Releases: CycloneDX/cyclonedx-python
v5.1.1
v5.1.1 (2024-11-09)
Documentation
- docs: fix headline structure in readme
Fix
- fix: schema-invalid CycloneDX when running PEP639 analysis (#828)
What's Changed
- chore(deps-dev): Update mypy requirement from 1.12.0 to 1.13.0 by @dependabot in #823
- chore(deps-dev): Update tox requirement from 4.23.0 to 4.23.2 by @dependabot in #822
- chore(deps-dev): Update flake8-bugbear requirement from 24.8.19 to 24.10.31 by @dependabot in #824
- fix: schema-invalid CycloneDX when running PEP639 analysis by @jkowalleck in #828
Full Changelog: v5.1.0...v5.1.1
v5.1.0
v5.1.0 (2024-10-23)
Feature
- feat: add Python 3.13 support (#818)
What's Changed
- tests: requirements with url and git node id by @jkowalleck in #817
- chore(deps-dev): Update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #815
- chore(deps-dev): Update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #814
- chore: run tox w/o sdist by @jkowalleck in #819
- refactor: streamline constants by @jkowalleck in #820
- feat: add Python 3.13 support by @jkowalleck in #818
Full Changelog: v5.0.0...v5.1.0
v5.0.0
v5.0.0 (2024-10-15)
Breaking
- feat!: v5.0.0 (#797)
BREAKING Changes
- Emitted metadata tool name is
cyclonedx-py
, wascyclonedx-bom
. - Emitted metadata tools are up to non-deprecated CycloneDX specification.
- No longer emit deprecated or undocumented properties in namespace
cdx:poetry
(see previous release 4.6.0 for official replacements).cdx:poetry:source:package:reference
cdx:poetry:package:source:resolved_reference
cdx:poetry:package:source:vcs:requested_revision
cdx:poetry:package:source:vcs:commit_id
The mentioned changes are considered "breaking" for processes that relied on the respective data structures.
Migration paths are self-explanatory.
Dependencies
- Requires
cyclonedx-python-lib>=8.0.0,<9
now, was>=7.3.0,<8.0.0,!=7.3.1
.
Documentation
- docs(chaneglog): omit chore/ci/refactor/style/test/build (#813)
What's Changed
- chore(deps-dev): Update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #808
- docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #813
- feat!: v5.0.0 by @jkowalleck in #797
Full Changelog: v4.6.1...v5.0.0
v4.6.1
v4.6.1 (2024-09-30)
Chore
- chore: trusted publishing (#795)
fixes #794
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release@bot.local>
Co-authored-by: semantic-release <semantic-release@bot.local> (721f12d
)
Documentation
- docs: contrib and setup hint
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ae46ff
)
Fix
- fix: help page for sub command "environment" on windows (#805)
fixes #804
Signed-off-by: Steve (Gadget) Barnes <gadgetsteve@hotmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e8a5d7
)
Unknown
- tests: consolidate cli runner (#806)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c7b5b1a
)
What's Changed
- chore(deps-dev): Update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #793
- chore: trusted publishing by @jkowalleck in #795
- chore(deps-dev): Update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #803
- tests: consolidate cli runner by @jkowalleck in #806
- fix: help page for sub command "environment" on windows by @GadgetSteve in #805
New Contributors
- @GadgetSteve made their first contribution in #805
Full Changelog: v4.6.0...v4.6.1
v4.6.1-alpha.1
v4.6.1-alpha.1 (2024-09-23)
Chore
- chore: trusted publishing
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (07b5e83
)
v4.6.0
v4.6.0 (2024-09-20)
Documentation
- docs: reformat help page in
usage
docs (#788)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a1354e5
)
Feature
- feat: populate properties
cdx:python:package:source:vcs:...
(#790)
populate the newly added/fixed CycloneDX properties
cdx:python:package:source:vcs:...
in accordance with
<CycloneDX/cyclonedx-property-taxonomy#96> and
<CycloneDX/cyclonedx-property-taxonomy#98>.
the deprecated properties are still used, so no breaking changes exist.
fixes #789
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b08e1bb
)
What's Changed
- docs: reformat help page in
usage
docs by @jkowalleck in #788 - chore(deps): Update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 by @dependabot in #772
- feat: populate properties
cdx:python:package:source:vcs:...
by @jkowalleck in #790
Full Changelog: v4.5.1...v4.6.0
v4.5.1
v4.5.1 (2024-09-18)
Documentation
- docs: fix typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f9fa9e
)
Fix
- fix: assert copyright headers (#787)
utilizes flake8 plugin
<https://pypi.org/project/flake8-copyright-validator/> to assert the
correct headers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dddcb5d
)
What's Changed
- chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #756
- chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #758
- chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #759
- chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #760
- chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #761
- chore(deps-dev): Update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #763
- chore(deps-dev): Update coverage requirement from 7.5.4 to 7.6.0 by @dependabot in #765
- chore(deps-dev): Update mypy requirement from 1.10.1 to 1.11.0 by @dependabot in #767
- chore(deps-dev): Update mypy requirement from 1.11.0 to 1.11.1 by @dependabot in #771
- chore(deps-dev): Update flake8 requirement from 7.1.0 to 7.1.1 by @dependabot in #774
- chore(deps-dev): Update coverage requirement from 7.6.0 to 7.6.1 by @dependabot in #775
- chore(deps-dev): Update tox requirement from 4.16.0 to 4.18.0 by @dependabot in #779
- chore(deps-dev): Update flake8-bugbear requirement from 24.4.26 to 24.8.19 by @dependabot in #781
- chore(deps-dev): Update mypy requirement from 1.11.1 to 1.11.2 by @dependabot in #783
- chore(deps-dev): Update tox requirement from 4.18.0 to 4.18.1 by @dependabot in #786
- fix: assert copyright headers by @jkowalleck in #787
Full Changelog: v4.5.0...v4.5.1
v4.5.0
v4.5.0 (2024-06-10)
Chore
- chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1a1ad60
)
Ci
- ci: modernize artifact action (#737)
supersedes #625
supersedes #624
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1222201
)
Documentation
- docs: exclude dep bumps from changelog (#750)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a
)
- docs: OSSF best practice badge percentage
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803
)
Feature
- feat: environment - gather declared license information according to PEP639 (#755)
From python environments, gather additional declared license information
according to PEP 639 (improving
license clarity with better package metadata).
New CLI switches for cyclonedx environment
:
--PEP-639
: Enable license gathering according to PEP 639 (improving
license clarity with better package metadata).
The behavior may change during the draft development of the PEP.--gather-license-texts
: Enable license text gathering.
In current state of implementation, --gather-license-texts
has effect
only if --PEP-639
is also given.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e9cc805
)
Refactor
- refactor: const for purl type
pypi
(#754)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cba521e
)
- refactor:
extred
->extref
(#753)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a178d2e
)
Unknown
- Create config.yml
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (f13311b
)
- Rename feature_request.md to 1-feature_request.md
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (c4b15d8
)
- Rename bug_report.md to 2-bug_report.md
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (58199a5
)
What's Changed
- chore(deps-dev): Update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #731
- chore(deps-dev): Update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #732
- chore(deps-dev): Update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #733
- chore(deps-dev): Update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #734
- ci: modernize artifact action by @jkowalleck in #737
- chore(deps-dev): Update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #739
- chore(deps-dev): Update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #740
- chore(deps-dev): Update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #743
- chore(deps-dev): Update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #744
- chore(deps-dev): Update coverage requirement from 7.5.1 to 7.5.3 by @dependabot in #747
- docs: exclude dep bumps from changelog by @jkowalleck in #750
- chore(deps-dev): Update autopep8 requirement from 2.1.0 to 2.2.0 by @dependabot in #748
- chore(deps-dev): Update tox requirement from 4.15.0 to 4.15.1 by @dependabot in #751
- refactor:
extred
->extref
by @jkowalleck in #753 - refactor: const for purl type
pypi
by @jkowalleck in #754 - feat: environment - gather declared license information according to PEP639 by @jkowalleck in #755
Full Changelog: v4.4.3...v4.5.0
v4.4.3
v4.4.3 (2024-04-26)
Fix
- fix: do not use
cyclonedx-lib==7.3.1
(#729)
add regression test for #727
fixes #727
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aa715c0
)
What's Changed
- fix: do not use
cyclonedx-lib==7.3.1
by @jkowalleck in #729
Full Changelog: v4.4.2...v4.4.3
v4.4.2
v4.4.2 (2024-04-21)
Fix
- fix: release
lates
container image (#726)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0155450
)