CHANGELOG.md

CHANGELOG

v4.2.3 (2023-10-16)

Chore

• chore: Update CONTRIBUTING.md

Signed-off-by: Jan Kowalleck <[email protected]> (0ebaa21)

Ci

• ci: publish coverage report to codacy (#439)

Signed-off-by: Jan Kowalleck <[email protected]> (0012a82)

Fix

• fix: SPDX-expression-validation internal crashes are cought and handled (#471)

Signed-off-by: Jan Kowalleck <[email protected]> (5fa66a0)

v4.2.2 (2023-09-14)

Chore

• chore: dont lock poetry (#431)

fixes #430

Signed-off-by: Jan Kowalleck <[email protected]> (49b144b)

• chore(deps): bump actions/checkout from 3 to 4 (#429)

Bumps actions/checkout from 3 to 4.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a70754d)

Documentation

• docs: fix shield in README

Signed-off-by: Jan Kowalleck <[email protected]> (6a941b1)

• docs(example): showcase LicenseChoiceFactory (#428)

Signed-off-by: Jan Kowalleck <[email protected]> (c56ec83)

Fix

• fix: ship meta files (#434)

Signed-off-by: Jan Kowalleck <[email protected]> (3a1a8a5)

v4.2.1 (2023-09-06)

Fix

• fix: LicenseChoiceFactory.make_from_string() prioritize SPDX id over expression (#427)

Signed-off-by: Jan Kowalleck <[email protected]> (e1bdfdd)

v4.2.0 (2023-09-06)

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#423)

Bumps python-semantic-release/python-semantic-release from 8.0.7 to 8.0.8.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (13e441d)

Feature

• feat: complete SPDX license expression (#425)

Signed-off-by: Jan Kowalleck <[email protected]> (e06f9fd)

v4.1.0 (2023-08-27)

Chore

• chore: migrate to python-semantic-release8 (#421)

Signed-off-by: Jan Kowalleck <[email protected]> (14c501c)

• chore: migrate to python-semantic-release8 (#420)

Signed-off-by: Jan Kowalleck <[email protected]> (0e35d88)

• chore: migrate to python-semantic-release8 (#419)

Signed-off-by: Jan Kowalleck <[email protected]> (adf5a36)

• chore(deps-dev): bump distlib from 0.3.6 to 0.3.7 (#412)

Bumps distlib from 0.3.6 to 0.3.7.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: distlib dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bc9f01d)

• chore(deps-dev): bump pluggy from 1.0.0 to 1.2.0 (#413)

Bumps pluggy from 1.0.0 to 1.2.0.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: pluggy dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (be8af3e)

• chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#411)

Bumps typed-ast from 1.5.4 to 1.5.5.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: typed-ast dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (75302b1)

• chore(deps-dev): bump lxml from 4.9.2 to 4.9.3 (#405)

Bumps lxml from 4.9.2 to 4.9.3.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: lxml dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6aa057b)

• chore(deps-dev): bump mypy from 1.4.0 to 1.4.1 (#400)

Bumps mypy from 1.4.0 to 1.4.1.

• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (54d6a1a)

Ci

• ci: streamline concurrency for deploy (#406)

Signed-off-by: Jan Kowalleck <[email protected]> (6a7ddfa)

• ci: run examples on prod-deps only (#402)

• ci: run examples on prod-deps only

Signed-off-by: Jan Kowalleck <[email protected]>

• ci: simplify ci

Signed-off-by: Jan Kowalleck <[email protected]>

---

Signed-off-by: Jan Kowalleck <[email protected]> (cf40048)

• ci: run examples (#401)

Signed-off-by: Jan Kowalleck <[email protected]> (058f386)

Documentation

• docs(examples): showcase shorthand dependency management (#403)

Signed-off-by: Jan Kowalleck <[email protected]> (8b32efb)

Feature

• feat: programmatic access to library's version (#417)

adds cyclonedx.__version__

Signed-off-by: Jan Kowalleck <[email protected]> (3585ea9)

v4.0.1 (2023-06-28)

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#393)

Bumps python-semantic-release/python-semantic-release from 7.33.2 to 7.34.6.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (2180d31)

• chore(deps-dev): bump mypy from 1.3.0 to 1.4.0 (#395)

• chore(deps-dev): bump mypy from 1.3.0 to 1.4.0

Bumps mypy from 1.3.0 to 1.4.0.

• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

• style: ignore type confusion

Signed-off-by: Jan Kowalleck <[email protected]>

---

Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jan Kowalleck <[email protected]> (ab36db4)

• chore(deps): bump filelock from 3.10.7 to 3.12.2 (#394)

Bumps filelock from 3.10.7 to 3.12.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: filelock dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (90b339b)

• chore(deps-dev): bump coverage from 7.2.6 to 7.2.7 (#390)

Bumps coverage from 7.2.6 to 7.2.7.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (638d472)

• chore(deps-dev): bump xmldiff from 2.6.1 to 2.6.3 (#388)

Bumps xmldiff from 2.6.1 to 2.6.3.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: xmldiff dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b5fa67c)

• chore(deps-dev): bump coverage from 7.2.5 to 7.2.6 (#387)

Bumps coverage from 7.2.5 to 7.2.6.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c49c320)

• chore(deps-dev): bump mypy from 1.2.0 to 1.3.0 (#385)

Bumps mypy from 1.2.0 to 1.3.0.

• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bb6d8bc)

• chore(deps-dev): bump xmldiff from 2.5 to 2.6.1 (#375)

Bumps xmldiff from 2.5 to 2.6.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: xmldiff dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (27b9ec5)

• chore(deps-dev): bump mypy from 1.1.1 to 1.2.0 (#372)

Bumps mypy from 1.1.1 to 1.2.0.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5e5a8c2)

• chore(deps-dev): bump coverage from 7.2.2 to 7.2.5 (#383)

Bumps coverage from 7.2.2 to 7.2.5.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b288d94)

• chore(deps): update poetry and other dependency versions (#369)

• update packageurl type hints

Signed-off-by: gruebel <[email protected]>

• lower bound packageurl-python dependency

Signed-off-by: gruebel <[email protected]>

• update deps.lowest.r

Signed-off-by: gruebel <[email protected]>

---

Signed-off-by: gruebel <[email protected]> (aa5b936)

• chore: CI/QA/Build meintenance (#358)

• build: streamlined ci and builds

Signed-off-by: Jan Kowalleck <[email protected]>

• chore: upgrade lockfile with poetry1.4

Signed-off-by: Jan Kowalleck <[email protected]>

• removed extra brace

Signed-off-by: Paul Horton <[email protected]>

• fixed long line

Signed-off-by: Paul Horton <[email protected]>

---

Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: Paul Horton <[email protected]> Co-authored-by: Paul Horton <[email protected]> (9779af0)

• chore: followup of #340 (#360)

Signed-off-by: Jan Kowalleck <[email protected]> (723ae8e)

• chore: prevent dev-lowest-lockfile from dependency bumps (#359)

Signed-off-by: Jan Kowalleck <[email protected]> (16870f4)

• chore: manually craft more accurate CHANGELOG for 4.0.0

Signed-off-by: Paul Horton <[email protected]> (32ce3a2)

Ci

• ci: cannot use variables in uses

Signed-off-by: Paul Horton <[email protected]> (2371a1b)

• ci: cannot use variables in uses

Signed-off-by: Paul Horton <[email protected]> (aa0eab1)

• ci: add concurrency rules (#361)

Signed-off-by: Jan Kowalleck <[email protected]> (f65d646)

Documentation

• docs(examples): README (#399)

Signed-off-by: Jan Kowalleck <[email protected]> (1d262ba)

• docs: add exaple how to build and serialize (#397)

Signed-off-by: Jan Kowalleck <[email protected]> (65e22bd)

Fix

• fix: conditional warning if no root dependencies were found (#398)

Signed-off-by: Jan Kowalleck <[email protected]> (c8175bb)

Unknown

• 4.0.1

Automatically generated by python-semantic-release (4a72f51)

• Add missing space in warning message. (#364)

Signed-off-by: Michael Schlenker <[email protected]> Co-authored-by: Michael Schlenker <[email protected]> (dad0d28)

v4.0.0 (2023-03-20)

Chore

• chore(deps): bump relekang/python-semantic-release from 7.31.2 to 7.33.1 (#345)

Bumps relekang/python-semantic-release from 7.31.2 to 7.33.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: relekang/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a011d89)

• chore: package manifest fix link to homepage and documentation (#291)

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]> (f2350b4)

Feature

• feat: Release 4.0.0 #341)

Highlights of this release include:

• Support for De-serialization from JSON and XML to this Pythonic Model
• Deprecation of Python 3.6 support
• Support for Python 3.11
• Support for BomLink
• Support VEX without needing Component in the same Bom
• Support for services having dependencies

BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed.

Signed-off-by: Paul Horton <[email protected]>

• feat: support VEX without Components in the same BOM

BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <[email protected]>

• feat: support VEX without Components in the same BOM

BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <[email protected]>

feat: allow version of BOM to be defined

feat: allow serial_number of BOM to be prescribed

feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx Signed-off-by: Paul Horton <[email protected]>

• chore: fix release workflow

• chore: editorconfig

Signed-off-by: Jan Kowalleck <[email protected]>

• feat: support for deserialization from JSON and XML (#290)

BREAKING CHANGE:

• feat: drop Python 3.6 support

Signed-off-by: Hakan Dilek <[email protected]> Signed-off-by: Paul Horton <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> Co-authored-by: Hakan Dilek <[email protected]>

• fix: update serializable to include XML safety changes

Signed-off-by: Paul Horton <[email protected]>

• feat: Support for Python 3.11 (#349)

• feat: officially test and support Python 3.11

Signed-off-by: Paul Horton <[email protected]>

• removed unused imports

Signed-off-by: Paul Horton <[email protected]>

• bump poetry to 1.1.12 in CI

Signed-off-by: Paul Horton <[email protected]>

• fix: remove toml as dependency as not used and seems to be breaking Python 3.11 CI

Signed-off-by: Paul Horton <[email protected]>

• fix: removed types-toml from dependencies - not used

Signed-off-by: Paul Horton <[email protected]>

---

Signed-off-by: Paul Horton <[email protected]>

• fix: removed autopep8 in favour of flake8 as both have conflicting dependencies now

Signed-off-by: Paul Horton <[email protected]>

• chore: bump dev dependencies

fix: removed setuptools as dependency Signed-off-by: Paul Horton <[email protected]>

• tests: compoennt versions optional (#350)

• chore: exclude venv* from QA; add typing to QA

Signed-off-by: Jan Kowalleck <[email protected]>

• tests: component versions are optional

Signed-off-by: Jan Kowalleck <[email protected]>

---

Signed-off-by: Jan Kowalleck <[email protected]>

• doc: doc updates for new deserialization feature

Signed-off-by: Paul Horton <[email protected]>

• doc: doc updates for contribution

Signed-off-by: Paul Horton <[email protected]>

---

Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: Hakan Dilek <[email protected]> Co-authored-by: Jan Kowalleck <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> (8fb1b14)

Unknown

• 4.0.0

Automatically generated by python-semantic-release (40fbfda)

v3.1.5 (2023-01-12)

Chore

• chore: do not ship exra LICENSE file (#339)

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]> (b7f1028)

Fix

• fix: mak test's schema paths relative to cyclonedx package (#338)

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]> (1f0c05f)

Unknown

• 3.1.5

Automatically generated by python-semantic-release (ba603cf)

v3.1.4 (2023-01-11)

Chore

• chore: add Jan Kowalleck as a maintainer

Signed-off-by: Jan Kowalleck <[email protected]> (7aae26d)

Fix

• fix(tests): include tests in sdist builds (#337)

• feat: include tests in sdist builds for #336

• delete unexpected DS_Store file

Signed-off-by: Jan Kowalleck <[email protected]> (936ad7d)

Test

• test: mock ThisTool.version for constisten results (#335)

Signed-off-by: Jan Kowalleck <[email protected]> (57a9e5e)

Unknown

• 3.1.4

Automatically generated by python-semantic-release (0b19294)

v3.1.3 (2023-01-07)

Fix

• fix: serialize dependency graph for nested components (#329)

• tests: regression tests for issue #328

• fix: for issue #328

Signed-off-by: Jan Kowalleck <[email protected]> (fb3f835)

Test

• test: tidy up test beds (#333)

• test: consolidate imports

• test: recreate all fixtures

• test: docs

Signed-off-by: Jan Kowalleck <[email protected]> (ab862e7)

Unknown

• 3.1.3

Automatically generated by python-semantic-release (11a420c)

v3.1.2 (2023-01-06)

Chore

• chore(deps): bump Gr1N/setup-poetry from 7 to 8 (#326)

Bumps Gr1N/setup-poetry from 7 to 8.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: Gr1N/setup-poetry dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (f3af229)

• chore: editorconfig

Signed-off-by: Jan Kowalleck <[email protected]> (8c75b1b)

Ci

• ci: fix py36 (#320)

Signed-off-by: Jan Kowalleck <[email protected]> (cf9f790)

Documentation

• docs: typo

Signed-off-by: Jan Kowalleck <[email protected]> (539b57a)

• docs: fix shields (#324)

caused by badges/shields#8671

Signed-off-by: Jan Kowalleck <[email protected]> (555dad4)

• docs: fix typo (#318)

Signed-off-by: Roland Weber <[email protected]> (63bfb87)

Fix

• fix: prevent errors on metadata handling for some specification versions (#330)

Signed-off-by: Jan Kowalleck <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]> (f08a656)

Style

• style: split joined path segments (#331)

Signed-off-by: Jan Kowalleck <[email protected]> (493104c)

Unknown

• 3.1.2

Automatically generated by python-semantic-release (0853d14)

• clarify sign-off step (#319)

Signed-off-by: Roland Weber <[email protected]> (007fb96)

v3.1.1 (2022-11-28)

Chore

• chore: CHANGELOG typos (6c0c174)

• chore: update CHANGELOG to explain jump from 2.7.1 to 3.1.0. (1b8cd12)

Fix

• fix: type hint for get_component_by_purl is incorrect

chore: force automated release Signed-off-by: Paul Horton <[email protected]> (3f20bf0)

Unknown

• 3.1.1

Automatically generated by python-semantic-release (503955e)

• Merge pull request #310 from gruebel/fix-method-type-hint

fix: type hint for get_component_by_purl is incorrect (06037b9)

• move tests to model bom file

Signed-off-by: gruebel <[email protected]> (4c8a3ab)

• fix type hint for get_component_by_purl

Signed-off-by: gruebel <[email protected]> (735c05e)

v3.1.0 (2022-09-15)

Chore

• chore: fix release workflow (5863622)

• chore: fix poetry in tox

Signed-off-by: Jan Kowalleck <[email protected]> (7f8c668)

Feature

• feat: out-factor SPDX compund detection

Signed-off-by: Jan Kowalleck <[email protected]> (fd4d537)

• feat: out-factor SPDX compund detection

Signed-off-by: Jan Kowalleck <[email protected]> (2b69925)

• feat: license factories

Signed-off-by: Jan Kowalleck <[email protected]> (033bad2)

Test

• test: license factories

Signed-off-by: Jan Kowalleck <[email protected]> (baf83f9)

Unknown

• 3.1.0

Automatically generated by python-semantic-release (e52c174)

• Merge pull request #305 from CycloneDX/license-factories

feat: add license factories to more easily support creation of License or LicenseChoice from SPDX license strings #304 (5ff4494)

• tests: refactor tests

Signed-off-by: Jan Kowalleck <[email protected]> (3644f13)

• tests: rebase/fixup poetry lock

Signed-off-by: Jan Kowalleck <[email protected]> (26817c0)

• Merge pull request #301 from CycloneDX/fix-poetry-in-tox

chore: fix poetry in tox (92aea8d)

• remove v3 from CHANGELOG #286 (#287)

Signed-off-by: Jan Kowalleck <[email protected]> (7029721)

• 3.0.0

Automatically generated by python-semantic-release (69582ff)

v2.7.1 (2022-08-01)

Chore

• chore: manual fix release publication 2.7.1

Signed-off-by: Paul Horton <[email protected]> (b569548)

• chore(deps-dev): bump flake8-isort from 4.1.1 to 4.1.2.post0 (#280)

Bumps flake8-isort from 4.1.1 to 4.1.2.post0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: flake8-isort dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (01cb53b)

• chore: resolve hang issue with running isort as pre-commit hook

Signed-off-by: Paul Horton <[email protected]> (fb25b70)

• chore: re-added isort to pre-commit hooks ran isort

Signed-off-by: Paul Horton <[email protected]> (051e543)

Ci

• ci: change pinned version of python-semantic-release as preventing automated releases

Signed-off-by: Paul Horton <[email protected]> (6e12be7)

Fix

• fix: pinned mypy <= 0.961 due to #278

Signed-off-by: Paul Horton <[email protected]> (d6955cb)

• fix: properly support nested components and services #275

Signed-off-by: Paul Horton <[email protected]> (6597db7)

Unknown

• Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275

fix: BOM validation fails when Components or Services are nested #275

fix: updated dependencies #271, #270, #269 and #256 (68a0cdd)

• Merge branch 'main' into fix/bom-validation-nested-components-isue-275 (6caee65)

• added tests to cover new Component.get_all_nested_components() method

Signed-off-by: Paul Horton <[email protected]> (75a77ed)

• Revert "chore: re-added isort to pre-commit hooks"

This reverts commit f50ee1eb79f3f4e5b9d21824e64192d0af43d3f0.

Signed-off-by: Paul Horton <[email protected]> (5f7f30e)

• removed tests where services are part of dependency tree - see #277

Signed-off-by: Paul Horton <[email protected]> (f26862b)

• aded XML output tests for Issue #275

Signed-off-by: Paul Horton <[email protected]> (ebef5f2)

• updated XML output tests

Signed-off-by: Paul Horton <[email protected]> (356c37e)

• addressed JSON output for #275 including test addiitions

Signed-off-by: Paul Horton <[email protected]> (692c005)

v2.7.0 (2022-07-21)

Chore

• chore(deps): bump virtualenv from 20.15.0 to 20.15.1 (#255)

Bumps virtualenv from 20.15.0 to 20.15.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (d720a5f)

• chore(deps-dev): bump flake8-bugbear from 22.6.22 to 22.7.1 (#259)

Bumps flake8-bugbear from 22.6.22 to 22.7.1.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1175f60)

• chore(deps-dev): bump jsonschema from 4.6.0 to 4.6.1 (#258)

Bumps jsonschema from 4.6.0 to 4.6.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: jsonschema dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ddbfabc)

• chore(deps-dev): bump lxml from 4.9.0 to 4.9.1 (#257)

Bumps lxml from 4.9.0 to 4.9.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: lxml dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (f045b7f)

• chore(deps): bump virtualenv from 20.14.1 to 20.15.0 (#251)

Bumps virtualenv from 20.14.1 to 20.15.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (70270a9)

• chore(deps-dev): bump flake8-bugbear from 22.4.25 to 22.6.22 (#252)

Bumps flake8-bugbear from 22.4.25 to 22.6.22.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c957226)

Feature

• feat: support for CycloneDX schema 1.4.2 - adds vulnerability.properties to the schema (32e7929)

• feat: support for CycloneDX schema version 1.4.2

• Provides support for vulnerability.properties

Signed-off-by: Paul Horton <[email protected]> (db7445c)

• feat: added updated CycloneDX 1.4.2 schemas

Signed-off-by: Paul Horton <[email protected]> (7fb27ae)

Unknown

• 2.7.0

Automatically generated by python-semantic-release (96d155e)

v2.6.0 (2022-06-20)

Chore

• chore(deps): bump colorama from 0.4.4 to 0.4.5 (#249)

Bumps colorama from 0.4.4 to 0.4.5.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: colorama dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (39637ad)

Feature

• feat: reduce unnessessarry type casting of set/SortedSet (#203)

Signed-off-by: Jan Kowalleck <[email protected]> (089d971)

Unknown

• 2.6.0

Automatically generated by python-semantic-release (8481e9b)

v2.5.2 (2022-06-15)

Chore

• chore(deps): bump actions/setup-python from 3 to 4 (#247)

Bumps actions/setup-python from 3 to 4.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ddd0144)

Fix

• fix: add expected lower-than comparators for OrganizationalEntity and VulnerabilityCredits (#248)

Signed-off-by: Jan Kowalleck <[email protected]> (0046ee1)

Unknown

• 2.5.2

Automatically generated by python-semantic-release (fb9a796)

v2.5.1 (2022-06-10)

Chore

• chore(deps-dev): bump mypy from 0.960 to 0.961 (#244)

Bumps mypy from 0.960 to 0.961.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (48ea951)

Fix

• fix: add missing Vulnerability comparator for sorting (#246)

Partial fix for #245.

Signed-off-by: Rodney Richardson <[email protected]> (c3f3d0d)

Unknown

• 2.5.1

Automatically generated by python-semantic-release (1ea5b20)

v2.5.0 (2022-06-10)

Build

• build: move typing to dev-dependencies

Move types-setuptools and types-toml to dev-dependencies (#226)

Signed-off-by: Adam Johnson <[email protected]> (0e2376b)

Chore

• chore(deps-dev): bump jsonschema from 4.5.1 to 4.6.0 (#242)

Bumps jsonschema from 4.5.1 to 4.6.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: jsonschema dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (32af991)

• chore(deps-dev): bump lxml from 4.8.0 to 4.9.0 (#241)

Bumps lxml from 4.8.0 to 4.9.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: lxml dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6d5189e)

• chore(deps-dev): bump mypy from 0.942 to 0.960 (#230)

Bumps mypy from 0.942 to 0.960.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (88d9d8b)

• chore(deps): bump types-setuptools from 57.4.12 to 57.4.17 (#238)

Bumps types-setuptools from 57.4.12 to 57.4.17.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3d011ab)

• chore(deps): bump types-setuptools from 57.4.12 to 57.4.17 (#237)

Bumps types-setuptools from 57.4.12 to 57.4.17.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a1d1bae)

• chore(deps): bump typed-ast from 1.5.2 to 1.5.4 (#232)

Bumps typed-ast from 1.5.2 to 1.5.4.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: typed-ast dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (866f9ac)

• chore(deps-dev): bump jsonschema from 4.4.0 to 4.5.1 (#221)

Bumps jsonschema from 4.4.0 to 4.5.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: jsonschema dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c65ce28)

Ci

• ci: fix run with lowest compat dependencies (#240)

Signed-off-by: Jan Kowalleck <[email protected]> (a4596c8)

• ci: pin GH-action semantic-release to v7.28.1 (#234)

Signed-off-by: Jan Kowalleck <[email protected]> (91e1297)

Documentation

• docs: fix typo "This is out" -> "This is our"

Fix typo in comments: "This is out" -> "This is our" (#233)

Signed-off-by: Rodney Richardson <[email protected]> (ef0278a)

Feature

• feat: use SortedSet in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson

Signed-off-by: Paul Horton <[email protected]> (8a1c404)

Test

• test: tests calculate versions if needed

Don't hardcode component version in test (#229)

Signed-off-by: Rodney Richardson <[email protected]> (7b3ce65)

Unknown

• 2.5.0

Automatically generated by python-semantic-release (c820423)

• Merge pull request #235 from RodneyRichardson/use-sorted-set

feat: use SortedSet in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (c43f6d8)

• Merge branch 'CycloneDX:main' into use-sorted-set (1b8ac25)

• Fix SortedSet type hints for python < 3.8

Signed-off-by: Rodney Richardson <[email protected]> (71eeb4a)

• Fix line length warning.

Signed-off-by: Rodney Richardson <[email protected]> (e9ee712)

• Fix more type hints for python < 3.8

Signed-off-by: Rodney Richardson <[email protected]> (f042bce)

• Fix SortedSet type hints for python < 3.8

Signed-off-by: Rodney Richardson <[email protected]> (2e283ab)

• Fix type hint on ComparableTuple

Signed-off-by: Rodney Richardson <[email protected]> (43ef908)

• Sort usings.

Signed-off-by: Rodney Richardson <[email protected]> (8f86c12)

• Fix sonatype-lift warnings

Signed-off-by: Rodney Richardson <[email protected]> (f1e92e3)

• Fix warnings.

Change tuple -> Tuple Fix Diff initialization Add sorting to AttachedText

Signed-off-by: Rodney Richardson <[email protected]> (2b47ff6)

• Reduce sortedcontainers.pyi to only the functions used.

Signed-off-by: Rodney Richardson <[email protected]> (ef0fbe2)

• Remove flake8 warnings

Remove unused imports and trailing whitespace. Sort usings in pyi file.

Signed-off-by: Rodney Richardson <[email protected]> (41d1bee)

• Add type hints for SortedSet

Fix use of set/Set.

Signed-off-by: Rodney Richardson <[email protected]> (df0f554)

• Replace object type hint in lt with Any

Signed-off-by: Rodney Richardson <[email protected]> (ec22f68)

• Make reorder() return type explicit List (as flagged by sonatype-lift bot)

Signed-off-by: Rodney Richardson <[email protected]> (695ee86)

• Use SortedSet in model to improve reproducibility

Added __lt__() to all model classes used in SortedSet, with tests Explicitly declared Enums as (str, Enum) to allow sorting Added dependency to sortedcollections package

Signed-off-by: Rodney Richardson <[email protected]> (368f522)

v2.4.0 (2022-05-17)

Chore

• chore(deps): bump virtualenv from 20.14.0 to 20.14.1 (#208)

Bumps virtualenv from 20.14.0 to 20.14.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (04f3671)

• chore(deps-dev): bump tox from 3.24.5 to 3.25.0 (#209)

Bumps tox from 3.24.5 to 3.25.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8eee5d3)

• chore(deps): bump types-toml from 0.10.4 to 0.10.7 (#222)

Bumps types-toml from 0.10.4 to 0.10.7.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-toml dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5d19805)

• chore(deps-dev): bump flake8-bugbear from 22.3.23 to 22.4.25 (#220)

Bumps flake8-bugbear from 22.3.23 to 22.4.25.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (de7f4aa)

Feature

• feat(deps): remove unused typing-extensions constraints

PullRequest and details via #224

Signed-off-by: gruebel <[email protected]> (2ce358a)

Unknown

• 2.4.0

Automatically generated by python-semantic-release (4874354)

• revert types-toml on lowest setup (32ece98)

v2.3.0 (2022-04-20)

Feature

• feat: add support for Dependency Graph in Model and output serialisation

Signed-off-by: Paul Horton <[email protected]> (ea34513)

Unknown

• 2.3.0

Automatically generated by python-semantic-release (5c1047a)

• Merge pull request #210 from CycloneDX/feat/support-bom-dependencies

feat: add support for Dependency Graph in Model and output serialisation (JSON and XML) (938169c)

• Merge pull request #214 from CycloneDX/feat/support-bom-dependencies-no-cast

no cast (2551545)

• no cast

Signed-off-by: Jan Kowalleck <[email protected]> (dec3b70)

• update to use Set operators (more Pythonic)

Signed-off-by: Paul Horton <[email protected]> (f01665e)

• missing closing > in BomRef.__repr__

Signed-off-by: Paul Horton <[email protected]> (2c7c4be)

• removed unnecessary condition - self.get_bom().components is always a Set

Signed-off-by: Paul Horton <[email protected]> (5eb5669)

• added additional tests to validate Component in Metadata is properly represented in Dependency Graph

Signed-off-by: Paul Horton <[email protected]> (b8d526e)

• adjusted unit tests to account for inclusion of Component in Bom Metadata in Dependency Graphy

Signed-off-by: Paul Horton <[email protected]> (c605f2b)

• updates based on feedback from @jkowalleck

Signed-off-by: Paul Horton <[email protected]> (04511f3)

• Merge branch 'feat/support-bom-dependencies' of github.com:CycloneDX/cyclonedx-python-lib into feat/support-bom-dependencies (8fb408c)

• doc: updated docs to reflect support for Dependency Graph

Signed-off-by: Paul Horton <[email protected]> (a680544)

• updated file hash in test

Signed-off-by: Paul Horton <[email protected]> (56f3d5d)

• removed unused import

Signed-off-by: Paul Horton <[email protected]> (61c3338)

• doc: updated docs to reflect support for Dependency Graph

Signed-off-by: Paul Horton <[email protected]> (3df017f)

• updated file hash in test

Signed-off-by: Paul Horton <[email protected]> (449cb1e)

• removed unused import

Signed-off-by: Paul Horton <[email protected]> (f487c4a)

v2.2.0 (2022-04-12)

Chore

• chore(deps): bump actions/upload-artifact from 2 to 3 (#204)

Bumps actions/upload-artifact from 2 to 3.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (dad8538)

• chore(deps): bump types-setuptools from 57.4.11 to 57.4.12 (#205)

Bumps types-setuptools from 57.4.11 to 57.4.12.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (eae598a)

Ci

• ci: introduce timeout-minutes and drop dependabot branches for CI #206

Signed-off-by: Paul Horton <[email protected]> (e5b426f)

Feature

• feat: Bump XML schemas to latest fix version for 1.2-1.4 - see: CycloneDX/specification#122

Signed-off-by: Paul Horton <[email protected]> (bd2e756)

• feat: bump JSON schemas to latest fix verison for 1.2 and 1.3 - see:

• CycloneDX/specification#123
• CycloneDX/specification#84
• CycloneDX/specification#125

Signed-off-by: Paul Horton <[email protected]> (bd6a088)

Unknown

• 2.2.0

Automatically generated by python-semantic-release (67ecfac)

• Merge pull request #207 from CycloneDX/feat/update-schemas

feat: Update CycloneDX Schemas to latest patch versions (2c55cb5)

• mark schema files as vendored

Signed-off-by: Jan Kowalleck <[email protected]> (a9c3e77)

• Merge pull request #191 from CycloneDX/feat/pre-commit-hooks

[DEV] Add pre-commit hooks (91ceeb1)

v2.1.1 (2022-04-05)

Chore

• chore: shield icons in README (87c490e)

Fix

• fix: prevent error if version not set

Signed-off-by: Paul Horton <[email protected]> (b9a84b5)

Unknown

• 2.1.1

Automatically generated by python-semantic-release (f78d608)

• Merge pull request #194 from CycloneDX/fix/json-output-version-optional-bug-193

fix: version being optional in JSON output can raise error (6f7e09a)

v2.1.0 (2022-03-28)

Chore

• chore(deps): bump virtualenv from 20.13.4 to 20.14.0 (#200)

Bumps virtualenv from 20.13.4 to 20.14.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6ccb637)

• chore(deps-dev): bump mypy from 0.941 to 0.942 (#199)

Bumps mypy from 0.941 to 0.942.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (51dadb9)

• chore(deps-dev): bump flake8-bugbear from 22.1.11 to 22.3.23 (#201)

Bumps flake8-bugbear from 22.1.11 to 22.3.23.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4f9f169)

• chore(deps): bump types-setuptools from 57.4.10 to 57.4.11 (#197)

Bumps types-setuptools from 57.4.10 to 57.4.11.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8f4db6b)

• chore(deps-dev): bump mypy from 0.940 to 0.941 (#195)

Bumps mypy from 0.940 to 0.941.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8012c29)

• chore(deps): bump virtualenv from 20.13.3 to 20.13.4 (#196)

Bumps virtualenv from 20.13.3 to 20.13.4.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (f94bb64)

• chore(deps): bump testfixtures from 6.18.4 to 6.18.5 (#187)

Bumps testfixtures from 6.18.4 to 6.18.5.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: testfixtures dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3b92776)

• chore(deps): bump types-setuptools from 57.4.9 to 57.4.10 (#188)

Bumps types-setuptools from 57.4.9 to 57.4.10.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (dcfaf21)

• chore(deps): bump virtualenv from 20.13.2 to 20.13.3 (#189)

Bumps virtualenv from 20.13.2 to 20.13.3.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (e71e5b3)

• chore(deps-dev): bump mypy from 0.931 to 0.940 (#192)

Bumps mypy from 0.931 to 0.940.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9fce6bf)

• chore: added autopep8 to pre-commit and clarified command in CONTRIBUTING for performance

Signed-off-by: Paul Horton <[email protected]> (5dafb1c)

• chore: first pass pre-commit config

Signed-off-by: Paul Horton <[email protected]> (fd6ab7a)

• chore: added documentation to CONTRIBUTING guidelines

Signed-off-by: Paul Horton <[email protected]> (67cefe1)

• chore(deps): bump actions/checkout from 2 to 3 (#184)

Bumps actions/checkout from 2 to 3.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a3ed3c7)

• chore(deps): bump actions/setup-python from 2 to 3 (#183)

Bumps actions/setup-python from 2 to 3.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ee79ffa)

• chore: dependabot prefix chore, not eco-system (c96cea4)

• chore: make isort and flake8-isort available

Signed-off-by: Jan Kowalleck <[email protected]> (b211de5)

• chore: poetry(deps): bump pyparsing from 3.0.6 to 3.0.7 (#140)

Bumps pyparsing from 3.0.6 to 3.0.7.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1bdb798)

• chore: poetry(deps): bump types-setuptools from 57.4.7 to 57.4.9 (#168)

Bumps types-setuptools from 57.4.7 to 57.4.9.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (48c3f99)

• chore: poetry(deps): bump filelock from 3.4.0 to 3.4.1 (#116)

Bumps filelock from 3.4.0 to 3.4.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (17f1a5f)

• chore: poetry(deps): bump attrs from 21.2.0 to 21.4.0 (#113)

Bumps attrs from 21.2.0 to 21.4.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: attrs dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (3c39ae5)

• chore: poetry(deps): bump typed-ast from 1.5.1 to 1.5.2 (#144)

Bumps typed-ast from 1.5.1 to 1.5.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: typed-ast dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ac5809e)

• chore: poetry(deps): bump packageurl-python from 0.9.6 to 0.9.9 (#177)

Bumps packageurl-python from 0.9.6 to 0.9.9.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4bfba14)

• chore: poetry(deps): bump virtualenv from 20.13.1 to 20.13.2 (#181)

Bumps virtualenv from 20.13.1 to 20.13.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (20e3368)

Feature

• feat: output errors are verbose

Signed-off-by: Jan Kowalleck <[email protected]> (bfe8fb1)

Fix

• fix: version being optional in JSON output can raise error

Signed-off-by: Paul Horton <[email protected]> (ba0c82f)

Style

• style: sorted all imports

Signed-off-by: Jan Kowalleck <[email protected]> (4780a84)

Unknown

• 2.1.0

Automatically generated by python-semantic-release (c58f8f8)

• Merge pull request #198 from CycloneDX/verbose_outout_errors

fix: improved output errors - file/directory is now included (4618c62)

• updated to be more pythonic

Signed-off-by: Paul Horton <[email protected]> (a1bbf00)

• doc: added CONTRIBUTING to public docs doc: included pre-commit hooks in CONTRIBUTING

Signed-off-by: Paul Horton <[email protected]> (f38215f)

• Merge pull request #182 from CycloneDX/sort-imports

style: sort imports (aa37e56)

v2.0.0 (2022-02-21)

Breaking

• feat: bump dependencies

BREAKING CHANGE: Adopt PEP-3102

BREAKING CHANGE: Optional Lists are now non-optional Sets

BREAKING CHANGE: Remove concept of DEFAULT schema version - replaced with LATEST schema version

BREAKING CHANGE: Added BomRef data type

Signed-off-by: Paul Horton <[email protected]> (da3f0ca)

Chore

• chore: poetry(deps): bump virtualenv from 20.13.0 to 20.13.1 (#167)

Bumps virtualenv from 20.13.0 to 20.13.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9e80258)

• chore: poetry(deps): bump types-toml from 0.10.3 to 0.10.4 (#166)

Bumps types-toml from 0.10.3 to 0.10.4.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-toml dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (02449f6)

• chore: bump dependencies

Signed-off-by: Paul Horton <[email protected]> (6c280e7)

Feature

• feat: completed work on #155 (#172)

fix: resolved #169 (part of #155) feat: as part of solving #155, #147 has been implemented

Signed-off-by: Paul Horton <[email protected]> (a926b34)

• feat: support complete model for bom.metadata (#162)

• feat: support complete model for bom.metadata fix: JSON comparison in unit tests was broken chore: corrected some source license headers

Signed-off-by: Paul Horton <[email protected]> (2938a6c)

• feat: support for bom.externalReferences in JSON and XML #124

Signed-off-by: Paul Horton <[email protected]> (1b733d7)

• feat: Complete support for bom.components (#155)

• fix: implemented correct __hash__ methods in models (#153)

Signed-off-by: Paul Horton <[email protected]> (32c0139)

• feat: support services in XML BOMs feat: support nested services in JSON and XML BOMs

Signed-off-by: Paul Horton <[email protected]> (9edf6c9)

Fix

• fix: license_url not serialised in XML output #179 (#180)

Signed-off-by: Paul Horton <[email protected]> (f014d7c)

• fix: Component.bom_ref is not Optional in our model implementation (in the schema it is) - we generate a UUID if bom_ref is not supplied explicitly

Signed-off-by: Paul Horton <[email protected]> (5c954d1)

• fix: temporary fix for __hash__ of Component with properties #153

Signed-off-by: Paul Horton <[email protected]> (a51766d)

• fix: further fix for #150

Signed-off-by: Paul Horton <[email protected]> (1f55f3e)

• fix: regression introduced by first fix for #150

Signed-off-by: Paul Horton <[email protected]> (c09e396)

• fix: Components with no version (optional since 1.4) produce invalid BOM output in XML #150

Signed-off-by: Paul Horton <[email protected]> (70d25c8)

• fix: expression not supported in Component Licsnes for version 1.0

Signed-off-by: Paul Horton <[email protected]> (15b081b)

Test

• test: refactor to work on PY < 3.10

Signed-off-by: Paul Horton <[email protected]> (0ce5de6)

• test: refactored fixtures for tests which has uncovered #150, #151 and #152

Signed-off-by: Paul Horton <[email protected]> (df43a9b)

Unknown

• 2.0.0

Automatically generated by python-semantic-release (a4af3dc)

• Merge pull request #148 from CycloneDX/feat/add-bom-services (631e400)

• Merge branch 'main' into feat/add-bom-services (9a32351)

• doc: added RTD badge to README

Signed-off-by: Paul Horton <[email protected]> (b20d9d1)

• implemented __str__ for BomRef

Signed-off-by: Paul Horton <[email protected]> (670bde4)

• Continuation of #170 - missed updating Vulnerability to use BomRef (#175)

• BREAKING CHANGE: added new model BomRef unlocking logic later to ensure uniquness and dependency references

Signed-off-by: Paul Horton <[email protected]>

• updated Vulnerability to also use new BomRef model

Signed-off-by: Paul Horton <[email protected]> (0d82c01)

• BREAKING CHANGE: added new model BomRef unlocking logic later to ensure uniquness and dependency references (#174)

Signed-off-by: Paul Horton <[email protected]> (d189f2c)

• BREAKING CHANGE: replaced concept of default schema version with latest supported #171 (#173)

Signed-off-by: Paul Horton <[email protected]> (020fcf0)

• BREAKING CHANGE: Updated default schema version to 1.4 from 1.3 (#164)

Signed-off-by: Paul Horton <[email protected]> (9b6ce4b)

• BREAKING CHANGE: update models to use Set rather than List (#160)

• BREAKING CHANGE: update models to use Set and Iterable rather than List[..] BREAKING CHANGE: update final models to use @property wip

Signed-off-by: Paul Horton <[email protected]> (142b8bf)

• removed unnecessary calls to hash() in __hash__() methods as pointed out by @jkowalleck

Signed-off-by: Paul Horton <[email protected]> (0f1fd6d)

• BREAKING CHANGE: adopted PEP-3102 for model classes (#158)

Signed-off-by: Paul Horton <[email protected]> (b3c8d9a)

• doc: added page to docs to call out which parts of the specification this library supports

Signed-off-by: Paul Horton <[email protected]> (41a4be0)

• attempt to resolve Lift finding

Signed-off-by: Paul Horton <[email protected]> (2090c08)

• removed unused imports

Signed-off-by: Paul Horton <[email protected]> (a35d540)

• WIP on bom.services

• WIP but a lil hand up for @madpah

Signed-off-by: Jeffry Hesse <[email protected]>

• chore: added missing license header

Signed-off-by: Paul Horton <[email protected]>

• No default values for required fields

• Add Services to BOM

• Typo fix

• aligned classes with standards, commented out Signature work for now, added first tests for Services

Signed-off-by: Paul Horton <[email protected]>

• addressed standards

Signed-off-by: Paul Horton <[email protected]>

• 1.2.0

Automatically generated by python-semantic-release

Signed-off-by: Paul Horton <[email protected]>

• feat: bom-ref for Component and Vulnerability default to a UUID (#142)

• feat: bom-ref for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141

Signed-off-by: Paul Horton <[email protected]>

• doc: updated documentation to reflect change

Signed-off-by: Paul Horton <[email protected]>

• patched other tests to support UUID for bom-ref

Signed-off-by: Paul Horton <[email protected]>

• better syntax

Signed-off-by: Paul Horton <[email protected]>

• 1.3.0

Automatically generated by python-semantic-release

Signed-off-by: Paul Horton <[email protected]>

• WIP but a lil hand up for @madpah

Signed-off-by: Jeffry Hesse <[email protected]> Signed-off-by: Paul Horton <[email protected]>

• chore: added missing license header

Signed-off-by: Paul Horton <[email protected]>

• aligned classes with standards, commented out Signature work for now, added first tests for Services

Signed-off-by: Paul Horton <[email protected]>

• removed signature from this branch

Signed-off-by: Paul Horton <[email protected]>

• Add Services to BOM

• Typo fix

• addressed standards

Signed-off-by: Paul Horton <[email protected]>

• resolved typing issues from merge

Signed-off-by: Paul Horton <[email protected]>

• added a bunch more tests for JSON output

Signed-off-by: Paul Horton <[email protected]>

Co-authored-by: Paul Horton <[email protected]> Co-authored-by: github-actions <[email protected]> (b45ff18)

v1.3.0 (2022-01-24)

Feature

• feat: bom-ref for Component and Vulnerability default to a UUID (#142)

• feat: bom-ref for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141

Signed-off-by: Paul Horton <[email protected]>

• doc: updated documentation to reflect change

Signed-off-by: Paul Horton <[email protected]>

• patched other tests to support UUID for bom-ref

Signed-off-by: Paul Horton <[email protected]>

• better syntax

Signed-off-by: Paul Horton <[email protected]> (3953bb6)

Unknown

• 1.3.0

Automatically generated by python-semantic-release (4178181)

v1.2.0 (2022-01-24)

Feature

• feat: add CPE to component (#138)

• Added CPE to component

Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component.

Signed-off-by: Jens Lucius <[email protected]>

• Fixing problems with CPE addition

• Fixed styling errors
• Added reference to CPE Spec
• Adding CPE parameter as last parameter to not break arguments

Signed-off-by: Jens Lucius <[email protected]>

• Again fixes for Style and CPE reference

Missing in the last commit

Signed-off-by: Jens Lucius <[email protected]>

• Added CPE as argument before deprecated arguments

Signed-off-by: Jens Lucius <[email protected]>

• Added testing for CPE addition and error fixing

• Added output tests for CPE in XML and JSON
• Fixes style error in components
• Fixes order for CPE output in XML (CPE has to come before PURL)

Signed-off-by: Jens Lucius <[email protected]>

• Fixed output tests

CPE was still in the wrong position in one of the tests - fixed

Signed-off-by: Jens Lucius <[email protected]>

• Fixed minor test fixtures issues

• cpe was still in wrong position in 1.2 JSON
• Indentation fixed in 1.4 JSON

Signed-off-by: Jens Lucius <[email protected]>

• Fixed missing comma in JSON 1.2 test file

Signed-off-by: Jens Lucius <[email protected]> (269ee15)

Unknown

• 1.2.0

Automatically generated by python-semantic-release (97c215c)

v1.1.1 (2022-01-19)

Fix

• fix: bump dependencies (#136)

Signed-off-by: Paul Horton <[email protected]> (18ec498)

Unknown

• 1.1.1

Automatically generated by python-semantic-release (dec63de)

v1.1.0 (2022-01-13)

Feature

• feat: add support for bom.metadata.component (#118)

• Add support for metadata component

Part of #6

Signed-off-by: Artem Smotrakov <[email protected]>

• Better docs and simpler ifs

Signed-off-by: Artem Smotrakov <[email protected]> (1ac31f4)

Unknown

• 1.1.0

Automatically generated by python-semantic-release (d4007bd)

v1.0.0 (2022-01-13)

Chore

• chore: attempt to produce manual GitHub action to release a RC version

Signed-off-by: Paul Horton <[email protected]> (3058afc)

• chore: attempt to produce manual GitHub action to release a RC version

Signed-off-by: Paul Horton <[email protected]> (6799e63)

• chore: disable poetry-cache in gh-workflow (#112)

closes #91

Signed-off-by: Jan Kowalleck <[email protected]> (42f7952)

• chore: removed pdoc3 from main dev dependencies as now covered in docs/requirements.txt

Signed-off-by: Paul Horton <[email protected]> (89d8382)

• chore: isolate dependencies for building documentation (#107)

Signed-off-by: Paul Horton <[email protected]> (f2403f6)

• chore: bump flake8 to v4 and add autopep8 (#93)

• chore: bump flake8 to v4 and add autopep8

Signed-off-by: Jan Kowalleck <[email protected]>

• chore: make pep8 known in the contrib docs

Signed-off-by: Jan Kowalleck <[email protected]> (6553dbf)

• chore: poetry(deps-dev): bump mypy from 0.910 to 0.920 (#103)

Bumps mypy from 0.910 to 0.920.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: mypy dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fdd20ca)

Unknown

• Manually generated release (3509fb6)

• Support for CycloneDX schema version 1.4 (#108)

BREAKING CHANGE: Support for CycloneDX 1.4. This includes:

• Support for tools having externalReferences
• Allowing version for a Component to be optional in 1.4
• Support for releaseNotes per Component
• Support for the core schema implementation of Vulnerabilities (VEX)

Other changes included in this PR:

• Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
• Fixes to ensure schema is adhered to in 1.0
• URI's are now used throughout the library through a new XsUri class to provide URI validation
• Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
• $schema is now included in JSON BOMs
• Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
• Added reference to release of this library on Anaconda

Signed-off-by: Paul Horton <[email protected]>

Signed-off-by: Jan Kowalleck <[email protected]>

Co-authored-by: Paul Horton <[email protected]>

Co-authored-by: Jan Kowalleck <[email protected]> (7fb6da9)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (d26970b)

• Update CONTRIBUTING.md (4448d9b)

v0.12.3 (2021-12-15)

Fix

• fix: removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98)

Signed-off-by: Paul Horton <[email protected]> (3677d9f)

Unknown

• 0.12.3

Automatically generated by python-semantic-release (cfc9d38)

v0.12.2 (2021-12-09)

Fix

• fix: tightened dependency packageurl-python (#95)

fixes #94

Signed-off-by: Jan Kowalleck <[email protected]> (eb4ae5c)

Unknown

• 0.12.2

Automatically generated by python-semantic-release (54b9f74)

v0.12.1 (2021-12-09)

Chore

• chore: reordered deps & updated poetry lock

Merge pull request #90 from CycloneDX/update-poetry-lock (d8c7ee2)

• chore: updated poetry lock

Signed-off-by: Jan Kowalleck <[email protected]> (91b97be)

Fix

• fix: further loosened dependency definitions

see #44

updated some locked dependencies to latest versions

Signed-off-by: Jan Kowalleck <[email protected]> (8bef6ec)

Unknown

• 0.12.1

Automatically generated by python-semantic-release (43fc36e)

v0.12.0 (2021-12-09)

Ci

• ci: update to run tox for both our favoured versions of dependencies and lowest supported versions

• add tox env for minimal required dependencies

Signed-off-by: Jan Kowalleck <[email protected]>

• try to fix TypedDict typing

Signed-off-by: Jan Kowalleck <[email protected]>

• fix: typing definitions to be PY 3.6 compatible

Signed-off-by: Paul Horton <[email protected]>

• fix: typing definitions to be PY 3.6 compatible

Signed-off-by: Paul Horton <[email protected]>

• straigtened up sys.version_info constraints/code-branches

Signed-off-by: Jan Kowalleck <[email protected]>

• removed unused type ignores

Signed-off-by: Jan Kowalleck <[email protected]>

• try to fix type variants

Signed-off-by: Jan Kowalleck <[email protected]>

• try to fix type variants

Signed-off-by: Jan Kowalleck <[email protected]>

• typing for py3.6

Signed-off-by: Paul Horton <[email protected]>

• fixed invalid unittest

Signed-off-by: Paul Horton <[email protected]>

• typing for py3.6

Signed-off-by: Jan Kowalleck <[email protected]>

• mypy silence warn_unused_ignores

Signed-off-by: Jan Kowalleck <[email protected]>

• mypy in tox for lowest version is pinned

Signed-off-by: Jan Kowalleck <[email protected]>

Co-authored-by: Paul Horton <[email protected]> (07ebedc)

Feature

• feat: loosed dependency versions to make this library more consumable

• feat: lowering minimum dependency versions

Signed-off-by: Paul Horton <[email protected]>

• feat: lowering minimum dependency versions

Signed-off-by: Paul Horton <[email protected]>

• feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library

Signed-off-by: Paul Horton <[email protected]>

• feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library

Signed-off-by: Paul Horton <[email protected]>

• feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement

Signed-off-by: Paul Horton <[email protected]> (55f10fb)

Unknown

• 0.12.0

Automatically generated by python-semantic-release (1a907ea)

• Merge pull request #88 from CycloneDX/contributing-file

initial CONTRIBUTING file (20035bb)

• initial CONTRIBUTING file

Signed-off-by: Jan Kowalleck <[email protected]> (6ffe14d)

• CHORE: poetry(deps): bump filelock from 3.3.2 to 3.4.0

poetry(deps): bump filelock from 3.3.2 to 3.4.0 (e144aa2)

• CHORE: poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4

poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 (5fcdcb7)

• poetry(deps): bump filelock from 3.3.2 to 3.4.0

Bumps filelock from 3.3.2 to 3.4.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: filelock dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (8d4520e)

• CHORE: poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29

poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 (fc6e3ac)

• poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4

Bumps types-setuptools from 57.4.2 to 57.4.4.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (00dcbb8)

• CHORE: poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2

poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 (28f9676)

• poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29

Bumps flake8-bugbear from 21.9.2 to 21.11.29.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (1eec2e8)

• CHORE: poetry(deps-dev): bump coverage from 6.1.2 to 6.2

poetry(deps-dev): bump coverage from 6.1.2 to 6.2 (bdd9365)

• CHORE: poetry(deps): bump mako from 1.1.5 to 1.1.6

poetry(deps): bump mako from 1.1.5 to 1.1.6 (33d3ecc)

• poetry(deps-dev): bump coverage from 6.1.2 to 6.2

Bumps coverage from 6.1.2 to 6.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (be1af9b)

• DOCS: fix README shields & links (43b1121)

• doc: readme maintenance - shields & links (#72)

• README: restructure links

Signed-off-by: Jan Kowalleck <[email protected]>

• README: add lan to fenced code blocks

Signed-off-by: Jan Kowalleck <[email protected]>

• README: fix some formatting

Signed-off-by: Jan Kowalleck <[email protected]>

• README: modernized shields

Signed-off-by: Jan Kowalleck <[email protected]>

• README: harmonize links

Signed-off-by: Jan Kowalleck <[email protected]>

• README: add language to code fences

Signed-off-by: Jan Kowalleck <[email protected]>

• README: markdown fixes

Signed-off-by: Jan Kowalleck <[email protected]>

• README: removed py version shield

Signed-off-by: Jan Kowalleck <[email protected]> (3d0ea2f)

• poetry(deps): bump mako from 1.1.5 to 1.1.6

Bumps mako from 1.1.5 to 1.1.6.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: mako dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (3344b86)

• Merge pull request #47 from CycloneDX/dependabot/pip/filelock-3.3.2

poetry(deps): bump filelock from 3.3.1 to 3.3.2 (3f967b3)

• FIX: update Conda package parsing to handle build containing underscore (#66)

• fix: update conda package parsing to handle build containing underscore

Signed-off-by: Paul Horton <[email protected]>

• updated some typings

Signed-off-by: Paul Horton <[email protected]> (2c6020a)

• poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2

Bumps importlib-metadata from 4.8.1 to 4.8.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (003f6b4)

• poetry(deps): bump filelock from 3.3.1 to 3.3.2

Bumps filelock from 3.3.1 to 3.3.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (55022b7)

• Merge pull request #45 from CycloneDX/dependabot/pip/importlib-resources-5.4.0

poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 (b8acf9f)

• Merge pull request #70 from CycloneDX/dependabot/pip/pyparsing-3.0.6

poetry(deps): bump pyparsing from 3.0.5 to 3.0.6 (faa8628)

• Merge pull request #69 from CycloneDX/dependabot/pip/coverage-6.1.2

poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2 (eba56dc)

• poetry(deps): bump pyparsing from 3.0.5 to 3.0.6

Bumps pyparsing from 3.0.5 to 3.0.6.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (4f2b2d8)

• poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2

Bumps coverage from 6.1.1 to 6.1.2.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <[email protected]> (1d0f5ea)

v0.11.1 (2021-11-10)

Fix

• fix: constructor for Vulnerability to correctly define ratings as optional

Signed-off-by: William Woodruff <[email protected]> (395a0ec)

Unknown

• 0.11.1

Automatically generated by python-semantic-release (a80f87a)

• FEAT: Support Python 3.10 (#64)

• fix: tested with Python 3.10

Signed-off-by: Paul Horton <[email protected]>

• added trove classifier for Python 3.10

Signed-off-by: Paul Horton <[email protected]>

• fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: python-poetry/poetry#4210)

Signed-off-by: Paul Horton <[email protected]> (385b835)

• poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0

Bumps importlib-resources from 5.3.0 to 5.4.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: importlib-resources dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (a1dd775)

v0.11.0 (2021-11-10)

Feature

• feat: Typing & PEP 561

• adde file for type checkers according to PEP 561

Signed-off-by: Jan Kowalleck <[email protected]>

• added static code analysis as a dev-test

Signed-off-by: Jan Kowalleck <[email protected]>

• added the "typed" trove

Signed-off-by: Jan Kowalleck <[email protected]>

• added flake8-annotations to the tests

Signed-off-by: Jan Kowalleck <[email protected]>

• added type hints

Signed-off-by: Jan Kowalleck <[email protected]>

• further typing updates

Signed-off-by: Paul Horton <[email protected]>

• further typing additions and test updates

Signed-off-by: Paul Horton <[email protected]>

• further typing

Signed-off-by: Paul Horton <[email protected]>

• further typing - added type stubs for toml and setuptools

Signed-off-by: Paul Horton <[email protected]>

• further typing

Signed-off-by: Paul Horton <[email protected]>

• typing work

Signed-off-by: Paul Horton <[email protected]>

• coding standards

Signed-off-by: Paul Horton <[email protected]>

• fixed tox and mypy running in correct python version

Signed-off-by: Jan Kowalleck <[email protected]>

• supressed mypy for cyclonedx.utils.conda.parse_conda_json_to_conda_package

Signed-off-by: Jan Kowalleck <[email protected]>

• fixed type hints

Signed-off-by: Jan Kowalleck <[email protected]>

• fixed some typing related flaws

Signed-off-by: Jan Kowalleck <[email protected]>

• added flake8-bugbear for code analysis

Signed-off-by: Jan Kowalleck <[email protected]>

Co-authored-by: Paul Horton <[email protected]> (9144765)

Unknown

• 0.11.0

Automatically generated by python-semantic-release (7262783)

• Merge pull request #41 from jkowalleck/improv-abstract

fixed some abstract definitions (f34e2c2)

• Merge pull request #42 from jkowalleck/improv-pipenv

slacked pipenv parser (08bc4ab)

• Merge pull request #43 from jkowalleck/improv-conda-typehints

fixed typehints/docs in _BaseCondaParser (931016d)

• Merge pull request #54 from jkowalleck/create-CODEOWNERS

created CODEOWNERS (7f28bef)

• Merge pull request #56 from CycloneDX/dependabot/pip/py-1.11.0

poetry(deps): bump py from 1.10.0 to 1.11.0 (f1cda3c)

• Merge pull request #58 from CycloneDX/dependabot/pip/pyparsing-3.0.5

poetry(deps): bump pyparsing from 2.4.7 to 3.0.5 (0525439)

• Merge pull request #19 from CycloneDX/dependabot/pip/zipp-3.6.0

poetry(deps): bump zipp from 3.5.0 to 3.6.0 (c54c968)

• poetry(deps): bump py from 1.10.0 to 1.11.0

Bumps py from 1.10.0 to 1.11.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: py dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (330711f)

• Merge pull request #57 from CycloneDX/dependabot/pip/coverage-6.1.1

poetry(deps-dev): bump coverage from 5.5 to 6.1.1 (fa55e5c)

• poetry(deps): bump pyparsing from 2.4.7 to 3.0.5

Bumps pyparsing from 2.4.7 to 3.0.5.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]> (3bedaff)

• Merge pull request #55 from CycloneDX/dependabot/pip/virtualenv-20.10.0

poetry(deps): bump virtualenv from 20.8.1 to 20.10.0 (4c3df85)

• CI/CT runs on main & master branch (2d0df7b)

• poetry(deps-dev): bump coverage from 5.5 to 6.1.1

Bumps coverage from 5.5 to 6.1.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] <[email protected]> (e322d74)

• poetry(deps): bump virtualenv from 20.8.1 to 20.10.0

Bumps virtualenv from 20.8.1 to 20.10.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (3927cdc)

• created CODEOWNERS

Signed-off-by: Jan Kowalleck <[email protected]> (e8e499c)

• fixed typehints/docs in _BaseCondaParser

Signed-off-by: Jan Kowalleck <[email protected]> (af6ddfd)

• slacked pipenv parser

Signed-off-by: Jan Kowalleck <[email protected]> (a3572ba)

• fixed some abstract definitions

Signed-off-by: Jan Kowalleck <[email protected]> (9e67998)

v0.10.2 (2021-10-21)

Fix

• fix: correct way to write utf-8 encoded files

Signed-off-by: Paul Horton <[email protected]> (49f9369)

Unknown

• 0.10.2

Automatically generated by python-semantic-release (79538e9)

v0.10.1 (2021-10-21)

Ci

• ci: disable git automatic line ending conversions

Signed-off-by: Paul Horton <[email protected]> (350c097)

• ci: update to run on OSX and Windows

Signed-off-by: Paul Horton <[email protected]> (6588c4c)

Fix

• fix: ensure output to file is UTF-8

Signed-off-by: Paul Horton <[email protected]> (a10da20)

• fix: ensure output to file is UTF-8

Signed-off-by: Paul Horton <[email protected]> (193bf64)

Unknown

• 0.10.1

Automatically generated by python-semantic-release (e6451a3)

• Merge pull request #40 from CycloneDX/fix/issue-39-windows-UnicodeEncodeError

FIX: Resolve file encoding issues on Windows (48329e0)

• remove memoryview from sha1 file hashing

Signed-off-by: Paul Horton <[email protected]> (a56be0f)

• added debug to CI to aid understanding of miss matching SHA1 hashes on Windows

Signed-off-by: Paul Horton <[email protected]> (10c6b51)

v0.10.0 (2021-10-20)

Feature

• feat: add support for Conda

Signed-off-by: Paul Horton <[email protected]> (bd29c78)

Unknown

• 0.10.0

Automatically generated by python-semantic-release (eea3598)

• Merge pull request #38 from CycloneDX/feat/conda-support

feat: add support for Conda (ee5d36d)

• add support pre Python 3.8

Signed-off-by: Paul Horton <[email protected]> (2d01116)

• doc: updated documentation with Conda support (and missed updates for externalReferences)

Signed-off-by: Paul Horton <[email protected]> (57e9dc7)

v0.9.1 (2021-10-19)

Fix

• fix: missing check for Classifiers in Environment Parser

Signed-off-by: Paul Horton <[email protected]> (b7fa38e)

Unknown

• 0.9.1

Automatically generated by python-semantic-release (f132c92)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (51a1e50)

v0.9.0 (2021-10-19)

Feature

• feat: add support for parsing package licenses when using the Environment Parsers

Signed-off-by: Paul Horton <[email protected]> (c414eaf)

Unknown

• 0.9.0

Automatically generated by python-semantic-release (ad65564)

• Merge pull request #36 from CycloneDX/feat/add-license-support

Add support for parsing package licenses from installed packages (d45f75b)

v0.8.3 (2021-10-14)

Fix

• fix: coding standards violations

Signed-off-by: Paul Horton <[email protected]> (00cd1ca)

• fix: handle Pipfile.lock dependencies without an index specified fix: multiple fixes in variable scoping to prevent accidental data sharing

Signed-off-by: Paul Horton <[email protected]> (26c62fb)

Unknown

• 0.8.3

Automatically generated by python-semantic-release (91f9a8b)

• Merge pull request #34 from CycloneDX/fix/issue-33-pipfile-lock-parse-failure

BUG: Fixe for Pipfile.lock parsing + accidental data sharing issues identified during testing (4079323)

v0.8.2 (2021-10-14)

Fix

• fix: add namespace and subpath support to Component to complete PackageURL Spec support

Signed-off-by: Paul Horton <[email protected]> (780adeb)

Unknown

• 0.8.2

Automatically generated by python-semantic-release (298318f)

• Merge pull request #32 from CycloneDX/feat/full-packageurl-support

Add namespace and subpath support to Component (bb3af91)

v0.8.1 (2021-10-12)

Fix

• fix: multiple hashes being created for an externalRefernce which is not as required

Signed-off-by: Paul Horton <[email protected]> (970d192)

Unknown

• 0.8.1

Automatically generated by python-semantic-release (70689a2)

v0.8.0 (2021-10-12)

Feature

• feat: add support for externalReferneces for Components and associated enhancements to parsers to obtain information where possible/known

Signed-off-by: Paul Horton <[email protected]> (a152852)

Unknown

• 0.8.0

Automatically generated by python-semantic-release (7a49f9d)

• Merge pull request #29 from CycloneDX/feat/component-external-references

FEATURE: Add support for externalReferences against Components (bdee0ea)

• doc: notable improvements to API documentation generation (added search, branding, a little styling)

Signed-off-by: Paul Horton <[email protected]> (e7a5b5a)

v0.7.0 (2021-10-11)

Feature

• feat: support for pipenv.lock file parsing

Signed-off-by: Paul Horton <[email protected]> (68a2dff)

Unknown

• 0.7.0

Automatically generated by python-semantic-release (827bd1c)

• Merge pull request #27 from CycloneDX/feat/add-pipenv-support

FEATURE: Add Pipfile.lock (pipenv) support (2c42e2a)

• doc: updated README.md to include Pipfile.lock parsing

Signed-off-by: Paul Horton <[email protected]> (2c66834)

v0.6.2 (2021-10-11)

Fix

• fix: added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances

Signed-off-by: Paul Horton <[email protected]> (e03a25c)

Unknown

• 0.6.2

Automatically generated by python-semantic-release (e68fbc2)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (2bf2711)

v0.6.1 (2021-10-11)

Ci

• ci: update to deploy to pypi.org upon PR merge

Signed-off-by: Paul Horton <[email protected]> (04e86b5)

Fix

• fix: better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance

Signed-off-by: Paul Horton <[email protected]> (5fee85f)

Unknown

• 0.6.1

Automatically generated by python-semantic-release (c530460)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (eb3a46b)

v0.6.0 (2021-10-11)

Feature

• feat: helper method for representing a File as a Component taking into account versioning for files as per https://github.com/CycloneDX/cyclonedx.org/issues/34

Signed-off-by: Paul Horton <[email protected]> (7e0fb3c)

• feat: support for non-PyPi Components - PackageURL type is now definable when creating a Component

Signed-off-by: Paul Horton <[email protected]> (fde79e0)

Unknown

• 0.6.0

Automatically generated by python-semantic-release (907cd2d)

• Merge pull request #25 from CycloneDX/feat/additions-to-enable-integration-into-checkov

Support for representing File as Component (63a86b0)

v0.5.0 (2021-10-11)

Build

• build: updated dependencies, moved pdoc3 to a dev dependency

Signed-off-by: Paul Horton <[email protected]> (6a9947d)

Feature

• feat: add support for tool(s) that generated the SBOM

Signed-off-by: Paul Horton <[email protected]> (7d1e6ef)

Fix

• fix: bumped a dependency version

Signed-off-by: Paul Horton <[email protected]> (efc1053)

Unknown

• 0.5.0

Automatically generated by python-semantic-release (a655d29)

• Merge pull request #20 from CycloneDX/feat/additional-metadata

feat: add support for tool(s) that generated the SBOM (b33cbf4)

• fix for Pytho< 3.8 support in tests

Signed-off-by: Paul Horton <[email protected]> (c9b6019)

• ensure support for Python < 3.8

Signed-off-by: Paul Horton <[email protected]> (53a82cf)

• ensure support for Python < 3.8

Signed-off-by: Paul Horton <[email protected]> (2a9e56a)

• doc: added documentation

Signed-off-by: Paul Horton <[email protected]> (cf13c68)

• poetry(deps): bump zipp from 3.5.0 to 3.6.0

Bumps zipp from 3.5.0 to 3.6.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: zipp dependency-type: indirect update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <[email protected]> (30f2547)

• doc: bumped gh-action for publishing docs

Signed-off-by: Paul Horton <[email protected]> (ac70eee)

• doc: added documentation to model/bom

Signed-off-by: Paul Horton <[email protected]> (fe98ada)

• doc: formatting

Signed-off-by: Paul Horton <[email protected]> (1ad7fb1)

• doc: added missing docstrings to allow documentation to generate

Signed-off-by: Paul Horton <[email protected]> (ed743d9)

• Merge pull request #10 from coderpatros/docs

Add initial doc generation and publishing (7873ad9)

v0.4.1 (2021-09-27)

Build

• build: dependencies updated

Signed-off-by: Paul Horton <[email protected]> (0411826)

Fix

• fix: improved handling for requirements.txt content without pinned or declared versions

Signed-off-by: Paul Horton <[email protected]> (7f318cb)

Test

• test: additional tests around issue #8 which confirm level of support currently

Signed-off-by: Paul Horton <[email protected]> (bc54bed)

• test: additional tests added to validate comments in requirements.txt and that hashes within requirements.txt are not currently supported

Signed-off-by: Paul Horton <[email protected]> (3a27d54)

Unknown

• 0.4.1

Automatically generated by python-semantic-release (d5b7a2f)

• Merge pull request #15 from CycloneDX/fix/issue-14-requirements-unpinned-versions

fix: improved handling for requirements.txt content without pinned … (f248015)

• Add initial doc generation and publishing

Signed-off-by: Patrick Dwyer <[email protected]> (cd1b558)

v0.4.0 (2021-09-16)

Feature

• feat: support for localising vectors (i.e. stripping out any scheme prefix)

Signed-off-by: Paul Horton <[email protected]> (b9e9e17)

• feat: helper methods for deriving Severity and SourceType

Signed-off-by: Paul Horton <[email protected]> (6a86ec2)

Fix

• fix: removed print call

Signed-off-by: Paul Horton <[email protected]> (8806553)

• fix: relaxed typing of parameter to be compatible with Python < 3.9

Signed-off-by: Paul Horton <[email protected]> (f9c7990)

• fix: removed print call

Signed-off-by: Paul Horton <[email protected]> (d272d2e)

• fix: remove unused commented out code

Signed-off-by: Paul Horton <[email protected]> (ba4f285)

Unknown

• 0.4.0

Automatically generated by python-semantic-release (f441413)

v0.3.0 (2021-09-15)

Feature

• feat: adding support for extension schema that descriptions vulnerability disclosures

Signed-off-by: Paul Horton <[email protected]> (d496695)

Refactor

• refactor: moved Vulnerabilities to be nested inside the Component

Signed-off-by: Paul Horton <[email protected]> (8b4034d)

Test

• test: added test to confirm no Vulnerabilities are output for Schema Version 1.0 (not supported by schema)

Signed-off-by: Paul Horton <[email protected]> (d5aabcf)

Unknown

• 0.3.0

Automatically generated by python-semantic-release (a5c3dab)

• Merge pull request #5 from CycloneDX/feat/support-schema-extension-vulnerability-1.0

FEATURE: add support for Vulnerability Disclosures (6914272)

• doc: updated README to explain support for Vulnerability Disclosures

Signed-off-by: Paul Horton <[email protected]> (f477bf0)

v0.2.0 (2021-09-14)

Feature

• feat: added helper method to return a PackageURL object representing a Component

Signed-off-by: Paul Horton <[email protected]> (367bef1)

Fix

• fix: whitespace on empty line removed

Signed-off-by: Paul Horton <[email protected]> (cfc952e)

Unknown

• 0.2.0

Automatically generated by python-semantic-release (866eda7)

• Merge pull request #4 from CycloneDX/feat/component-as-packageurl

fix: whitespace on empty line removed (ddc37f3)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (6142d2e)

v0.1.0 (2021-09-13)

Feature

• feat: add poetry support

Signed-off-by: Paul Horton <[email protected]> (f3ac42f)

Unknown

• 0.1.0

Automatically generated by python-semantic-release (0da668f)

• Merge pull request #3 from CycloneDX/feat/poetry-lock-support

FEATURE: Adde poetry.lock parser support (37ba7c6)

• feat(parser) - added support for parsing dependencies from poetry.lock files.

Signed-off-by: Paul Horton <[email protected]> (15bc553)

• fix(parser) parsers were able to share state unexpectedly

Signed-off-by: Paul Horton <[email protected]> (dc59914)

v0.0.11 (2021-09-10)

Fix

• fix(test): test was not updated for revised author statement

Signed-off-by: Paul Horton <[email protected]> (d1c9d37)

• fix(build): test failure and dependency missing

Fixed failing tests due to dependency on now removed VERSION file Added flake8 officially as a DEV dependency to poetry

Signed-off-by: Paul Horton <[email protected]> (9a2cfe9)

• fix(build): removed artefacts associtated with non-poetry build

Tidied up project to remove items associated with non-Poetry build process. Also aligned a few references in README to new home of this project under CycloneDX.

Signed-off-by: Paul Horton <[email protected]> (f9119d4)

Unknown

• 0.0.11

Automatically generated by python-semantic-release (1c0aa71)

• Merge pull request #2 from CycloneDX/fix/tidy-up-build-remove-pip

fix(build): removed artefacts associated with non-poetry build (b7de7b3)

v0.0.10 (2021-09-08)

Fix

• fix: add in pypi badge (6098c36)

Unknown

• 0.0.10

Automatically generated by python-semantic-release (245d809)

v0.0.9 (2021-09-08)

Fix

• fix: additional info to poetry, remove circleci (2fcfa5a)

Unknown

• 0.0.9

Automatically generated by python-semantic-release (e4a90cf)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (69aaba5)

v0.0.8 (2021-09-08)

Fix

• fix: initial release to pypi, tell poetry to include cyclonedx package (a030177)

Unknown

• 0.0.8

Automatically generated by python-semantic-release (fc3f24c)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (da2d18c)

v0.0.7 (2021-09-08)

Fix

• fix: release with full name (4c620ed)

Unknown

• 0.0.7

Automatically generated by python-semantic-release (19943e8)

v0.0.6 (2021-09-08)

Fix

• fix: initial release to pypi (99687db)

Unknown

• 0.0.6

Automatically generated by python-semantic-release (98ad249)

• Switch to using action (cce468a)

v0.0.5 (2021-09-08)

Unknown

• 0.0.5

Automatically generated by python-semantic-release (9bf4b9a)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (eeec0bb)

• Try this on for size (aa93310)

v0.0.4 (2021-09-08)

Unknown

• 0.0.4

Automatically generated by python-semantic-release (b16d6c5)

• Use python3 to install (4c810e1)

v0.0.3 (2021-09-08)

Unknown

• 0.0.3

Automatically generated by python-semantic-release (05306ee)

• Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (f1d120c)

• Bump up version of poetry (89db268)

v0.0.2 (2021-09-08)

Unknown

• 0.0.2

Automatically generated by python-semantic-release (e15dec6)

• Remove check for push (71b1270)

• Manual deploy workflow (9b4ac33)

• License headers, OWASP etc... (559b8d2)

• Fixed unit tests pinned to a VERISON. (5d907d5)

• Bump to version 0.0.2 (1050839)

• Implemented writing SBOM to a file. (74f4153)

• Updated badge in README to include Python 3.6+ support. (0a5903c)

• Removed print() statement accidentally left in. (22965a7)

• Merge pull request #1 from sonatype-nexus-community/features/initial-port-of-v1.1-generation-from-jake

Initial port of library code to new library (2f2634b)

• Added license headers to all source files. Added classifiers for Python version to setup.py. (bb6bb24)

• Renamed model file to not reference CycloneDX as the models are agnostic on purpose. (03d03ed)

• Forgot to add updated poetry.lock file relfecting Python 3.6+ support (5d3d491)

• Updated project to state support from Python v3.6+ (619ee1d)

• Adding Python 3.6 support for test & CI. (daa12ba)

• Fixing CircleCI config. (a446f4c)

• Fixes to GitHub actions. (d2aa277)

• Disabled Py3.6 checks and added flake8. (8c01da3)

• Attempt to fix CI's for multiple Python environments. (affb6b2)

• Added support for Python versions 3.7+ (ae24ba9)

• Added missing ENV var for GH actions. (c750ec6)

• Missed wrapping a coverage command with poetry. (3c74c82)

• Added poetry virtualenv caching + wrapped tox and coverage with poetry to ensure they run in the poetry venv. (780e3df)

• Fixed typo in Github action. (3953675)

• Correction: Supported Python version in setup.py (2f4917b)

• Updated poetry dependencies and configuration. (75041e5)

• Initial draft GitHub actions being added. (e2403e8)

• Added Poetry supprot. (e9a67f8)

• Addressing issues reported by flake8. (3ad394c)

• Refactored output classes to use multiple inheritance allowing a single place to define which schema version support various attributes and elements. (95c5b38)

• Updated README to reflect support for author. (bff5954)

• Skeleton support for 'author' + v1.1 and v1.0 for JSON added (along with tests). (e987f35)

• Corrected typo in README (0d2c355)

• Updated README to include a summary of the support this library provides across the different schema versions. (34f421f)

• Initial support for V1.0 and V1.1 in XML output format. (37f6b00)

• Added 'serialNumber' to SBOMs (JSON and XML). (50e3c75)

• Added a bunch more content to the README to explain how the library can be used. (bb41dc6)

• Added metadata initial support to JSON output format. (8c5590f)

• Addition of simple 'metadata' element for XML SBOM's. (f9e9773)

• Added initial JSON outputter and associated tests. (3e1f5ec)

• Fix to generate HTML coverage reports and stash in CircleCI builds. (dd88603)

• Added HTML coverage report. (ce700e5)

• Missed coverage as a dependency for testing. (01643d6)

• Added coverage reporting for tests (c34b1a6)

• Added first tests for XML SBOM generation (v1.3 and v1.2). (cb4337a)

• WIP: Starting to generate XML output for BOMs (35bdfca)

• Updated CircleCI config to run tox. Fixed fomratting in tests. (9a56230)

• Rebasing from main. (822ab8b)

• Initial skeleton tests for output genereation. (a614f3e)

• pretty badge (60e975c)

• initial CI for discussion (7e88cd5)

• Added a little more information to the README. (460c624)

• Fixed issue reported by Flake8. Ensuring tests run on PY 3.9. (cce130f)

• Basic structure without any output generation available (very basic Component definition). (6ac5dc2)

• Added tox config with flake8 and py3.9 support. (1def201)

• Initially added skeleton packaging structure and official CycloneDX schemas. (ac519c9)

• Added inital blank README prior to branching for initial work. (b175f6a)

• Added inital blank README prior to branching for initial work. (e8b5d48)

• Initial commit (62353b0)