v5.0.0

v5.0.0 (2024-10-15)

Breaking

• feat!: v5.0.0 (#797)

BREAKING Changes

• Emitted metadata tool name is cyclonedx-py, was cyclonedx-bom.
• Emitted metadata tools are up to non-deprecated CycloneDX specification.
• No longer emit deprecated or undocumented properties in namespace cdx:poetry (see previous release 4.6.0 for official replacements).
  • cdx:poetry:source:package:reference
  • cdx:poetry:package:source:resolved_reference
  • cdx:poetry:package:source:vcs:requested_revision
  • cdx:poetry:package:source:vcs:commit_id

The mentioned changes are considered "breaking" for processes that relied on the respective data structures.
Migration paths are self-explanatory.

Dependencies

• Requires cyclonedx-python-lib>=8.0.0,<9 now, was >=7.3.0,<8.0.0,!=7.3.1.

Documentation

• docs(chaneglog): omit chore/ci/refactor/style/test/build (#813)

---

What's Changed

• chore(deps-dev): Update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #808
• docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #813
• feat!: v5.0.0 by @jkowalleck in #797

Full Changelog: v4.6.1...v5.0.0

v4.6.1

v4.6.1 (2024-09-30)

Chore

• chore: trusted publishing (#795)

fixes #794

---

Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <[email protected]>
Co-authored-by: semantic-release <[email protected]> (721f12d)

Documentation

• docs: contrib and setup hint

Signed-off-by: Jan Kowalleck <[email protected]> (2ae46ff)

Fix

• fix: help page for sub command "environment" on windows (#805)

fixes #804

---

Signed-off-by: Steve (Gadget) Barnes <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> (9e8a5d7)

Unknown

• tests: consolidate cli runner (#806)

Signed-off-by: Jan Kowalleck <[email protected]> (c7b5b1a)

---

What's Changed

• chore(deps-dev): Update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #793
• chore: trusted publishing by @jkowalleck in #795
• chore(deps-dev): Update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #803
• tests: consolidate cli runner by @jkowalleck in #806
• fix: help page for sub command "environment" on windows by @GadgetSteve in #805

New Contributors

• @GadgetSteve made their first contribution in #805

Full Changelog: v4.6.0...v4.6.1

v4.6.1-alpha.1

v4.6.1-alpha.1 (2024-09-23)

Chore

• chore: trusted publishing

Signed-off-by: Jan Kowalleck <[email protected]> (07b5e83)

v4.6.0

v4.6.0 (2024-09-20)

Documentation

• docs: reformat help page in usage docs (#788)

Signed-off-by: Jan Kowalleck <[email protected]> (a1354e5)

Feature

• feat: populate properties cdx:python:package:source:vcs:... (#790)

populate the newly added/fixed CycloneDX properties
cdx:python:package:source:vcs:... in accordance with
<CycloneDX/cyclonedx-property-taxonomy#96> and
<CycloneDX/cyclonedx-property-taxonomy#98>.

the deprecated properties are still used, so no breaking changes exist.

fixes #789

---

Signed-off-by: Jan Kowalleck <[email protected]> (b08e1bb)

---

What's Changed

• docs: reformat help page in usage docs by @jkowalleck in #788
• chore(deps): Update sphinx requirement from <8,>=7.2.6 to >=7.2.6,<9 by @dependabot in #772
• feat: populate properties cdx:python:package:source:vcs:... by @jkowalleck in #790

Full Changelog: v4.5.1...v4.6.0

v4.5.1

v4.5.1 (2024-09-18)

Documentation

• docs: fix typo

Signed-off-by: Jan Kowalleck <[email protected]> (9f9fa9e)

Fix

• fix: assert copyright headers (#787)

utilizes flake8 plugin
<https://pypi.org/project/flake8-copyright-validator/> to assert the
correct headers

Signed-off-by: Jan Kowalleck <[email protected]> (dddcb5d)

---

What's Changed

• chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9 by @dependabot in #756
• chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0 by @dependabot in #758
• chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1 by @dependabot in #759
• chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4 by @dependabot in #760
• chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1 by @dependabot in #761
• chore(deps-dev): Update tox requirement from 4.15.1 to 4.16.0 by @dependabot in #763
• chore(deps-dev): Update coverage requirement from 7.5.4 to 7.6.0 by @dependabot in #765
• chore(deps-dev): Update mypy requirement from 1.10.1 to 1.11.0 by @dependabot in #767
• chore(deps-dev): Update mypy requirement from 1.11.0 to 1.11.1 by @dependabot in #771
• chore(deps-dev): Update flake8 requirement from 7.1.0 to 7.1.1 by @dependabot in #774
• chore(deps-dev): Update coverage requirement from 7.6.0 to 7.6.1 by @dependabot in #775
• chore(deps-dev): Update tox requirement from 4.16.0 to 4.18.0 by @dependabot in #779
• chore(deps-dev): Update flake8-bugbear requirement from 24.4.26 to 24.8.19 by @dependabot in #781
• chore(deps-dev): Update mypy requirement from 1.11.1 to 1.11.2 by @dependabot in #783
• chore(deps-dev): Update tox requirement from 4.18.0 to 4.18.1 by @dependabot in #786
• fix: assert copyright headers by @jkowalleck in #787

Full Changelog: v4.5.0...v4.5.1

v4.5.0

v4.5.0 (2024-06-10)

Chore

• chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <[email protected]> (1a1ad60)

Ci

• ci: modernize artifact action (#737)

supersedes #625
supersedes #624

---

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (1222201)

Documentation

• docs: exclude dep bumps from changelog (#750)

Signed-off-by: Jan Kowalleck <[email protected]> (3d02d6a)

• docs: OSSF best practice badge percentage

Signed-off-by: Jan Kowalleck <[email protected]> (5717803)

Feature

• feat: environment - gather declared license information according to PEP639 (#755)

From python environments, gather additional declared license information
according to PEP 639 (improving
license clarity with better package metadata).

New CLI switches for cyclonedx environment:

• --PEP-639: Enable license gathering according to PEP 639 (improving
  license clarity with better package metadata).
  The behavior may change during the draft development of the PEP.
• --gather-license-texts: Enable license text gathering.

In current state of implementation, --gather-license-texts has effect
only if --PEP-639 is also given.

---

Signed-off-by: Jan Kowalleck <[email protected]> (e9cc805)

Refactor

• refactor: const for purl type pypi (#754)

Signed-off-by: Jan Kowalleck <[email protected]> (cba521e)

• refactor: extred -> extref (#753)

Signed-off-by: Jan Kowalleck <[email protected]> (a178d2e)

Unknown

• Create config.yml

Signed-off-by: Jan Kowalleck <[email protected]> (f13311b)

• Rename feature_request.md to 1-feature_request.md

Signed-off-by: Jan Kowalleck <[email protected]> (c4b15d8)

• Rename bug_report.md to 2-bug_report.md

Signed-off-by: Jan Kowalleck <[email protected]> (58199a5)

---

What's Changed

• chore(deps-dev): Update mypy requirement from 1.9.0 to 1.10.0 by @dependabot in #731
• chore(deps-dev): Update coverage requirement from 7.4.4 to 7.5.0 by @dependabot in #732
• chore(deps-dev): Update flake8-bugbear requirement from 24.2.6 to 24.4.26 by @dependabot in #733
• chore(deps-dev): Update tox requirement from 4.14.2 to 4.15.0 by @dependabot in #734
• ci: modernize artifact action by @jkowalleck in #737
• chore(deps-dev): Update coverage requirement from 7.5.0 to 7.5.1 by @dependabot in #739
• chore(deps-dev): Update flake8-annotations requirement from 3.0.1 to 3.1.0 by @dependabot in #740
• chore(deps-dev): Update flake8-annotations requirement from 3.1.0 to 3.1.1 by @dependabot in #743
• chore(deps-dev): Update pep8-naming requirement from 0.13.3 to 0.14.1 by @dependabot in #744
• chore(deps-dev): Update coverage requirement from 7.5.1 to 7.5.3 by @dependabot in #747
• docs: exclude dep bumps from changelog by @jkowalleck in #750
• chore(deps-dev): Update autopep8 requirement from 2.1.0 to 2.2.0 by @dependabot in #748
• chore(deps-dev): Update tox requirement from 4.15.0 to 4.15.1 by @dependabot in #751
• refactor: extred -> extref by @jkowalleck in #753
• refactor: const for purl type pypi by @jkowalleck in #754
• feat: environment - gather declared license information according to PEP639 by @jkowalleck in #755

Full Changelog: v4.4.3...v4.5.0

v4.4.3

v4.4.3 (2024-04-26)

Fix

• fix: do not use cyclonedx-lib==7.3.1 (#729)

add regression test for #727
fixes #727

---

Signed-off-by: Jan Kowalleck <[email protected]> (aa715c0)

---

What's Changed

• fix: do not use cyclonedx-lib==7.3.1 by @jkowalleck in #729

Full Changelog: v4.4.2...v4.4.3

v4.4.2

v4.4.2 (2024-04-21)

Fix

• fix: release lates container image (#726)

Signed-off-by: Jan Kowalleck <[email protected]> (0155450)

v4.4.1

v4.4.1 (2024-04-21)

Fix

• fix: release lates container image (#725)

Signed-off-by: Jan Kowalleck <[email protected]> (8ba9d0b)

v4.4.0

v4.4.0 (2024-04-21)

Chore

• chore: semantic-release git commit/sign valid email address

Signed-off-by: Jan Kowalleck <[email protected]> (692b8ea)

Feature

• feat: publish to GHCR (#724)

Tee container image version of the app is also available on GitHubContainerRegistry: <https://github.com/orgs/CycloneDX/packages/container/package/cyclonedx-python>

---

Signed-off-by: jxdv <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <[email protected]>
Co-authored-by: jxdv <[email protected]>
Co-authored-by: semantic-release <[email protected]> (8c18484)

---

What's Changed

• feat: publish to GHCR by @jkowalleck & @jxdv in #724

Full Changelog: v4.3.0...v4.4.0