Skip to content

Releases: CycloneDX/cyclonedx-python-lib

v7.5.0

04 Jul 12:35
Compare
Choose a tag to compare

v7.5.0 (2024-07-04)

Feature

  • feat: add workaround property for v1.5 and v1.6 (#642)

Property workaround was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.

This is my first contribution on this project so if I done something
wrong, just say me 😃

Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8)

Style

  • style: model args - one per line (#643)

this should make future PR reviews easier, since adding new args in the
middle will not cause complete code blocks to change, but is just a new
line ...

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b74b0f)


What's Changed

  • chore(deps-dev): update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #634
  • chore(deps-dev): update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #637
  • chore(deps-dev): update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #639
  • chore(deps-dev): update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #641
  • chore(deps-dev): update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #640
  • style: model args - one per line by @jkowalleck in #643
  • feat: add workaround property for v1.5 and v1.6 by @loulou123546 in #642

New Contributors

Full Changelog: v7.4.1...v7.5.0

v7.4.1

12 Jun 08:58
Compare
Choose a tag to compare

v7.4.1 (2024-06-12)

Chore

  • chore: rollback py sem release matcher

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c33a130)

Documentation

  • docs: exclude dep bumps from changelog (#627)

fixes #616


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7)

Fix

  • fix: cyclonedx.model.Property.value value is optional (#631)

cyclonedx.model.Property.value value is optional, in accordance with
the spec.

fixes #630


Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b)

v7.4.0

23 May 05:43
Compare
Choose a tag to compare

v7.4.0 (2024-05-23)

Documentation

  • docs: OSSP best practice percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc)

Feature

  • feat: updated SPDX license list to v3.24.0 (#622)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a)


What's Changed

  • chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
  • chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
  • chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
  • chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
  • feat: updated SPDX license list to v3.24.0 by @jkowalleck in #622

Full Changelog: v7.3.4...v7.4.0

v7.3.4

06 May 13:41
Compare
Choose a tag to compare

v7.3.4 (2024-05-06)

Fix

  • fix: allow suppliers with empty-string names (#611)

fixes #600


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb)


What's Changed

Full Changelog: v7.3.3...v7.3.4

v7.3.3

06 May 13:29
Compare
Choose a tag to compare

v7.3.3 (2024-05-06)

Chore

  • chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496)

  • chore(ci): update GH action versions (#606)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b)

Fix

  • fix: json validation allow arbitrary $schema value (#613)

fixes #612


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60)


What's Changed

  • chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
  • chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
  • chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
  • chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
  • chore(ci): update GH action versions by @madpah in #606
  • chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
  • fix: json validation allow arbitrary $schema value by @jkowalleck in #613

Full Changelog: v7.3.2...v7.3.3

v7.3.2

26 Apr 10:52
Compare
Choose a tag to compare

v7.3.2 (2024-04-26)

Fix

  • fix: properly sort components based on all properties (#599)

reverts #587 - as this one introduced errors
fixes #598
fixes #586


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c)

v7.3.1

22 Apr 16:10
Compare
Choose a tag to compare

v7.3.1 (2024-04-22)

Chore

  • chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40)

Fix

  • fix: include all fields of Component in __lt__ function for #586 (#587)

Fixes #586.

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685)

v7.3.0

19 Apr 14:37
Compare
Choose a tag to compare

v7.3.0 (2024-04-19)

Feature

  • feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455)

v7.2.0

19 Apr 11:19
Compare
Choose a tag to compare

v7.2.0 (2024-04-19)

Feature

  • feat: disjunctive license acknowledgement (#591)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839)

Unknown

  • tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008

the tests are named:

[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c)

  • doc: poor merge resolved

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa)


What's Changed

  • tests: meaningful names to validation tests by @claui in #588
  • feat: disjunctive license acknowledgement by @jkowalleck in #591

New Contributors

Full Changelog: v7.1.0...v7.2.0

v7.1.0

10 Apr 09:25
Compare
Choose a tag to compare

v7.1.0 (2024-04-10)

Documentation

  • docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67)

Feature

  • feat: support bom.properties for CycloneDX v1.5+ (#585)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a)


What's Changed

  • docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
  • feat: support bom.properties for CycloneDX v1.5+ by @madpah in #585

Full Changelog: v7.0.0...v7.1.0