v7.5.1

v7.5.1 (2024-07-08)

Fix

• fix: XML serialize normalizedString and token properly (#646)

fixes #638

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b40f739)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #644
• fix: XML serialize normalizedString and token properly by @jkowalleck in #646

Full Changelog: v7.5.0...v7.5.1

v7.5.0

v7.5.0 (2024-07-04)

Feature

• feat: add workaround property for v1.5 and v1.6 (#642)

Property workaround was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.

This is my first contribution on this project so if I done something
wrong, just say me 😃

Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8)

Style

• style: model args - one per line (#643)

this should make future PR reviews easier, since adding new args in the
middle will not cause complete code blocks to change, but is just a new
line ...

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b74b0f)

---

What's Changed

• chore(deps-dev): update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #634
• chore(deps-dev): update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #637
• chore(deps-dev): update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #639
• chore(deps-dev): update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #641
• chore(deps-dev): update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #640
• style: model args - one per line by @jkowalleck in #643
• feat: add workaround property for v1.5 and v1.6 by @loulou123546 in #642

New Contributors

• @loulou123546 made their first contribution in #642

Full Changelog: v7.4.1...v7.5.0

v7.4.1

v7.4.1 (2024-06-12)

Chore

• chore: rollback py sem release matcher

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c33a130)

Documentation

• docs: exclude dep bumps from changelog (#627)

fixes #616

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7)

Fix

• fix: cyclonedx.model.Property.value value is optional (#631)

cyclonedx.model.Property.value value is optional, in accordance with
the spec.

fixes #630

---

Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b)

v7.4.0

v7.4.0 (2024-05-23)

Documentation

• docs: OSSP best practice percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc)

Feature

• feat: updated SPDX license list to v3.24.0 (#622)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a)

---

What's Changed

• chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
• chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
• chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
• chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
• feat: updated SPDX license list to v3.24.0 by @jkowalleck in #622

Full Changelog: v7.3.4...v7.4.0

v7.3.4

v7.3.4 (2024-05-06)

Fix

• fix: allow suppliers with empty-string names (#611)

fixes #600

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb)

---

What's Changed

• fix: allow suppliers with empty-string names by @jkowalleck in #611

Full Changelog: v7.3.3...v7.3.4

v7.3.3

v7.3.3 (2024-05-06)

Chore

• chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496)

• chore(ci): update GH action versions (#606)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b)

Fix

• fix: json validation allow arbitrary $schema value (#613)

fixes #612

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60)

---

What's Changed

• chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
• chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
• chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
• chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
• chore(ci): update GH action versions by @madpah in #606
• chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
• fix: json validation allow arbitrary $schema value by @jkowalleck in #613

Full Changelog: v7.3.2...v7.3.3

v7.3.2

v7.3.2 (2024-04-26)

Fix

• fix: properly sort components based on all properties (#599)

reverts #587 - as this one introduced errors
fixes #598
fixes #586

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c)

v7.3.1

v7.3.1 (2024-04-22)

Chore

• chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40)

Fix

• fix: include all fields of Component in __lt__ function for #586 (#587)

Fixes #586.

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685)

v7.3.0

v7.3.0 (2024-04-19)

Feature

• feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455)

v7.2.0

v7.2.0 (2024-04-19)

Feature

• feat: disjunctive license acknowledgement (#591)

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839)

Unknown

• tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008

the tests are named:

[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c)

• doc: poor merge resolved

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa)

---

What's Changed

• tests: meaningful names to validation tests by @claui in #588
• feat: disjunctive license acknowledgement by @jkowalleck in #591

New Contributors

• @claui made their first contribution in #588

Full Changelog: v7.1.0...v7.2.0