- Dropped support for Python 3.6 (supplied by @hakandilek) #292
- Support for deserializing from JSON and XML to the Python Model #185
- Officially support for Python 3.11 #322
- Support for
BomLink#266 - Support for
serviceto havedepenendency#277 - Support for creating VEX CycloneDX documents without needing to have Components #261
- Make tests' schema paths relative to
cyclonedxpackage (forward port from3.x.x) #338 - Prevent errors on metadata handling for some specification version (forward port from
3.x.x) #330 - Dependency updates (#346, #340)
- Type hint for
get_component_by_purlis incorrect (3f20bf0)
- Out-factor SPDX compound detection (
fd4d537) - Out-factor SPDX compound detection (
2b69925) - License factories (
033bad2)
Note: There was no 3.0.0 release officially, but due to CI publishing issues, an unexpected 3.0.0 release was publiched to PyPi and subsequently yanked from PyPi. There are NO breaking changes between 2.7.1 and 3.1.0.
- BOM validation fails when Components or Services are nested #275
- updated dependencies #271, #270, #269 and #256
- Support for CycloneDX schema
1.4.2- addsvulnerability.propertiesto the schema (32e7929) - Support for CycloneDX schema version
1.4.2(db7445c) - Added updated CycloneDX 1.4.2 schemas (
7fb27ae)
- Add expected lower-than comparators for
OrganizationalEntityandVulnerabilityCredits(#248) (0046ee1)
- Use
SortedSetin model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (8a1c404)
- Fix typo "This is out" -> "This is our" (
ef0278a)
- deps: Remove unused
typing-extensionsconstraints (2ce358a)
- Add support for Dependency Graph in Model and output serialisation (
ea34513)
- Bump XML schemas to latest fix version for 1.2-1.4 - see: (
bd2e756) - Bump JSON schemas to latest fix verison for 1.2 and 1.3 - see: (
bd6a088)
- Prevent error if
versionnot set (b9a84b5) versionbeing optional in JSON output can raise error (ba0c82f)
- Output errors are verbose (
bfe8fb1)
- Bump dependencies (
da3f0ca) - Completed work on #155 (#172) (
a926b34) - Support complete model for
bom.metadata(#162) (2938a6c) - Support for
bom.externalReferencesin JSON and XML #124 (1b733d7) - Complete support for
bom.components(#155) (32c0139) - Support services in XML BOMs (
9edf6c9)
license_urlnot serialised in XML output #179 (#180) (f014d7c)Component.bom_refis not Optional in our model implementation (in the schema it is) - we generate a UUID ifbom_refis not supplied explicitly (5c954d1)- Temporary fix for
__hash__of Component withproperties#153 (a51766d) - Further fix for #150 (
1f55f3e) - Regression introduced by first fix for #150 (
c09e396) - Components with no version (optional since 1.4) produce invalid BOM output in XML #150 (
70d25c8) expressionnot supported in Component Licsnes for version 1.0 (15b081b)
- Adopt PEP-3102 (
da3f0ca) - Optional Lists are now non-optional Sets (
da3f0ca) - Remove concept of DEFAULT schema version - replaced with LATEST schema version (
da3f0ca) - Added
BomRefdata type (da3f0ca)
Support for CycloneDX schema version 1.4 (#108)
Support for CycloneDX 1.4. This includes:
- Support for
toolshavingexternalReferences - Allowing
versionfor aComponentto be optional in 1.4 - Support for
releaseNotesperComponent - Support for the core schema implementation of Vulnerabilities (VEX)
$schemais now included in JSON BOMs- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
- Ensure schema is adhered to in 1.0
- URIs are now used throughout the library through a new
XsUriclass to provide URI validation
- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
- Added reference to release of this library on Anaconda
- Removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) (
3677d9f)
- Further loosened dependency definitions (
8bef6ec)
- Loosed dependency versions to make this library more consumable (
55f10fb)
- Constructor for
Vulnerabilityto correctly defineratingsas optional (395a0ec)
- Typing & PEP 561 (
9144765)
- Correct way to write utf-8 encoded files (
49f9369)
- Add support for Conda (
bd29c78)
- Missing check for Classifiers in Environment Parser (
b7fa38e)
- Add support for parsing package licenses when using the
EnvironmentParsers (c414eaf)
- Coding standards violations (
00cd1ca) - Handle
Pipfile.lockdependencies without anindexspecified (26c62fb)
- Add namespace and subpath support to Component to complete PackageURL Spec support (
780adeb)
- Multiple hashes being created for an externalRefernce which is not as required (
970d192)
- Add support for
externalRefernecesforComponentsand associated enhancements to parsers to obtain information where possible/known (a152852)
- Support for pipenv.lock file parsing (
68a2dff)
- Added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances (
e03a25c)
- Better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance (
5fee85f)
- Helper method for representing a File as a Component taking into account versioning for files as per https://github.com/CycloneDX/cyclonedx.org/issues/34 (
7e0fb3c) - Support for non-PyPi Components - PackageURL type is now definable when creating a Component (
fde79e0)
- Add support for tool(s) that generated the SBOM (
7d1e6ef)
- Bumped a dependency version (
efc1053)
- Improved handling for
requirements.txtcontent without pinned or declared versions (7f318cb)
- Support for localising vectors (i.e. stripping out any scheme prefix) (
b9e9e17) - Helper methods for deriving Severity and SourceType (
6a86ec2)
- Removed print call (
8806553) - Relaxed typing of parameter to be compatible with Python < 3.9 (
f9c7990) - Removed print call (
d272d2e) - Remove unused commented out code (
ba4f285)
- Adding support for extension schema that descriptions vulnerability disclosures (
d496695)
- Added helper method to return a PackageURL object representing a Component (
367bef1)
- Whitespace on empty line removed (
cfc952e)
- Add poetry support (
f3ac42f)
- test: Test was not updated for revised author statement (
d1c9d37) - build: Test failure and dependency missing (
9a2cfe9) - build: Removed artefacts associtated with non-poetry build (
f9119d4)
- Add in pypi badge (
6098c36)
- Additional info to poetry, remove circleci (
2fcfa5a)
- Initial release to pypi, tell poetry to include cyclonedx package (
a030177)
- Release with full name (
4c620ed)
- Initial release to pypi (
99687db)