Releases: CycloneDX/cyclonedx-python-lib
v7.4.0
v7.4.0 (2024-05-23)
Chore
- chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 (#620)
Updates the requirements on xmldiff
to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst">xmldiff's
changelog</a>.</em></p>
<blockquote>
<h2>2.7.0 (2024-05-13)</h2>
<ul>
<li>
<p>Changed the comparison to make accurate and standard more accurate,
although fast gets less accurate as a result.</p>
</li>
<li>
<p>Changed usage of deprecated <code>pkg_resources</code> package to
<code>importlib.metadata</code>.</p>
</li>
<li>
<p>A <code>use_replace</code> flag was added to the
<code>XMLFormatter</code> by Thomas Pfitzinger.
It changes text replacement from delete and insert tags to a replace
tag.
It's not currently accessaible thtough the CLI, the question is it is
better
to add a new formatter name, or an option to pass in formatter
flags.</p>
<ul>
<li>Added option to XMLFormatter to use replace tags</li>
<li>in _make_diff_tags after diffing, neighboring delete/insert diffs
are joined to a replace tag</li>
<li>the deleted text is added as an attribute
("old-text")</li>
<li>the inserted text is the element's text</li>
</ul>
</li>
</ul>
<h2>2.6.3 (2023-05-21)</h2>
<ul>
<li>And there was a namespace bug in the patch as well. <a
href="https://redirect.github.com/Shoobx/xmldiff/issues/118">#118</a></li>
</ul>
<h2>2.6.2 (2023-05-21)</h2>
<ul>
<li>Solved an error in the xmlformatter when using default namespaces.
<a
href="https://redirect.github.com/Shoobx/xmldiff/issues/89">#89</a></li>
</ul>
<h2>2.6.1 (2023-04-05)</h2>
<ul>
<li><a
href="https://redirect.github.com/Shoobx/xmldiff/issues/108">#108</a>:
Fixed an error that happens if using namespaces like ns0 or ns1.</li>
</ul>
<h2>2.6 (2023-04-03)</h2>
<ul>
<li>Added <code>InsertNamespace</code> and <code>DeleteNamespace</code>
actions for better handling
of changing namespaces. Should improve any "Unknown namespace
prefix"
errors. Changing the URI of a a namespace prefix is not supported, and
will
raise an error.</li>
</ul>
<h2>2.6b1 (2023-01-12)</h2>
<ul>
<li>
<p>Used geometric mean for the node_ratio, for better handling of simple
nodes.</p>
</li>
<li>
<p>Added an experimental --best-match method that is slower, but
generate</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Shoobx/xmldiff/commits">compare view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits
that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after
your CI passes on it@dependabot cancel merge
will cancel a previously requested merge
and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all
of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c3e17cf
)
- chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 (#619)
Updates the requirements on
pep8-naming to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PyCQA/pep8-naming/releases">pep8-naming's
releases</a>.</em></p>
<blockquote>
<h2>0.14.1</h2>
<ul>
<li>Require Python 3.8 or later.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyCQA/pep8-naming/blob/main/CHANGELOG.rst">pep8-naming's
changelog</a>.</em></p>
<blockquote>
<h2>0.14.1 - 2024-05-17</h2>
<ul>
<li>Require Python 3.8 or later.</li>
</ul>
<h2>0.14.0 - 2024-05-16</h2>
<ul>
<li>Drop support for Python 3.7.</li>
<li>Add support for Python 3.12.</li>
<li>Ignore methods decorated by <code>@typing.override</code>.</li>
<li>Perform case-sensitive <code>ignore-names</code> globbing on all
platforms.</li>
</ul>
<h2>0.13.3 - 2022-12-19</h2>
<ul>
<li>Formally require flake8 5.0.0 or later.</li>
<li>Add support for Python 3.11.</li>
</ul>
<h2>0.13.2 - 2022-08-19</h2>
<ul>
<li>Formally require Python 3.7 or later using
<code>python_requires</code>.</li>
</ul>
<h2>0.13.1 - 2022-07-15</h2>
<ul>
<li>Fix warnings related to deprecated options syntax.</li>
</ul>
<h2>0.13.0 - 2022-06-22</h2>
<ul>
<li>
<p>Python 3.7 or later is now required.</p>
</li>
<li>
<p><code>setUpModule</code> and <code>tearDownModule</code> are now
exempted by default.</p>
</li>
</ul>
<h2>0.12.1 - 2021-08-06</h2>
<ul>
<li>Fix potential stack exhaustion in the N818 check.</li>
</ul>
<h2>0.12.0 - 2021-07-06</h2>
<ul>
<li>
<p>flake8 3.9.1 or later is now required.</p>
</li>
<li>
<p>N818 checks exception class names for an "Error" suffix
(disabled by default).</p>
</li>
<li>
<p><code>asyncSetUp</code> and <code>asyncTearDown</code> are now
exempted by default.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="PyCQA/pep8-naming@f0edf20bd88cbd0950240ebeeea4fe6f4d90a094"><code>f0edf20</code></a>
Prepare the 0.14.1 release</li>
<li><a
href="PyCQA/pep8-naming@b652e8f72b1352d4915a69e1d45a308da05e8dba"><code>b652e8f</code></a>
Merge pull request <a
href="https://redirect.github.com/PyCQA/pep8-naming/issues/231">#231</a>
from PyCQA/sigmavirus24-patch-1</li>
<li><a
href="PyCQA/pep8-naming@a960999da40e598c0bd6b5de099fcad2f5c0d5ac"><code>a960999</code></a>
Fix python_version</li>
<li><a
href="PyCQA/pep8-naming@94517379f5993e1f0f8e79c379ebcc66c9cdf753"><code>9451737</code></a>
Update setup.py</li>
<li><a
href="PyCQA/pep8-naming@c0bcb7f7c80abcbc4f157226f43536da672dcf6d"><code>c0bcb7f</code></a>
Prepare the 0.14.0 release</li>
<li><a
href="PyCQA/pep8-naming@975beede1be69afa9c39622825d80fb5827a6570"><code>975beed</code></a>
Refactor FunctionArgNamesCheck (N803,N804,N805)</li>
<li><a
href="PyCQA/pep8-naming@01df3f37b933c71a986a31865b9339bf4b69714a"><code>01df3f3</code></a>
Pass 'parents' as a parameter when walking the tree</li>
<li><a
href="PyCQA/pep8-naming@de0963ca5b2d1e7ad8c0e6133ca6010262f82e4c"><code>de0963c</code>...
v7.3.4
v7.3.4 (2024-05-06)
Fix
- fix: allow suppliers with empty-string names (#611)
fixes #600
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb
)
What's Changed
- fix: allow suppliers with empty-string names by @jkowalleck in #611
Full Changelog: v7.3.3...v7.3.4
v7.3.3
v7.3.3 (2024-05-06)
Chore
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d00496
)
- chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 (#608)
Updates the requirements on
coverage to permit the latest
version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's
changelog</a>.</em></p>
<blockquote>
<h2>Version 7.5.1 — 2024-05-04</h2>
<ul>
<li>
<p>Fix: a pragma comment on the continuation lines of a multi-line
statement
now excludes the statement and its body, the same as if the pragma is
on the first line. This closes <code>issue 754</code><em>. The fix was
contributed by
<code>Daniel Diniz <pull 1773_></code></em>.</p>
</li>
<li>
<p>Fix: very complex source files like <code>this one
<resolvent_lookup_></code>_ could
cause a maximum recursion error when creating an HTML report. This is
now
fixed, closing <code>issue 1774</code>.</p>
</li>
<li>
<p>HTML report improvements:</p>
<ul>
<li>
<p>Support files (JavaScript and CSS) referenced by the HTML report now
have
hashes added to their names to ensure updated files are used instead of
stale cached copies.</p>
</li>
<li>
<p>Missing branch coverage explanations that said "the condition
was never
false" now read "the condition was always true" because
it's easier to
understand.</p>
</li>
<li>
<p>Column sort order is remembered better as you move between the index
pages,
fixing <code>issue 1766</code><em>. Thanks, <code>Daniel Diniz <pull
1768></code></em>.</p>
</li>
</ul>
</li>
</ul>
<p>.. _resolvent_lookup: <a
href="https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py">https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py</a>
.. _issue 754: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754">nedbat/coveragepy#754</a>
.. _issue 1766: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1766">nedbat/coveragepy#1766</a>
.. _pull 1768: <a
href="https://redirect.github.com/nedbat/coveragepy/pull/1768">nedbat/coveragepy#1768</a>
.. _pull 1773: <a
href="https://redirect.github.com/nedbat/coveragepy/pull/1773">nedbat/coveragepy#1773</a>
.. issue 1774: <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1774">nedbat/coveragepy#1774</a></p>
<p>.. changes_7-5-0:</p>
<h2>Version 7.5.0 — 2024-04-23</h2>
<ul>
<li>
<p>Added initial support for function and class reporting in the HTML
report.
There are now three index pages which link to each other: files,
functions,
and classes. Other reports don't yet have this information, but it will
be
added in the future where it makes sense. Feedback gladly accepted!
Finishes <code>issue 780</code>.</p>
</li>
<li>
<p>Other HTML report improvements:</p>
<ul>
<li>There is now a "hide covered" checkbox to filter out 100%
files, finishing
<code>issue 1384</code>.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="nedbat/coveragepy@be938eaa195a52dd89f3a13aa68bb80de3425b11"><code>be938ea</code></a>
docs: sample HTML for 7.5.1</li>
<li><a
href="nedbat/coveragepy@02c66d76912259c8a03282d153007a569f05f495"><code>02c66d7</code></a>
docs: prep for 7.5.1</li>
<li><a
href="nedbat/coveragepy@5fa9f67853a7112e08185ed416de7907b8e524da"><code>5fa9f67</code></a>
fix: avoid max recursion errors in ast code. <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1774">#1774</a></li>
<li><a
href="nedbat/coveragepy@34af01dfc877e7f35b49f5ec402c39437ae7c1f1"><code>34af01d</code></a>
build: easier to run metasmoke on desired python version</li>
<li><a
href="nedbat/coveragepy@6b0cac5843d0cbfb68391f36397e6759e13e297d"><code>6b0cac5</code></a>
perf: cache _human_key to speed html report by about 10%</li>
<li><a
href="nedbat/coveragepy@fdc0ee896825334bfa13735d94b2da78da72f76b"><code>fdc0ee8</code></a>
docs: oops, typo</li>
<li><a
href="nedbat/coveragepy@60e6cb4267c1f25690e37198e1e55130ae94b4e1"><code>60e6cb4</code></a>
docs: changelog for <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754">#754</a>
and <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1773">#1773</a></li>
<li><a
href="nedbat/coveragepy@277c8c43c9ee59c941ec8fd7da8ea2a49049d1e0"><code>277c8c4</code></a>
fix: '# pragma: no branch' in multiline if statements. <a
href="https://redirect.github.com/nedbat/coveragepy/issues/754">#754</a>
(<a
href="https://redirect.github.com/nedbat/coveragepy/issues/1773">#1773</a>)</li>
<li><a
href="nedbat/coveragepy@34d3eb76b7833268019ac25e5265c2c1b192abcb"><code>34d3eb7</code></a>
docs: update changelog for <a
href="https://redirect.github.com/nedbat/coveragepy/issues/1786">#1786</a>.
Thanks, Daniel Diniz</li>
<li><a
href="nedbat/coveragepy@2bb5ef22787185fd90a525e8e26bbe360a3492f1"><code>2bb5ef2</code></a>
fix(html): make HTML column sorting consistent across index pages (fix
<a
href="https://redirect.github.com/nedbat/coveragepy/issues/1766">#1766</a>)...</li>
<li>Additional commits viewable in <a
href="nedbat/coveragepy@7.5.0...7.5.1">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits
that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after
your CI passes on it@dependabot cancel merge
will cancel a previously requested merge
and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all
of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4f9174b
)
- chore(ci): update GH action versions (#606)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6d1bc5b
)
- chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 (#603)
Updates the requirements on tox to
permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases">tox's
releases</a>.</em></p>
<blockquote>
<h2>4.15.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Remove ...
v7.3.2
v7.3.2 (2024-04-26)
Fix
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors
fixes #598
fixes #586
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c
)
v7.3.1
v7.3.1 (2024-04-22)
Chore
- chore: semantic-release git commit/sign valid email address
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d437c40
)
Fix
Fixes #586.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685
)
v7.3.0
v7.3.0 (2024-04-19)
Feature
- feat: license factory set
acknowledgement
(#593)
add a parameter to LicenseFactory.make_*()
methods, to set the LicenseAcknowledgement
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455
)
v7.2.0
v7.2.0 (2024-04-19)
Feature
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839
)
Unknown
- tests: add meaningful names to validation tests (#588)
When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1
Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.
Append meaningful names to validation tests so that instead of e.g.:
[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008
the tests are named:
[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6
Signed-off-by: Claudia <claui@users.noreply.github.com> (ae3f79c
)
- doc: poor merge resolved
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa
)
What's Changed
- tests: meaningful names to validation tests by @claui in #588
- feat: disjunctive license acknowledgement by @jkowalleck in #591
New Contributors
Full Changelog: v7.1.0...v7.2.0
v7.1.0
v7.1.0 (2024-04-10)
Documentation
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67
)
Feature
- feat: support
bom.properties
for CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a
)
What's Changed
- docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
- feat: support
bom.properties
for CycloneDX v1.5+ by @madpah in #585
Full Changelog: v7.0.0...v7.1.0
v7.0.0
v7.0.0 (2024-04-09)
Breaking
-
feat!: Support for CycloneDX v1.6
-
added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bbdf46
)
Chore
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6
)
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457
)
What's Changed
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
- feat: Support for CycloneDX v1.6 by @madpah in #576
Full Changelog: v6.4.4...v7.0.0
v7.0.0-alpha.1
v7.0.0-alpha.1 (2024-04-09)
Chore
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0398051
)
- chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (35749c6
)
- chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 (#574)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d60f457
)
Unknown
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (42c6f25
)
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b4a133a
)
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0843234
)
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (62c1d9a
)
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e10ffee
)
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e0184cc
)
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (618a292
)
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (289e81a
)
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0449de2
)
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org> (0a2ca2c
)
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ddd7847
)
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5c97c2d
)
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org> (abebd4f
)
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1327558
)
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org> (318d723
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d294620
)
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org> (71e4bc6
)
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f504daa
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a3e09d1
)
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org> (14f699f
)
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org> (b23df1f
)
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org> (96a6dc9
)
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1e71dc3
)
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ee80ea3
)
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org> (875a338
)
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org> (fdece59
)
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (af7b92b
)
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6227c08
)
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6192ed8
)
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org> (240dfaa
)
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (8132c3e
)
- added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org> (41ca1e0
)