Skip to content

Releases: CycloneDX/cyclonedx-python

v5.1.1

09 Nov 13:47
Compare
Choose a tag to compare

v5.1.1 (2024-11-09)

Documentation

  • docs: fix headline structure in readme

Fix

  • fix: schema-invalid CycloneDX when running PEP639 analysis (#828)

What's Changed

  • chore(deps-dev): Update mypy requirement from 1.12.0 to 1.13.0 by @dependabot in #823
  • chore(deps-dev): Update tox requirement from 4.23.0 to 4.23.2 by @dependabot in #822
  • chore(deps-dev): Update flake8-bugbear requirement from 24.8.19 to 24.10.31 by @dependabot in #824
  • fix: schema-invalid CycloneDX when running PEP639 analysis by @jkowalleck in #828

Full Changelog: v5.1.0...v5.1.1

v5.1.0

23 Oct 10:06
Compare
Choose a tag to compare

v5.1.0 (2024-10-23)

Feature

  • feat: add Python 3.13 support (#818)

What's Changed

Full Changelog: v5.0.0...v5.1.0

v5.0.0

15 Oct 13:24
Compare
Choose a tag to compare

v5.0.0 (2024-10-15)

Breaking

  • feat!: v5.0.0 (#797)

BREAKING Changes

  • Emitted metadata tool name is cyclonedx-py, was cyclonedx-bom.
  • Emitted metadata tools are up to non-deprecated CycloneDX specification.
  • No longer emit deprecated or undocumented properties in namespace cdx:poetry (see previous release 4.6.0 for official replacements).
    • cdx:poetry:source:package:reference
    • cdx:poetry:package:source:resolved_reference
    • cdx:poetry:package:source:vcs:requested_revision
    • cdx:poetry:package:source:vcs:commit_id

The mentioned changes are considered "breaking" for processes that relied on the respective data structures.
Migration paths are self-explanatory.

Dependencies

  • Requires cyclonedx-python-lib>=8.0.0,<9 now, was >=7.3.0,<8.0.0,!=7.3.1.

Documentation

  • docs(chaneglog): omit chore/ci/refactor/style/test/build (#813)

What's Changed

Full Changelog: v4.6.1...v5.0.0

v4.6.1

30 Sep 18:00
Compare
Choose a tag to compare

v4.6.1 (2024-09-30)

Chore

  • chore: trusted publishing (#795)

fixes #794


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release@bot.local>
Co-authored-by: semantic-release <semantic-release@bot.local> (721f12d)

Documentation

  • docs: contrib and setup hint

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ae46ff)

Fix

  • fix: help page for sub command "environment" on windows (#805)

fixes #804


Signed-off-by: Steve (Gadget) Barnes <gadgetsteve@hotmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e8a5d7)

Unknown

  • tests: consolidate cli runner (#806)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c7b5b1a)


What's Changed

New Contributors

Full Changelog: v4.6.0...v4.6.1

v4.6.1-alpha.1

23 Sep 09:41
Compare
Choose a tag to compare
v4.6.1-alpha.1 Pre-release
Pre-release

v4.6.1-alpha.1 (2024-09-23)

Chore

  • chore: trusted publishing

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (07b5e83)

v4.6.0

20 Sep 08:25
Compare
Choose a tag to compare

v4.6.0 (2024-09-20)

Documentation

  • docs: reformat help page in usage docs (#788)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a1354e5)

Feature

  • feat: populate properties cdx:python:package:source:vcs:... (#790)

populate the newly added/fixed CycloneDX properties
cdx:python:package:source:vcs:... in accordance with
<CycloneDX/cyclonedx-property-taxonomy#96> and
<CycloneDX/cyclonedx-property-taxonomy#98>.

the deprecated properties are still used, so no breaking changes exist.

fixes #789


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b08e1bb)


What's Changed

  • docs: reformat help page in usage docs by @jkowalleck in #788
  • chore(deps): Update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 by @dependabot in #772
  • feat: populate properties cdx:python:package:source:vcs:... by @jkowalleck in #790

Full Changelog: v4.5.1...v4.6.0

v4.5.1

18 Sep 14:48
Compare
Choose a tag to compare

v4.5.1 (2024-09-18)

Documentation

  • docs: fix typo

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f9fa9e)

Fix

  • fix: assert copyright headers (#787)

utilizes flake8 plugin
<https://pypi.org/project/flake8-copyright-validator/> to assert the
correct headers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dddcb5d)


What's Changed

  • chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #756
  • chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #758
  • chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #759
  • chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #760
  • chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #761
  • chore(deps-dev): Update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #763
  • chore(deps-dev): Update coverage requirement from 7.5.4 to 7.6.0 by @dependabot in #765
  • chore(deps-dev): Update mypy requirement from 1.10.1 to 1.11.0 by @dependabot in #767
  • chore(deps-dev): Update mypy requirement from 1.11.0 to 1.11.1 by @dependabot in #771
  • chore(deps-dev): Update flake8 requirement from 7.1.0 to 7.1.1 by @dependabot in #774
  • chore(deps-dev): Update coverage requirement from 7.6.0 to 7.6.1 by @dependabot in #775
  • chore(deps-dev): Update tox requirement from 4.16.0 to 4.18.0 by @dependabot in #779
  • chore(deps-dev): Update flake8-bugbear requirement from 24.4.26 to 24.8.19 by @dependabot in #781
  • chore(deps-dev): Update mypy requirement from 1.11.1 to 1.11.2 by @dependabot in #783
  • chore(deps-dev): Update tox requirement from 4.18.0 to 4.18.1 by @dependabot in #786
  • fix: assert copyright headers by @jkowalleck in #787

Full Changelog: v4.5.0...v4.5.1

v4.5.0

10 Jun 22:09
Compare
Choose a tag to compare

v4.5.0 (2024-06-10)

Chore

  • chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1a1ad60)

Ci

  • ci: modernize artifact action (#737)

supersedes #625
supersedes #624


Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1222201)

Documentation

  • docs: exclude dep bumps from changelog (#750)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a)

  • docs: OSSF best practice badge percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803)

Feature

  • feat: environment - gather declared license information according to PEP639 (#755)

From python environments, gather additional declared license information
according to PEP 639 (improving
license clarity with better package metadata).

New CLI switches for cyclonedx environment:

  • --PEP-639: Enable license gathering according to PEP 639 (improving
    license clarity with better package metadata).
    The behavior may change during the draft development of the PEP.
  • --gather-license-texts: Enable license text gathering.

In current state of implementation, --gather-license-texts has effect
only if --PEP-639 is also given.


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e9cc805)

Refactor

  • refactor: const for purl type pypi (#754)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cba521e)

  • refactor: extred -> extref (#753)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a178d2e)

Unknown

  • Create config.yml

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (f13311b)

  • Rename feature_request.md to 1-feature_request.md

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (c4b15d8)

  • Rename bug_report.md to 2-bug_report.md

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (58199a5)


What's Changed

  • chore(deps-dev): Update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #731
  • chore(deps-dev): Update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #732
  • chore(deps-dev): Update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #733
  • chore(deps-dev): Update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #734
  • ci: modernize artifact action by @jkowalleck in #737
  • chore(deps-dev): Update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #739
  • chore(deps-dev): Update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #740
  • chore(deps-dev): Update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #743
  • chore(deps-dev): Update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #744
  • chore(deps-dev): Update coverage requirement from 7.5.1 to 7.5.3 by @dependabot in #747
  • docs: exclude dep bumps from changelog by @jkowalleck in #750
  • chore(deps-dev): Update autopep8 requirement from 2.1.0 to 2.2.0 by @dependabot in #748
  • chore(deps-dev): Update tox requirement from 4.15.0 to 4.15.1 by @dependabot in #751
  • refactor: extred -> extref by @jkowalleck in #753
  • refactor: const for purl type pypi by @jkowalleck in #754
  • feat: environment - gather declared license information according to PEP639 by @jkowalleck in #755

Full Changelog: v4.4.3...v4.5.0

v4.4.3

26 Apr 11:56
Compare
Choose a tag to compare

v4.4.3 (2024-04-26)

Fix

  • fix: do not use cyclonedx-lib==7.3.1 (#729)

add regression test for #727
fixes #727


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aa715c0)


What's Changed

Full Changelog: v4.4.2...v4.4.3

v4.4.2

21 Apr 13:42
Compare
Choose a tag to compare

v4.4.2 (2024-04-21)

Fix

  • fix: release lates container image (#726)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0155450)