Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 4.0.0 work #341

Merged
merged 29 commits into from
Mar 20, 2023
Merged

Release 4.0.0 work #341

merged 29 commits into from
Mar 20, 2023

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Jan 20, 2023
edited
Loading

DRAFT RELEASE for 4.0.0

Issues included:

Items in progress:
N/A

Forward Ports from 3.x.x:

For consideration:
NONE - Game over :-)

Fixes/Resolves:

Signed-off-by: Paul Horton paul.horton@owasp.org

madpah and others added 19 commits July 6, 2022 20:04
@madpah
doc: typo in README.
2d894b5 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
chore: resolved issue in pre-commit-hooks
d1d140c 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
feat: support VEX without Components in the same BOM
403011c 
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
feat: support VEX without Components in the same BOM
a043437 
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
doc: updated to reflect breaking changes in model for 3.0.0
2c50eb8 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
chore: removed duplicate code
7d8a1f1 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
remove deprecated methods - no easy way to provide backwards compatab…
6a3d9e6 
…ilitiy

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
removed unused import
e709d19 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
updated unit tests
3d71a5b 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
ci: extend CI timeout to 15 minutes - py3.10 on OSX failing to complete
bd40d8b 
https://github.com/CycloneDX/cyclonedx-python-lib/runs/7229688245?check_suite_focus=true

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
chore: removed commented code
fe38107 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
Merge pull request #263 from CycloneDX/feat/vex-without-components
1f58b31 
feat: change model to put `Vulnerability` at `Bom` level, not `Component` level

BREAKING CHANGE: `Vulnerability` now at `Bom` not `Component` level
@madpah
ci: pin semantic-release==7.28.1 for manual deploy - see #234
b56c5c3 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
feat: allow version of BOM to be defined
17341d6 
feat: allow `serial_number` of BOM to be prescribed

feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
Merge pull request #267 from CycloneDX/feat/bomlink-urn-helper-methods
068da83 
feat: allow version of BOM to be defined

feat: allow serial_number of BOM to be prescribed

feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx
@madpah
chore: merged main into dev/3.0.0 branch
3dd1861 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
Merge branch 'main' into dev/3.0.0
29e6c8c
@madpah
chore: fix release workflow
7df1b7e
@jkowalleck
chore: editorconfig
03ac713 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@madpah madpah requested a review from a team as a code owner January 20, 2023 16:16
@madpah madpah added bug Something isn't working enhancement New feature or request breaking change and removed bug Something isn't working labels Jan 20, 2023
@madpah madpah added this to the 4.0.0 milestone Jan 23, 2023
@madpah madpah self-assigned this Jan 23, 2023
@madpah @hakandilek
feat: support for deserialization from JSON and XML (#290)
676c941 
BREAKING CHANGE:

* feat: drop Python 3.6 support

Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com>
sonatype-lift[bot]
sonatype-lift bot reviewed Mar 3, 2023
View reviewed changes
tests/test_output_xml.py Outdated Show resolved Hide resolved
@madpah madpah mentioned this pull request Mar 3, 2023
Merged
@CycloneDX CycloneDX deleted a comment from madpah Mar 3, 2023
@madpah
fix: update serializable to include XML safety changes
40145ce 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
feat: Support for Python 3.11 (#349)
3f3c8ff 
* feat: officially test and support Python 3.11

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* removed unused imports

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* bump `poetry` to `1.1.12` in CI

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* fix: removed `types-toml` from dependencies - not used

Signed-off-by: Paul Horton <paul.horton@owasp.org>

---------

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
Merge branch 'main' into dev/4.0.0
5a99137 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
fix: removed autopep8 in favour of flake8 as both have conflictin…
1b32d4b 
…g dependencies now

Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
chore: bump dev dependencies
4d0d920 
fix: removed `setuptools` as dependency
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah madpah mentioned this pull request Mar 7, 2023
Closed
jkowalleck and others added 3 commits March 13, 2023 14:49
@jkowalleck
tests: compoennt versions optional (#350)
aa3189e 
* chore: exclude `venv*` from QA; add typing to QA

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

* tests: component versions are optional

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@madpah
doc: doc updates for new deserialization feature
2ef396f 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah
doc: doc updates for contribution
ccb7a7f 
Signed-off-by: Paul Horton <paul.horton@owasp.org>
@madpah madpah merged commit 8fb1b14 into main Mar 20, 2023
@madpah madpah deleted the dev/4.0.0 branch March 20, 2023 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck left review comments

@sonatype-lift sonatype-lift[bot] sonatype-lift left review comments

Assignees

@madpah madpah

Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@madpah @jkowalleck