Releases: CycloneDX/cyclonedx-python-lib
v5.0.0-rc.1
BREAKING CHANGES
- Dropped support for python<3.8 (#436 via #441; enable #433)
- Reworked license related models, collections, and factories (#365 via #466)
- Behavior
- API
- Enum
schema.SchemaVersionis no longer string-like (#442 via #447) - Enum
schema.OutputVersionis no longer string-like (#442 via #447) - Abstract class
output.BaseOutputrequires implementation of new methodoutput_format(#446 via #447) - Abstract method
output.BaseOutput.output_as_string()got new optional parameterindent(#437 via #458) - Abstract method
output.BaseOutput.output_as_string()accepts arbitrary kwargs (via #458, #462) - Removed class
factory.license.LicenseChoiceFactory(via #466)
The old functionality was integrated intofactory.license.LicenseFactory. - Method
factory.license.LicenseFactory.make_from_string()'s parametername_or_spdxwas renamed tovalue(via #466) - Method
factory.license.LicenseFactory.make_from_string()'s return value can also be aLicenseExpression(#365 via #466)
The behavior imitates the oldfactory.license.LicenseChoiceFactory.make_from_string() - Renamed class
module.Licensetomodule.license.DisjunctliveLicense(#365 via #466) - Removed class
module.LicenseChoice(#365 via #466)
Use dedicated classesmodule.license.DisjunctliveLicenseandmodule.license.LicenseExpressioninstead - All occurrences of
models.LicenseChoicewere replaced bymodels.licenses.License(#365 via #466) - All occurrences of
SortedSet[LicenseChoice]were specialized tomodels.license.LicenseRepository(#365 via #466)
- Enum
Fixed
- Serialization of multy-licenses (#365 via #466)
- Detect unused "dependent" components in
model.bom.validate()(via #464)
Changed
- Updated latest supported list of supported SPDX license identifiers (via #433)
- Shipped schema files are moved to a protected space (via #433)
These files were never intended for public use. - XML output uses a default namespace, which makes results smaller. (#438 via #458)
Added
- Support for Python 3.12 (via #460)
- JSON- & XML-Validators (#432, #446 via #433, #448)
The functionality might require additional dependencies, that can be installed with the extra "validation".
See the docs in section "Installation" for details. - JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
- Type hints, typings & overloads for better integration downstream (via #463)
- API
- New sub-package
validation(#432, #446 via #433, #448) - New class
exception.MissingOptionalDependencyException(#432 via #433) - New class
exception.LicenseExpressionAlongWithOthersException(#453 via #452) - New dictionaries
output.{json,xml}.BY_SCHEMA_VERSION(#446 via #447) - Existing implementations of class
output.BaseOutputnow have a new methodoutput_format(#446 via #447) - Existing implementations of method
output.BaseOutput.output_as_string()got new optional parameterindent(#437 via #458) - Existing implementations of method
output.BaseOutput.output_to_file()got new optional parameterindent(#437 via #458) - New method
factory.license.LicenseFactory.make_with_expression()(via #466) - New class
model.license.DisjunctiveLicense(#365 via #466) - New class
model.license.LicenseExpression(#365 via #466) - New class
model.license.LicenseRepository(#365 via #466) - New class
serialization.LicenseRepositoryHelper(#365 via #466)
- New sub-package
Tests
- Added validation tests with official CycloneDX schema test data (#432 via #433)
- Use proper snapshots, instead of pseudo comparison (#437 via #464)
- Added regression test for bug #365 (via #466, #467)
Misc
- Bumped internal dev- and QA-tools (#436 via #441)
- Raised dependency on
py-serializable@^0.15.0, was@^0.11.1(via #458, #463, #464, #466)
What's Changed
- chore: publish coverage report to codacy by @jkowalleck in #439
- proper enums by @jkowalleck in #447
- feat: easy access validators by @jkowalleck in #448
- fix:
bom.validate()detects invalid license constellations by @jkowalleck in #452 - feat: options for beautiful output by @jkowalleck in #458
- chore: remove encoding leadin by @jkowalleck in #459
- feat: support python 3.12 by @jkowalleck in #460
- fix: tuple comparison by @jkowalleck in #461
- fix: typing for
kwargsby @jkowalleck in #462 - Feat: typing, typehints, & overload by @jkowalleck in #463
- tests: snapshots and complete deep comparison, instead of pseudo-compare by @jkowalleck in #464
- fix: multiple licenses issue #365 by @jkowalleck in #466
- tests: import mixed licenses by @jkowalleck in #467
Full Changelog: v4.2.2...v5.0.0-rc.1
Contributors
Assets 4
v4.2.2
v4.2.2 (2023-09-14)
Chore
- chore: dont lock poetry (#431)
fixes #430
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (49b144b)
- chore(deps): bump actions/checkout from 3 to 4 (#429)
Bumps actions/checkout from 3 to 4.
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a70754d)
Documentation
- docs: fix shield in README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a941b1)
- docs(example): showcase
LicenseChoiceFactory(#428)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c56ec83)
Fix
- fix: ship meta files (#434)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3a1a8a5)
v4.2.1
v4.2.1 (2023-09-06)
Fix
- fix:
LicenseChoiceFactory.make_from_string()prioritize SPDX id over expression (#427)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e1bdfdd)
v4.2.0
v4.2.0 (2023-09-06)
Chore
- chore(deps): bump python-semantic-release/python-semantic-release (#423)
Bumps python-semantic-release/python-semantic-release from 8.0.7 to 8.0.8.
updated-dependencies:
- dependency-name: python-semantic-release/python-semantic-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (13e441d)
Feature
- feat: complete SPDX license expression (#425)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e06f9fd)
v4.1.0
v4.1.0 (2023-08-27)
Chore
- chore: migrate to python-semantic-release8 (#421)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (14c501c)
- chore: migrate to python-semantic-release8 (#420)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0e35d88)
- chore: migrate to python-semantic-release8 (#419)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (adf5a36)
- chore(deps-dev): bump distlib from 0.3.6 to 0.3.7 (#412)
Bumps distlib from 0.3.6 to 0.3.7.
updated-dependencies:
- dependency-name: distlib
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bc9f01d)
- chore(deps-dev): bump pluggy from 1.0.0 to 1.2.0 (#413)
Bumps pluggy from 1.0.0 to 1.2.0.
updated-dependencies:
- dependency-name: pluggy
dependency-type: indirect
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (be8af3e)
- chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#411)
Bumps typed-ast from 1.5.4 to 1.5.5.
updated-dependencies:
- dependency-name: typed-ast
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (75302b1)
- chore(deps-dev): bump lxml from 4.9.2 to 4.9.3 (#405)
Bumps lxml from 4.9.2 to 4.9.3.
updated-dependencies:
- dependency-name: lxml
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6aa057b)
- chore(deps-dev): bump mypy from 1.4.0 to 1.4.1 (#400)
Bumps mypy from 1.4.0 to 1.4.1.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (54d6a1a)
Ci
- ci: streamline concurrency for deploy (#406)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a7ddfa)
-
ci: run examples on prod-deps only (#402)
-
ci: run examples on prod-deps only
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- ci: simplify ci
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf40048)
- ci: run examples (#401)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (058f386)
Documentation
- docs(examples): showcase shorthand dependency management (#403)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8b32efb)
Feature
- feat: programmatic access to library's version (#417)
adds cyclonedx.__version__
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3585ea9)
v4.0.1
v4.0.0
Feature
Breaking
- Large portions of this library have been re-written for this release and many methods and contracts have changed. (
8fb1b14) - Model classes changed to relocated Vulnerability at Bom, not at Component (
8fb1b14) - Model classes changed to relocated Vulnerability at Bom, not at Component (
8fb1b14) - (
8fb1b14)