deps): bump filelock from 3.3.1 to 3.3.2 ([`3f967b3`](https://github.com/ * FIX: update Conda package parsing to handle `build` containing underscore (#66) -* fix: update conda package parsing to handle `build` containing underscore - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* updated some typings - +* fix: update conda package parsing to handle `build` containing underscore + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* updated some typings + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2c6020a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c6020a208aa1c0fd13ab337db6343ad1d2d5c43)) * poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 @@ -6077,16 +2913,16 @@ Automatically generated by python-semantic-release ([`a80f87a`](https://github.c * FEAT: Support Python 3.10 (#64) -* fix: tested with Python 3.10 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* added trove classifier for Python 3.10 - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: https://github.com/python-poetry/poetry/issues/4210) - +* fix: tested with Python 3.10 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* added trove classifier for Python 3.10 + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: https://github.com/python-poetry/poetry/issues/4210) + Signed-off-by: Paul Horton <phorton@sonatype.com> ([`385b835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/385b835f44fadb0f227b6a8ac992b0c73afc6ef0)) * poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 @@ -6112,74 +2948,74 @@ Signed-off-by: dependabot[bot] <support@github.com> ([`a1dd775`](https://g * feat: Typing & PEP 561 -* adde file for type checkers according to PEP 561 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added static code analysis as a dev-test - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added the "typed" trove - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added `flake8-annotations` to the tests - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added type hints - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* further typing updates - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing additions and test updates - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - added type stubs for toml and setuptools - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* further typing - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* typing work - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* coding standards - -Signed-off-by: Paul Horton <phorton@sonatype.com> - -* fixed tox and mypy running in correct python version - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* supressed mypy for `cyclonedx.utils.conda.parse_conda_json_to_conda_package` - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fixed type hints - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* fixed some typing related flaws - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - -* added flake8-bugbear for code analysis - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> - +* adde file for type checkers according to PEP 561 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added static code analysis as a dev-test + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added the "typed" trove + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added `flake8-annotations` to the tests + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added type hints + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* further typing updates + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing additions and test updates + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing - added type stubs for toml and setuptools + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* further typing + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* typing work + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* coding standards + +Signed-off-by: Paul Horton <phorton@sonatype.com> + +* fixed tox and mypy running in correct python version + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* supressed mypy for `cyclonedx.utils.conda.parse_conda_json_to_conda_package` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fixed type hints + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* fixed some typing related flaws + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + +* added flake8-bugbear for code analysis + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> + Co-authored-by: Paul Horton <phorton@sonatype.com> ([`9144765`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/91447656c0914ceb2af2e4b7282292ec7b93f5bf)) ### Unknown diff --git a/pyproject.toml b/pyproject.toml index b96cb2e4..d0a604b7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -117,10 +117,12 @@ upload_to_vcs_release = true changelog_file = "CHANGELOG.md" exclude_commit_patterns = [ "chore\\(release\\):", + "chore\\(deps\\):", + "chore\\(deps-dev\\):", ] [tool.semantic_release.branches.main] -match = "(main|master)" +match = "(main|master|jkowalleck)" prerelease = false [tool.semantic_release.branches."step"]