v4.1.2

v4.1.2 (2024-03-01)

Mainenance release.

Build

• build: use poetry v1.8.1 (#682)

Signed-off-by: Jan Kowalleck <[email protected]> (dba63b8)

Chore

• chore(deps-dev): Update coverage requirement from 7.4.1 to 7.4.3 (#680)

Updates the requirements on coverage to permit the latest version.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: coverage
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (dadc9b5)

• chore(deps): Bump Gr1N/setup-poetry from 8 to 9 (#681)

Bumps Gr1N/setup-poetry from 8 to 9.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: Gr1N/setup-poetry
  dependency-type: direct:production
  update-type: version-update:semver-major
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5ee8bb2)

• chore(deps-dev): Update flake8-quotes requirement from 3.3.2 to 3.4.0 (#679)

Updates the requirements on flake8-quotes to permit the latest version.

• Commits

---

updated-dependencies:

• dependency-name: flake8-quotes
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4da9c9e)

• chore(deps-dev): Update flake8-bugbear requirement (#677)

Updates the requirements on flake8-bugbear to permit the latest version.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: flake8-bugbear
  dependency-type: direct:development
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (14a8ec0)

---

What's Changed

• chore(deps-dev): Update flake8-bugbear requirement from 24.1.17 to 24.2.6 by @dependabot in #677
• chore(deps-dev): Update flake8-quotes requirement from 3.3.2 to 3.4.0 by @dependabot in #679
• chore(deps): Bump Gr1N/setup-poetry from 8 to 9 by @dependabot in #681
• chore(deps-dev): Update coverage requirement from 7.4.1 to 7.4.3 by @dependabot in #680
• build: use poetry v1.8.1 by @jkowalleck in #682

Full Changelog: v4.1.1...v4.1.2

v4.1.1

v4.1.1 (2024-02-03)

Documentation

• docs: improve example for programmatic call of CLI (#670)

Signed-off-by: Jan Kowalleck <[email protected]> (2ac3f21)

Fix

• fix: normalize package extras (#671)

ALL names of package extras are normalized, according to spec <https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization>

---

Signed-off-by: Jan Kowalleck <[email protected]> (4d550ad)

---

What's Changed

• docs: improve example for programmatic call of CLI by @jkowalleck in #670
• fix: normalize package extras by @jkowalleck in #671

Full Changelog: v4.1.0...v4.1.1

v4.1.0

v4.1.0 (2024-02-02)

Feature

• feat: support poetry multi-constraint dependencies (#668)

Signed-off-by: Jan Kowalleck <[email protected]> (50d2a4b)

Unknown

• tests: modernize testbeds (#667)

Signed-off-by: Jan Kowalleck <[email protected]> (2fd3faf)

• docs (#666)

Signed-off-by: Jan Kowalleck <[email protected]> (491e875)

---

What's Changed

• docs: revisit toctree by @jkowalleck in #666
• tests: modernize testbeds by @jkowalleck in #667
• feat: support poetry multi-constraint dependencies by @jkowalleck in #668

Full Changelog: v4.0.0...v4.1.0

v4.0.0

v4.0.0 (2024-01-31)

Changelog

See also the migration guide in the docs: https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html

• BC: Removed support for python < 3.8
• BC: Removed deprecated shell script cyclonedx-bom; use cyclonedx-py instead
• BC: Removed conda support. However, conda's Python environments are fully supported. See below.
• BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
• BC: Complete redesign of the CommandLineInterface(CLI):
  • Uses sub-commands for easy accessibility and divide in specific purposes and domains
  • Easy understandable flags, switches and options -- in accordance with the domains
  • Updated help pages, added usage examples
• Dozens of new features and fixes, such as:
  • environment analyzer supports any Python (virtual) environment --
    including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv
  • Poetry analyzer support groups, filtering, and such
  • Pipenv analyzer support categories, filtering, and such
  • requirements analyzer is feature complete and fixed
  • More details in the SBOM results (based on method)
  • PackageURLs may have more qualifiers (enabled per default, disable via --short-PURLs)
  • component properties according to official taxonomy
  • SBOM results may be validated (enabled per default, disable via --no-validate)
  • SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
  • SBOM results may have root-component populated (if pyproject provided)
  • SBOM results are more diff-friendly and not just one long line of text
  • Fixed possible issues with input data encoding
  • May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
  • Strip authentication secrets from (private) download/index URLs
  • Support CycloneDX 1.5 - which is the default now
• Upgraded documentation, examples, ...
• Complete rewrite from scratch
• Dependencies were bumped, dropped, added, ...
• QA and test suites were massively enhanced

---

What's Changed

• chore(deps): Bump actions/setup-python from 4 to 5 by @dependabot in #620
• feat!: v4.0.0 by @jkowalleck , @madpah , @t-graf , @andife in #605

Full Changelog: v3.11.7...v4.0.0

---

What's Changed since v4.0.0-RC6

• Added more documentation here and there
• Added a migration guide to the docs : https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html

Full Changelog since v4.0.0-RC6: v4.0.0-rc.6...v4.0.0

v4.0.0-rc.6

v4.0.0-rc.6 (2024-01-12)

changes since RC5:

• fix: package name normalization - #652

---

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc6

---

What's Changed

• tests: more tests by @jkowalleck in #650
• fix: package name normalization by @jkowalleck in #652

Full Changelog: v4.0.0-rc.5...v4.0.0-rc.6

v4.0.0-rc.5

v4.0.0-rc.5 (2024-01-10)

changes since RC4:

• feat: strip authentication secrets from private index/download URL - #646

---

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc5

---

What's Changed

• chore: bump dev tools by @jkowalleck in #644
• feat: strip authentication secrets from download/registry urls by @jkowalleck in #647

Full Changelog: v4.0.0-rc.4...v4.0.0-rc.5

v4.0.0-rc.4

v4.0.0-rc.4 (2023-12-25)

No changes since RC3.
Fixed docker image release process.

---

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc4

---

v4.0.0-rc.3

v4.0.0-rc.3 (2023-12-25)

No changes since RC2.
Try to fix docker image release process.

---

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc3

---

v4.0.0-rc.2

v4.0.0-rc.2 (2023-12-25)

No changes since RC1
Try to fix docker image release process.

---

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc2

---

v4.0.0-rc.1

v4.0.0-rc.1 (2023-12-25)

Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc1

---

What's Changed

• feat: bump cyclonedx-python-lib to latest RC of 4.0.x by @madpah in #521
• chore: bumped dev dependenices by @madpah in #525
• BREAKING CHANGE: remove deprecated cyclonedx-bom command #488 by @madpah in #526
• Feat: omit development dependencies from SBOM results by @tngraf in #534
• feat: use cyclonedx-python-lib 4.0.0 by @madpah in #536
• feat: neutral parsers, omitting done by runner by @jkowalleck in #537
• feat: environment licenses as proper SPDX by @jkowalleck in #576
• chore(dependencies): bump cyclonedx-python-lib@^4 -> @^4.2 by @jkowalleck in #578
• Forwardport from master by @jkowalleck in #579
• BC: drop support for python <= 3.7 by @jkowalleck in #585
• chore: bump devtools py38 by @jkowalleck in #587
• feat: have own version visible everywhere by @jkowalleck in #588
• chore: migrate to python-semantic-release@8 by @jkowalleck in #589
• chore: bring back docker image releases by @jkowalleck in #590
• chore(deps): bump cyclonedx-python-lib by @jkowalleck in #599
• Upgrade cdx lib 500rc2 by @jkowalleck in #602
• feat: validate output by @jkowalleck in #591
• feat!: make all implementation internal by @jkowalleck in #607
• chore: own config file for flake8 by @jkowalleck in #608
• tests: test for security issues with bandit by @jkowalleck in #609
• chore(deps): Bump actions/setup-python from 4 to 5 by @dependabot in #620
• feat!: rewrite CLI and parsers by @jkowalleck in #610
• build: Poetry171 by @jkowalleck in #639
• chore(deps): bump dev tools by @jkowalleck in #640

Full Changelog: v3.11.7...v4.0.0-rc.1