Releases: CycloneDX/cyclonedx-python-lib
v7.5.0
v7.5.0 (2024-07-04)
Feature
- feat: add workaround property for v1.5 and v1.6 (#642)
Property workaround
was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.
This is my first contribution on this project so if I done something
wrong, just say me 😃
Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8
)
Style
- style: model args - one per line (#643)
this should make future PR reviews easier, since adding new args in the
middle will not cause complete code blocks to change, but is just a new
line ...
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b74b0f
)
What's Changed
- chore(deps-dev): update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #634
- chore(deps-dev): update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #637
- chore(deps-dev): update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #639
- chore(deps-dev): update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #641
- chore(deps-dev): update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #640
- style: model args - one per line by @jkowalleck in #643
- feat: add workaround property for v1.5 and v1.6 by @loulou123546 in #642
New Contributors
- @loulou123546 made their first contribution in #642
Full Changelog: v7.4.1...v7.5.0
v7.4.1
v7.4.1 (2024-06-12)
Chore
- chore: rollback py sem release matcher
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c33a130
)
Documentation
- docs: exclude dep bumps from changelog (#627)
fixes #616
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7
)
Fix
- fix:
cyclonedx.model.Property.value
value is optional (#631)
cyclonedx.model.Property.value
value is optional, in accordance with
the spec.
fixes #630
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b
)
v7.4.0
v7.4.0 (2024-05-23)
Documentation
- docs: OSSP best practice percentage
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc
)
Feature
- feat: updated SPDX license list to
v3.24.0
(#622)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a
)
What's Changed
- chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
- chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
- chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
- chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
- feat: updated SPDX license list to
v3.24.0
by @jkowalleck in #622
Full Changelog: v7.3.4...v7.4.0
v7.3.4
v7.3.4 (2024-05-06)
Fix
- fix: allow suppliers with empty-string names (#611)
fixes #600
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb
)
What's Changed
- fix: allow suppliers with empty-string names by @jkowalleck in #611
Full Changelog: v7.3.3...v7.3.4
v7.3.3
v7.3.3 (2024-05-06)
Chore
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496
)
- chore(ci): update GH action versions (#606)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b
)
Fix
- fix: json validation allow arbitrary
$schema
value (#613)
fixes #612
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60
)
What's Changed
- chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
- chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
- chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
- chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
- chore(ci): update GH action versions by @madpah in #606
- chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
- fix: json validation allow arbitrary
$schema
value by @jkowalleck in #613
Full Changelog: v7.3.2...v7.3.3
v7.3.2
v7.3.2 (2024-04-26)
Fix
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors
fixes #598
fixes #586
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c
)
v7.3.1
v7.3.1 (2024-04-22)
Chore
- chore: semantic-release git commit/sign valid email address
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40
)
Fix
Fixes #586.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685
)
v7.3.0
v7.3.0 (2024-04-19)
Feature
- feat: license factory set
acknowledgement
(#593)
add a parameter to LicenseFactory.make_*()
methods, to set the LicenseAcknowledgement
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455
)
v7.2.0
v7.2.0 (2024-04-19)
Feature
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839
)
Unknown
- tests: add meaningful names to validation tests (#588)
When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1
Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.
Append meaningful names to validation tests so that instead of e.g.:
[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008
the tests are named:
[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6
Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c
)
- doc: poor merge resolved
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa
)
What's Changed
- tests: meaningful names to validation tests by @claui in #588
- feat: disjunctive license acknowledgement by @jkowalleck in #591
New Contributors
Full Changelog: v7.1.0...v7.2.0
v7.1.0
v7.1.0 (2024-04-10)
Documentation
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67
)
Feature
- feat: support
bom.properties
for CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a
)
What's Changed
- docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
- feat: support
bom.properties
for CycloneDX v1.5+ by @madpah in #585
Full Changelog: v7.0.0...v7.1.0