v7.4.1

v7.4.1 (2024-06-12)

Chore

• chore: rollback py sem release matcher

Signed-off-by: Jan Kowalleck <[email protected]> (c33a130)

Documentation

• docs: exclude dep bumps from changelog (#627)

fixes #616

---

Signed-off-by: Jan Kowalleck <[email protected]> (60361f7)

Fix

• fix: cyclonedx.model.Property.value value is optional (#631)

cyclonedx.model.Property.value value is optional, in accordance with
the spec.

fixes #630

---

Signed-off-by: Michael Schlenker <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Michael Schlenker <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (ad0f98b)

v7.4.0

v7.4.0 (2024-05-23)

Documentation

• docs: OSSP best practice percentage

Signed-off-by: Jan Kowalleck <[email protected]> (75f58dc)

Feature

• feat: updated SPDX license list to v3.24.0 (#622)

Signed-off-by: Jan Kowalleck <[email protected]> (3f9770a)

---

What's Changed

• chore(deps-dev): update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #615
• chore(deps-dev): update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #618
• chore(deps-dev): update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #619
• chore(deps-dev): update xmldiff requirement from 2.6.3 to 2.7.0 by @dependabot in #620
• feat: updated SPDX license list to v3.24.0 by @jkowalleck in #622

Full Changelog: v7.3.4...v7.4.0

v7.3.4

v7.3.4 (2024-05-06)

Fix

• fix: allow suppliers with empty-string names (#611)

fixes #600

---

Signed-off-by: Jan Kowalleck <[email protected]> (b331aeb)

---

What's Changed

• fix: allow suppliers with empty-string names by @jkowalleck in #611

Full Changelog: v7.3.3...v7.3.4

v7.3.3

v7.3.3 (2024-05-06)

Chore

• chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <[email protected]> (0d00496)

• chore(ci): update GH action versions (#606)

Signed-off-by: Paul Horton <[email protected]> (6d1bc5b)

Fix

• fix: json validation allow arbitrary $schema value (#613)

fixes #612

---

Signed-off-by: Jan Kowalleck <[email protected]> (08b7c60)

---

What's Changed

• chore(deps-dev): update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #602
• chore(deps-dev): update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #604
• chore(deps-dev): update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #605
• chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #603
• chore(ci): update GH action versions by @madpah in #606
• chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #608
• fix: json validation allow arbitrary $schema value by @jkowalleck in #613

Full Changelog: v7.3.2...v7.3.3

v7.3.2

v7.3.2 (2024-04-26)

Fix

• fix: properly sort components based on all properties (#599)

reverts #587 - as this one introduced errors
fixes #598
fixes #586

---

Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Co-authored-by: Paul Horton <[email protected]> (8df488c)

v7.3.1

v7.3.1 (2024-04-22)

Chore

• chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <[email protected]> (d437c40)

Fix

• fix: include all fields of Component in __lt__ function for #586 (#587)

Fixes #586.

Signed-off-by: Paul Horton <[email protected]> (d784685)

v7.3.0

v7.3.0 (2024-04-19)

Feature

• feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the LicenseAcknowledgement.

Signed-off-by: Jan Kowalleck <[email protected]> (7ca2455)

v7.2.0

v7.2.0 (2024-04-19)

Feature

• feat: disjunctive license acknowledgement (#591)

---

Signed-off-by: Jan Kowalleck <[email protected]> (9bf1839)

Unknown

• tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. 1

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

[…]::TestJsonValidator::test_validate_no_none_001
[…]::TestJsonValidator::test_validate_no_none_002
[…]::TestJsonValidator::test_validate_no_none_003
[…]::TestJsonValidator::test_validate_no_none_004
[…]::TestJsonValidator::test_validate_no_none_005
[…]::TestJsonValidator::test_validate_no_none_006
[…]::TestJsonValidator::test_validate_no_none_007
[…]::TestJsonValidator::test_validate_no_none_008

the tests are named:

[…]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_considerations_env_1_6
[…]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
[…]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
[…]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
[…]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
[…]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
[…]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

Signed-off-by: Claudia <[email protected]> (ae3f79c)

• doc: poor merge resolved

Signed-off-by: Paul Horton <[email protected]> (a498faa)

---

What's Changed

• tests: meaningful names to validation tests by @claui in #588
• feat: disjunctive license acknowledgement by @jkowalleck in #591

New Contributors

• @claui made their first contribution in #588

Full Changelog: v7.1.0...v7.2.0

v7.1.0

v7.1.0 (2024-04-10)

Documentation

• docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)

Signed-off-by: Paul Horton <[email protected]> (d230e67)

Feature

• feat: support bom.properties for CycloneDX v1.5+ (#585)

Signed-off-by: Paul Horton <[email protected]> (1d1c45a)

---

What's Changed

• docs: missing schema support table & update schema support to reflect version 7.0.0 by @madpah in #584
• feat: support bom.properties for CycloneDX v1.5+ by @madpah in #585

Full Changelog: v7.0.0...v7.1.0

v7.0.0

v7.0.0 (2024-04-09)

Breaking

• feat!: Support for CycloneDX v1.6
• added draft v1.6 schemas and boilerplate for v1.6
• re-generated test snapshots for v1.6
• note bom.metadata.manufacture as deprecated
• work on bom.metadata for v1.6
• Deprecated .component.author. Added .component.authors and .component.manufacturer
• work to add .component.omniborid - but tests deserialisation tests fail due to schema differences (.component.author not in 1.6)
• work to get deserialization tests passing
• chore(deps): bump py-serializable to >=1.0.3 to resolve issues with deserialization to XML
• imports tidied
• properly added .component.swhid
• add .component.cryptoProperties - with test failures for SchemaVersion < 1.6
• typing and bandit ignores
• coding standards
• test filtering
• coding standards
• additional tests to increase code coverage
• corrected CryptoMode enum
• coding standards
• Added address to organizationalEntity
• Added address to organizationalEntity
• raise UserWarning in .component.version has length > 1024
• coding standards and typing
• add acknowledgement to LicenseExpression (#582)
• more proper way to filter test cases
• update schema to published versions
• fetch schema 1.6 JSON
• fetch test data for CDX 1.6
• reformat
• reformat
• refactor
• style
• refactor
• docs

Chore

• chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 (#573)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #574
• chore(deps-dev): update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #573
• feat: Support for CycloneDX v1.6 by @madpah in #576

Full Changelog: v6.4.4...v7.0.0