v1.0.0

Support for CycloneDX schema version 1.4 (#108)

Breaking Changes

Support for CycloneDX 1.4. This includes:

• Support for tools having externalReferences
• Allowing version for a Component to be optional in 1.4
• Support for releaseNotes per Component
• Support for the core schema implementation of Vulnerabilities (VEX)

Features

• $schema is now included in JSON BOMs
• Concrete Parsers have now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python

Fixes

• Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
• Ensure schema is adhered to in 1.0
• URIs are now used throughout the library through a new XsUri class to provide URI validation

Other

• Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
• Added reference to release of this library on Anaconda

Full Changelog: v0.12.3...v1.0.0

v0.12.3

Fix

• Removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) (3677d9f)

v0.12.2

Fix

• Tightened dependency packageurl-python (#95) (eb4ae5c)

v0.12.1

Fix

• Further loosened dependency definitions (8bef6ec)

v0.12.0

Feature

• Loosed dependency versions to make this library more consumable (55f10fb)

v0.11.1

Fix

• Constructor for Vulnerability to correctly define ratings as optional (395a0ec)

v0.11.0

Feature

• Typing & PEP 561 (9144765)

v0.10.2

Fix

• Correct way to write utf-8 encoded files (49f9369)

v0.10.1

Fix

• Ensure output to file is UTF-8 (a10da20)
• Ensure output to file is UTF-8 (193bf64)

v0.10.0

Feature

• Add support for Conda (bd29c78)