v6.3.0

v6.3.0 (2024-01-06)

Chore

• chore(deps-dev): update flake8 requirement from 6.1.0 to 7.0.0 (#528)

Updates the requirements on flake8 to permit the latest version.

• Commits

---

updated-dependencies:

• dependency-name: flake8
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (6b7ed78)

• chore(deps-dev): update ddt requirement from 1.7.0 to 1.7.1 (#527)

Updates the requirements on ddt to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: ddt
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9a58e7e)

Documentation

• docs: add Documentation url to project meta

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1080b73)

• docs: add Documentation url to project meta

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c4288b3)

Feature

• feat: enable dependency py-serializable 0.17 (#529)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f24220)

---

What's Changed

• chore(deps-dev): update ddt requirement from 1.7.0 to 1.7.1 by @dependabot in #527
• chore(deps-dev): update flake8 requirement from 6.1.0 to 7.0.0 by @dependabot in #528
• feat: enable dependency py-serializable 0.17 by @jkowalleck in #529

Full Changelog: v6.2.0...v6.3.0

v6.2.0

v6.2.0 (2023-12-31)

Build

• build: allow additional major-version RC branch patterns

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f8af156)

Chore

• chore(deps-dev): update coverage requirement from 7.3.3 to 7.4.0 (#524)

Updates the requirements on coverage to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9bcc223)

• chore(deps-dev): update mypy requirement from 1.7.1 to 1.8.0 (#521)

Updates the requirements on mypy to permit the latest version.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: mypy
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (720046e)

Documentation

• docs: fix typo

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2563996)

• docs: update intro and description

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f0bd05d)

• docs: buld docs on ubuntu22.04 python311

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b3e9ab7)

Feature

• feat: allow lxml requirement in range of >=4,<6 (#523)

Updates the requirements on lxml to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: lxml
  dependency-type: direct:production
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7d12b9a)

Unknown

• docs

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7dcd166)

---

What's Changed

• chore(deps-dev): update mypy requirement from 1.7.1 to 1.8.0 by @dependabot in #521
• chore(deps-dev): update coverage requirement from 7.3.3 to 7.4.0 by @dependabot in #524
• chore(deps): update lxml requirement from ^4 to >=4,<6 by @dependabot in #523

Full Changelog: v6.1.0...v6.2.0

v6.1.0

v6.1.0 (2023-12-22)

Chore

• chore: update maintainers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (87c72d7)

• chore(deps): bump python-semantic-release/python-semantic-release (#515)

Bumps python-semantic-release/python-semantic-release from 8.5.0 to 8.5.1.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0f56ec4)

• chore(deps-dev): update coverage requirement from 7.3.2 to 7.3.3 (#517)

Updates the requirements on coverage to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a57e2f6)

• chore(deps-dev): update isort requirement from 5.13.0 to 5.13.2 (#516)

Updates the requirements on isort to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: isort
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (84874a3)

Feature

• feat: add function to map python hashlib algorithms to CycloneDX (#519)

new API: model.HashType.from_hashlib_alg()

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (81f8cf5)

---

What's Changed

• chore(deps-dev): update isort requirement from 5.13.0 to 5.13.2 by @dependabot in #516
• chore(deps-dev): update coverage requirement from 7.3.2 to 7.3.3 by @dependabot in #517
• chore(deps): bump python-semantic-release/python-semantic-release from 8.5.0 to 8.5.1 by @dependabot in #515
• feat: add function to map python hashlib algorithms to CycloneDX by @jkowalleck in #519

Full Changelog: v6.0.0...v6.1.0

v6.0.0

v6.0.0 (2023-12-10)

Breaking

• feat!: v6.0.0 (#492)

Breaking Changes

• Removed symbols that were already marked as deprecated (via #493)
• Removed symbols in parser.* (#489 via #495)
• Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
• Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
  Handling might raise warnings if a data loss occurred due to omitting.
  The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered.
• Serialization of any model.component.Component with unsupported type raises exception.serialization.SerializationOfUnsupportedComponentTypeException (#490 via #496)
• Object model.bom_ref.BomRef's property value defaults to Null, was arbitrary UUID (#504 via #505)
  This change does not affect serialization. All bom-refs are guaranteed to have unique values on rendering.
• Removed helpers from public API (#503 via #506)

Added

• Basic support for CycloneDX 1.5 (#404 via #488) -- Thanks to @Churro
  • No data models were enhanced nor added, yet.
    Pull requests to add functionality are welcome.
  • Existing enumerable got new cases, to reflect features of CycloneDX 1.5 (#404 via #488)
  • Outputters were enabled to render CycloneDX 1.5 (#404 via #488)

Tests

• Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
• Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)

Misc

• Bumped dependency py-serializable@^0.16, was @^0.15 (via #496)

---

API Changes — the details for migration

• Added new sub-package exception.serialization (via #496)
• Removed class models.ComparableTuple (#503 via #506)
• Enum model.ExternalReferenceType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Removed function models.get_now_utc (#503 via #506)
• Removed function models.sha1sum (#503 via #506)
• Enum model.component.ComponentType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Removed model.component.Component.__init__()'s deprecated optional kwarg namespace (via #493)
  Use kwarg group instead.
• Removed model.component.Component.__init__()'s deprecated optional kwarg license_str (via #493)
  Use kwarg licenses instead.
• Removed deprecated method model.component.Component.get_namespace() (via #493)
• Removed class models.dependency.DependencyDependencies (#503 via #506)
• Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg source_name (via #493)
  Use kwarg source instead.
• Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg source_url (via #493)
  Use kwarg source instead.
• Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg recommendations (via #493)
  Use kwarg recommendation instead.
• Removed model.vulnerability.VulnerabilityRating.__init__()'s deprecated optional kwarg score_base (via #493)
  Use kwarg score instead.
• Enum model.vulnerability.VulnerabilityScoreSource got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
• Removed deprecated function output.get_instance() (via #493)
  Use function output.make_outputter() instead.
• Added new class output.json.JsonV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
• Added new item to dict output.json.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
• Added new class output.xml.XmlV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
• Added new item to dict output.xml.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
• Removed class parser.ParserWarning (#489 via #495)
• Removed class parser.BaseParser (#489 via #495)
• Enum schema.SchemaVersion got new case V1_5, to reflect CycloneDX 1.5 (#404 via #488)

---

Signed-off-by: Johannes Feichtner <johannes@web-wack.at>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com>
Co-authored-by: semantic-release <semantic-release> (74865f8)

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#509)

Bumps python-semantic-release/python-semantic-release from 8.0.8 to 8.5.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9ed9ab1)

• chore(deps-dev): update isort requirement from 5.12.0 to 5.13.0 (#512)

Updates the requirements on isort to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: isort
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0eba631)

• chore(deps-dev): update bandit requirement from 1.7.5 to 1.7.6 (#510)

Updates the requirements on bandit to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: bandit
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (153b07a)

• chore(deps): bump actions/setup-python from 4 to 5 (#508)

Bumps actions/setup-python from 4 to 5.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4e3e0e0)

• chore(deps): update sphinx-rtd-theme requirement (#499)

Updates the requirements on sphinx-rtd-theme to permit the latest version.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: sphinx-rtd-theme
  dependency-type: direct:production
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5d6dd41)

• chore(deps-dev): update flake8-bugbear requirement (#500)

Updates the requirements on flake8-bugbear to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by:...

v6.0.0-rc.3

What's Changed since v6.0.0-rc.2

Build process was modernized

see the details here: #492

v6.0.0-rc.3 Changelog: v6.0.0-rc.2...v6.0.0-rc.3

---

Full change list

see #492

Full Changelog: v5.2.0...v6.0.0-rc.3

v6.0.0-rc.2

What's Changed since v6.0.0-rc.1

Breaking Changes

• Object model.bom_ref.BomRef's property value defaults to Null, was arbitrary UUID (#504 via #505)
  This change does not affect serialization. All bom-refs are guaranteed to have unique values on rendering.
• Removed helpers from public API (#503 via #506)

see the details here: #492

v6.0.0-rc.2 Changelog: v6.0.0-rc.1...v6.0.0-rc.2

---

Full change list

see #492

Full Changelog: v5.2.0...v6.0.0-rc.2

v5.2.0

v5.2.0 (2023-12-02)

Chore

• chore(deps-dev): update mypy requirement from 1.7.0 to 1.7.1 (#487)

Updates the requirements on mypy to permit the latest version.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: mypy
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (78957e6)

• chore(deps-dev): update mypy requirement from 1.6.1 to 1.7.0 (#484)

Updates the requirements on mypy to permit the latest version.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: mypy
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c716ba3)

• chore(deps-dev): update ddt requirement from 1.6.0 to 1.7.0 (#483)

Updates the requirements on ddt to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: ddt
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8a1f7b9)

• chore: mograte dev-dependencies to new poetry layout (#482)

see https://python-poetry.org/docs/managing-dependencies/#dependency-groups

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a85585c)

• chore(deps-dev): update flake8-isort requirement from 6.1.0 to 6.1.1 (#481)

Updates the requirements on flake8-isort to permit the latest version.

• Changelog
• Commits

---

updated-dependencies:

• dependency-name: flake8-isort
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (fc74ddd)

Documentation

• docs: keywaords & funding (#486)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3189e59)

Feature

• feat: model.XsUri migrate control characters according to spec (#498)

fixes #497

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e490429)

v6.0.0-rc.1

Breaking Changes

• Removed symbols that were already marked as deprecated (via #493)
• Removed symbols in parser.* (#489 via #495)
• Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
• Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
  Handling might raise warnings if a data loss occurred due to omitting.
  The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered.
• Serialization of any model.component.Component with unsupported type raises exception.serialization.SerializationOfUnsupportedComponentTypeException (#490 via #496)

Added

• Basic support for CycloneDX 1.5 (#404 via #488)
  • No data models were enhanced nor added, yet.
    Pull requests to add functionality are welcome.
  • Existing enumerable got new cases, to reflect features of CycloneDX 1.5 (#404 via #488)
  • Outputters were enabled to render CycloneDX 1.5 (#404 via #488)

Tests

• Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
• Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)

Misc

• Bumped dependency py-serializable@^0.16, was @^0.15 (via #496)

---

API Changes — the details for migration

• Added new sub-package exception.serialization (via #496)
• Enum model.ExternalReferenceType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Enum model.component.ComponentType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Removed model.component.Component.__init__()'s optional kwarg namespace (via #493)
  Use kwarg group instead.
• Removed model.component.Component.__init__()'s optional kwarg license_str (via #493)
  Use kwarg licenses instead.
• Removed method model.component.Component.get_namespace() (via #493)
• Removed model.vulnerability.Vulnerability.__init__()'s optional kwarg source_name (via #493)
  Use kwarg source instead.
• Removed model.vulnerability.Vulnerability.__init__()'s optional kwarg source_url (via #493)
  Use kwarg source instead.
• Removed model.vulnerability.Vulnerability.__init__()'s optional kwarg recommendations (via #493)
  Use kwarg recommendation instead.
• Removed model.vulnerability.VulnerabilityRating.__init__()'s optional kwarg score_base (via #493)
  Use kwarg score instead.
• Enum model.vulnerability.VulnerabilityScoreSource got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
• Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
• Removed deprecated function output.get_instance() (via #493)
  Use function output.make_outputter() instead.
• Added new class output.json.JsonV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
• Added new item to dict output.json.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
• Added new class output.xml.XmlV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
• Added new item to dict output.xml.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
• Removed class parser.ParserWarning (#489 via #495)
• Removed class parser.BaseParser (#489 via #495)
• Enum schema.SchemaVersion got new case V1_5, to reflect CycloneDX 1.5 (#404 via #488)

---

What's Changed

• chore(deps-dev): update flake8-isort requirement from 6.1.0 to 6.1.1 by @dependabot in #481
• chore: mograte dev-dependencies to new poetry layout by @jkowalleck in #482
• chore(deps-dev): update ddt requirement from 1.6.0 to 1.7.0 by @dependabot in #483
• chore(deps-dev): update mypy requirement from 1.6.1 to 1.7.0 by @dependabot in #484
• docs: keywords & funding by @jkowalleck in #486
• chore(deps-dev): update mypy requirement from 1.7.0 to 1.7.1 by @dependabot in #487
• feat: add basic support for CDX 1.5 by @Churro and @jkowalleck in #488
• Remove deprecated 6.0.0 by @jkowalleck in #493
• bc: remove const output.LATEST_SUPPORTED_SCHEMA_VERSION by @jkowalleck in #494
• bc: remove parser API by @jkowalleck in #495
• Feat: prevent unknwon enums from rendering by @jkowalleck in #496

Full Changelog: v5.1.1...v6.0.0-rc.1

v5.1.1

v5.1.1 (2023-11-02)

Fix

• fix: update own externalReferences (#480)

---

What's Changed

• fix: update own externalReferences by @jkowalleck in #480

Full Changelog: v5.1.0...v5.1.1

v5.1.0

Documentation

• docs: advance license docs (f61a730)

Feature

• feat: guarantee unique BomRefs in serialization result (#479) (a648775)
  Incorporate output.BomRefDiscriminator on serialization

---

What's Changed

• feat: guarantee unique BomRefs in serialization result by @jkowalleck in #479

Full Changelog: v5.0.1...v5.1.0