v7.4.0

v7.4.0 (2024-05-23)

Chore

• chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 (#620)

Updates the requirements on xmldiff
to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst&#34;&gt;xmldiff&#39;s
changelog</a>.</em></p>
<blockquote>
<h2>2.7.0 (2024-05-13)</h2>
<ul>
<li>
<p>Changed the comparison to make accurate and standard more accurate,
although fast gets less accurate as a result.</p>
</li>
<li>
<p>Changed usage of deprecated <code>pkg_resources</code> package to
<code>importlib.metadata</code>.</p>
</li>
<li>
<p>A <code>use_replace</code> flag was added to the
<code>XMLFormatter</code> by Thomas Pfitzinger.
It changes text replacement from delete and insert tags to a replace
tag.
It's not currently accessaible thtough the CLI, the question is it is
better
to add a new formatter name, or an option to pass in formatter
flags.</p>
<ul>
<li>Added option to XMLFormatter to use replace tags</li>
<li>in _make_diff_tags after diffing, neighboring delete/insert diffs
are joined to a replace tag</li>
<li>the deleted text is added as an attribute
(&quot;old-text&quot;)</li>
<li>the inserted text is the element's text</li>
</ul>
</li>
</ul>
<h2>2.6.3 (2023-05-21)</h2>
<ul>
<li>And there was a namespace bug in the patch as well. <a
href="https://redirect.github.com/Shoobx/xmldiff/issues/118&#34;&gt;#118&lt;/a&gt;&lt;/li>
</ul>
<h2>2.6.2 (2023-05-21)</h2>
<ul>
<li>Solved an error in the xmlformatter when using default namespaces.
<a
href="https://redirect.github.com/Shoobx/xmldiff/issues/89&#34;&gt;#89&lt;/a&gt;&lt;/li>
</ul>
<h2>2.6.1 (2023-04-05)</h2>
<ul>
<li><a
href="https://redirect.github.com/Shoobx/xmldiff/issues/108&#34;&gt;#108&lt;/a>:
Fixed an error that happens if using namespaces like ns0 or ns1.</li>
</ul>
<h2>2.6 (2023-04-03)</h2>
<ul>
<li>Added <code>InsertNamespace</code> and <code>DeleteNamespace</code>
actions for better handling
of changing namespaces. Should improve any &quot;Unknown namespace
prefix&quot;
errors. Changing the URI of a a namespace prefix is not supported, and
will
raise an error.</li>
</ul>
<h2>2.6b1 (2023-01-12)</h2>
<ul>
<li>
<p>Used geometric mean for the node_ratio, for better handling of simple
nodes.</p>
</li>
<li>
<p>Added an experimental --best-match method that is slower, but
generate</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Shoobx/xmldiff/commits&#34;&gt;compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c3e17cf)

• chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 (#619)

Updates the requirements on
pep8-naming to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PyCQA/pep8-naming/releases&#34;&gt;pep8-naming&#39;s
releases</a>.</em></p>
<blockquote>
<h2>0.14.1</h2>
<ul>
<li>Require Python 3.8 or later.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyCQA/pep8-naming/blob/main/CHANGELOG.rst&#34;&gt;pep8-naming&#39;s
changelog</a>.</em></p>
<blockquote>
<h2>0.14.1 - 2024-05-17</h2>
<ul>
<li>Require Python 3.8 or later.</li>
</ul>
<h2>0.14.0 - 2024-05-16</h2>
<ul>
<li>Drop support for Python 3.7.</li>
<li>Add support for Python 3.12.</li>
<li>Ignore methods decorated by <code>@typing.override</code>.</li>
<li>Perform case-sensitive <code>ignore-names</code> globbing on all
platforms.</li>
</ul>
<h2>0.13.3 - 2022-12-19</h2>
<ul>
<li>Formally require flake8 5.0.0 or later.</li>
<li>Add support for Python 3.11.</li>
</ul>
<h2>0.13.2 - 2022-08-19</h2>
<ul>
<li>Formally require Python 3.7 or later using
<code>python_requires</code>.</li>
</ul>
<h2>0.13.1 - 2022-07-15</h2>
<ul>
<li>Fix warnings related to deprecated options syntax.</li>
</ul>
<h2>0.13.0 - 2022-06-22</h2>
<ul>
<li>
<p>Python 3.7 or later is now required.</p>
</li>
<li>
<p><code>setUpModule</code> and <code>tearDownModule</code> are now
exempted by default.</p>
</li>
</ul>
<h2>0.12.1 - 2021-08-06</h2>
<ul>
<li>Fix potential stack exhaustion in the N818 check.</li>
</ul>
<h2>0.12.0 - 2021-07-06</h2>
<ul>
<li>
<p>flake8 3.9.1 or later is now required.</p>
</li>
<li>
<p>N818 checks exception class names for an &quot;Error&quot; suffix
(disabled by default).</p>
</li>
<li>
<p><code>asyncSetUp</code> and <code>asyncTearDown</code> are now
exempted by default.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="PyCQA/pep8-naming@f0edf20bd88cbd0950240ebeeea4fe6f4d90a094&#34;&gt;&lt;code&gt;f0edf20&lt;/code&gt;&lt;/a>
Prepare the 0.14.1 release</li>
<li><a
href="PyCQA/pep8-naming@b652e8f72b1352d4915a69e1d45a308da05e8dba&#34;&gt;&lt;code&gt;b652e8f&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/PyCQA/pep8-naming/issues/231&#34;&gt;#231&lt;/a>
from PyCQA/sigmavirus24-patch-1</li>
<li><a
href="PyCQA/pep8-naming@a960999da40e598c0bd6b5de099fcad2f5c0d5ac&#34;&gt;&lt;code&gt;a960999&lt;/code&gt;&lt;/a>
Fix python_version</li>
<li><a
href="PyCQA/pep8-naming@94517379f5993e1f0f8e79c379ebcc66c9cdf753&#34;&gt;&lt;code&gt;9451737&lt;/code&gt;&lt;/a>
Update setup.py</li>
<li><a
href="PyCQA/pep8-naming@c0bcb7f7c80abcbc4f157226f43536da672dcf6d&#34;&gt;&lt;code&gt;c0bcb7f&lt;/code&gt;&lt;/a>
Prepare the 0.14.0 release</li>
<li><a
href="PyCQA/pep8-naming@975beede1be69afa9c39622825d80fb5827a6570&#34;&gt;&lt;code&gt;975beed&lt;/code&gt;&lt;/a>
Refactor FunctionArgNamesCheck (N803,N804,N805)</li>
<li><a
href="PyCQA/pep8-naming@01df3f37b933c71a986a31865b9339bf4b69714a&#34;&gt;&lt;code&gt;01df3f3&lt;/code&gt;&lt;/a>
Pass 'parents' as a parameter when walking the tree</li>
<li><a
href="PyCQA/pep8-naming@de0963ca5b2d1e7ad8c0e6133ca6010262f82e4c&#34;&gt;&lt;code&gt;de0963c&lt;/code&gt...

v7.3.4

v7.3.4 (2024-05-06)

Fix

• fix: allow suppliers with empty-string names (#611)

fixes #600

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb)

---

What's Changed

• fix: allow suppliers with empty-string names by @jkowalleck in #611

Full Changelog: v7.3.3...v7.3.4

v7.3.3

v7.3.3 (2024-05-06)

Chore

• chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496)

• chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 (#608)

Updates the requirements on
coverage to permit the latest
version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst&#34;&gt;coverage&#39;s
changelog</a>.</em></p>
<blockquote>
<h2>Version 7.5.1 — 2024-05-04</h2>
<ul>
<li>
<p>Fix: a pragma comment on the continuation lines of a multi-line
statement
now excludes the statement and its body, the same as if the pragma is
on the first line. This closes <code>issue 754</code><em>. The fix was
contributed by
<code>Daniel Diniz &lt;pull 1773_&gt;</code></em>.</p>
</li>
<li>
<p>Fix: very complex source files like <code>this one
&lt;resolvent_lookup_&gt;</code>_ could
cause a maximum recursion error when creating an HTML report. This is
now
fixed, closing <code>issue 1774</code>.</p>
</li>
<li>
<p>HTML report improvements:</p>
<ul>
<li>
<p>Support files (JavaScript and CSS) referenced by the HTML report now
have
hashes added to their names to ensure updated files are used instead of
stale cached copies.</p>
</li>
<li>
<p>Missing branch coverage explanations that said &quot;the condition
was never
false&quot; now read &quot;the condition was always true&quot; because
it's easier to
understand.</p>
</li>
<li>
<p>Column sort order is remembered better as you move between the index
pages,
fixing <code>issue 1766</code><em>. Thanks, <code>Daniel Diniz &lt;pull
1768&gt;</code></em>.</p>
</li>
</ul>
</li>
</ul>
<p>.. _resolvent_lookup: <a
href="https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py&#34;&gt;https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py&lt;/a>
.. _issue 754: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754&#34;&gt;nedbat/coveragepy#754&lt;/a>
.. _issue 1766: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1766&#34;&gt;nedbat/coveragepy#1766&lt;/a>
.. _pull 1768: <a
href="https://redirect.github.com/nedbat/coveragepy/pull/1768&#34;&gt;nedbat/coveragepy#1768&lt;/a>
.. _pull 1773: <a
href="https://redirect.github.com/nedbat/coveragepy/pull/1773&#34;&gt;nedbat/coveragepy#1773&lt;/a>
.. issue 1774: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1774&#34;&gt;nedbat/coveragepy#1774&lt;/a&gt;&lt;/p>
<p>.. changes_7-5-0:</p>
<h2>Version 7.5.0 — 2024-04-23</h2>
<ul>
<li>
<p>Added initial support for function and class reporting in the HTML
report.
There are now three index pages which link to each other: files,
functions,
and classes. Other reports don't yet have this information, but it will
be
added in the future where it makes sense. Feedback gladly accepted!
Finishes <code>issue 780</code>.</p>
</li>
<li>
<p>Other HTML report improvements:</p>
<ul>
<li>There is now a &quot;hide covered&quot; checkbox to filter out 100%
files, finishing
<code>issue 1384</code>.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="nedbat/coveragepy@be938eaa195a52dd89f3a13aa68bb80de3425b11&#34;&gt;&lt;code&gt;be938ea&lt;/code&gt;&lt;/a>
docs: sample HTML for 7.5.1</li>
<li><a
href="nedbat/coveragepy@02c66d76912259c8a03282d153007a569f05f495&#34;&gt;&lt;code&gt;02c66d7&lt;/code&gt;&lt;/a>
docs: prep for 7.5.1</li>
<li><a
href="nedbat/coveragepy@5fa9f67853a7112e08185ed416de7907b8e524da&#34;&gt;&lt;code&gt;5fa9f67&lt;/code&gt;&lt;/a>
fix: avoid max recursion errors in ast code. <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1774&#34;&gt;#1774&lt;/a&gt;&lt;/li>
<li><a
href="nedbat/coveragepy@34af01dfc877e7f35b49f5ec402c39437ae7c1f1&#34;&gt;&lt;code&gt;34af01d&lt;/code&gt;&lt;/a>
build: easier to run metasmoke on desired python version</li>
<li><a
href="nedbat/coveragepy@6b0cac5843d0cbfb68391f36397e6759e13e297d&#34;&gt;&lt;code&gt;6b0cac5&lt;/code&gt;&lt;/a>
perf: cache _human_key to speed html report by about 10%</li>
<li><a
href="nedbat/coveragepy@fdc0ee896825334bfa13735d94b2da78da72f76b&#34;&gt;&lt;code&gt;fdc0ee8&lt;/code&gt;&lt;/a>
docs: oops, typo</li>
<li><a
href="nedbat/coveragepy@60e6cb4267c1f25690e37198e1e55130ae94b4e1&#34;&gt;&lt;code&gt;60e6cb4&lt;/code&gt;&lt;/a>
docs: changelog for <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754&#34;&gt;#754&lt;/a>
and <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1773&#34;&gt;#1773&lt;/a&gt;&lt;/li>
<li><a
href="nedbat/coveragepy@277c8c43c9ee59c941ec8fd7da8ea2a49049d1e0&#34;&gt;&lt;code&gt;277c8c4&lt;/code&gt;&lt;/a>
fix: '# pragma: no branch' in multiline if statements. <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754&#34;&gt;#754&lt;/a>
(<a
href="https://redirect.github.com/nedbat/coveragepy/issues/1773&#34;&gt;#1773&lt;/a&gt;)&lt;/li>
<li><a
href="nedbat/coveragepy@34d3eb76b7833268019ac25e5265c2c1b192abcb&#34;&gt;&lt;code&gt;34d3eb7&lt;/code&gt;&lt;/a>
docs: update changelog for <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1786&#34;&gt;#1786&lt;/a>.
Thanks, Daniel Diniz</li>
<li><a
href="nedbat/coveragepy@2bb5ef22787185fd90a525e8e26bbe360a3492f1&#34;&gt;&lt;code&gt;2bb5ef2&lt;/code&gt;&lt;/a>
fix(html): make HTML column sorting consistent across index pages (fix
<a
href="https://redirect.github.com/nedbat/coveragepy/issues/1766&#34;&gt;#1766&lt;/a&gt;)...&lt;/li>
<li>Additional commits viewable in <a
href="nedbat/coveragepy@7.5.0...7.5.1&#34;&gt;compare
view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4f9174b)

• chore(ci): update GH action versions (#606)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b)

• chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 (#603)

Updates the requirements on tox to
permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases&#34;&gt;tox&#39;s
releases</a>.</em></p>
<blockquote>
<h2>4.15.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Remove ...

v7.3.2

v7.3.2 (2024-04-26)

Fix

• fix: properly sort components based on all properties (#599)

reverts #587 - as this one introduced errors
fixes #598
fixes #586

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c)

v7.3.1

v7.3.1 (2024-04-22)

Chore

• chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40)

Fix

• fix: include all fields of Component in __lt__ function for #586 (#587)

Fixes #586.

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685)

v7.3.0

v7.3.0 (2024-04-19)

Feature

• feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455)

v7.2.0

v7.2.0 (2024-04-19)

Feature

• feat: disjunctive license acknowledgement (#591)

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839)

Unknown

• tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008

the tests are named:

[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c)

• doc: poor merge resolved

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa)

---

What's Changed

• tests: meaningful names to validation tests by @claui in #588
• feat: disjunctive license acknowledgement by @jkowalleck in #591

New Contributors

• @claui made their first contribution in #588

Full Changelog: v7.1.0...v7.2.0

v7.1.0

v7.1.0 (2024-04-10)

Documentation

• docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67)

Feature

• feat: support bom.properties for CycloneDX v1.5+ (#585)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a)

---

What's Changed

• docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
• feat: support bom.properties for CycloneDX v1.5+ by @madpah in #585

Full Changelog: v7.0.0...v7.1.0

v7.0.0

v7.0.0 (2024-04-09)

Breaking

• feat!: Support for CycloneDX v1.6

• added draft v1.6 schemas and boilerplate for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• re-generated test snapshots for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• note bom.metadata.manufacture as deprecated

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• work on bom.metadata for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• Deprecated .component.author. Added .component.authors and .component.manufacturer

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• work to add .component.omniborid - but tests deserialisation tests fail due to schema differences (.component.author not in 1.6)

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• work to get deserialization tests passing

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• chore(deps): bump py-serializable to >=1.0.3 to resolve issues with deserialization to XML

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• imports tidied

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• properly added .component.swhid

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• add .component.cryptoProperties - with test failures for SchemaVersion < 1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• typing and bandit ignores

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• test filtering

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• additional tests to increase code coverage

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• corrected CryptoMode enum

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• raise UserWarning in .component.version has length > 1024

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• coding standards and typing

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• add acknowledgement to LicenseExpression (#582)

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• more proper way to filter test cases

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• update schema to published versions

Signed-off-by: Paul Horton <paul.horton@owasp.org>

• fetch schema 1.6 JSON

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• fetch test data for CDX 1.6

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• style

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

• docs

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

---

Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bbdf46)

Chore

• chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)

Updates the requirements on autopep8 to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: autopep8
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6)

• chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)

Updates the requirements on tox to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: tox
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
• chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
• feat: Support for CycloneDX v1.6 by @madpah in #576

Full Changelog: v6.4.4...v7.0.0

v7.0.0-alpha.1

v7.0.0-alpha.1 (2024-04-09)

Chore

• chore(deps): bump py-serializable to >=1.0.3 to resolve issues with deserialization to XML

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0398051)

• chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)

Updates the requirements on autopep8 to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: autopep8
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6)

• chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)

Updates the requirements on tox to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: tox
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457)

Unknown

• docs

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (42c6f25)

• refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b4a133a)

• style

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0843234)

• refactor

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (62c1d9a)

• reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e10ffee)

• reformat

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e0184cc)

• fetch test data for CDX 1.6

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (618a292)

• fetch schema 1.6 JSON

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (289e81a)

• update schema to published versions

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0449de2)

• more proper way to filter test cases

Signed-off-by: Paul Horton <paul.horton@owasp.org> (0a2ca2c)

• add acknowledgement to LicenseExpression (#582)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (ddd7847)

• coding standards and typing

Signed-off-by: Paul Horton <paul.horton@owasp.org> (5c97c2d)

• raise UserWarning in .component.version has length > 1024

Signed-off-by: Paul Horton <paul.horton@owasp.org> (abebd4f)

• Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1327558)

• Added address to organizationalEntity

Signed-off-by: Paul Horton <paul.horton@owasp.org> (318d723)

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (d294620)

• corrected CryptoMode enum

Signed-off-by: Paul Horton <paul.horton@owasp.org> (71e4bc6)

• additional tests to increase code coverage

Signed-off-by: Paul Horton <paul.horton@owasp.org> (f504daa)

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a3e09d1)

• test filtering

Signed-off-by: Paul Horton <paul.horton@owasp.org> (14f699f)

• coding standards

Signed-off-by: Paul Horton <paul.horton@owasp.org> (b23df1f)

• typing and bandit ignores

Signed-off-by: Paul Horton <paul.horton@owasp.org> (96a6dc9)

• add .component.cryptoProperties - with test failures for SchemaVersion < 1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (1e71dc3)

• properly added .component.swhid

Signed-off-by: Paul Horton <paul.horton@owasp.org> (ee80ea3)

• imports tidied

Signed-off-by: Paul Horton <paul.horton@owasp.org> (875a338)

• work to get deserialization tests passing

Signed-off-by: Paul Horton <paul.horton@owasp.org> (fdece59)

• work to add .component.omniborid - but tests deserialisation tests fail due to schema differences (.component.author not in 1.6)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (af7b92b)

• Deprecated .component.author. Added .component.authors and .component.manufacturer

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6227c08)

• work on bom.metadata for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6192ed8)

• note bom.metadata.manufacture as deprecated

Signed-off-by: Paul Horton <paul.horton@owasp.org> (240dfaa)

• re-generated test snapshots for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (8132c3e)

• added draft v1.6 schemas and boilerplate for v1.6

Signed-off-by: Paul Horton <paul.horton@owasp.org> (41ca1e0)