Releases: CycloneDX/cyclonedx-python
v4.1.4
v4.1.4 (2024-03-28)
Chore
- chore(deps-dev): Update autopep8 requirement from 2.0.4 to 2.1.0 (#699)
Updates the requirements on autopep8 to permit the latest version.
updated-dependencies:
- dependency-name: autopep8
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (59f07c1)
- chore(deps-dev): Update flake8-logging requirement from 1.5.0 to 1.6.0 (#701)
Updates the requirements on flake8-logging to permit the latest version.
updated-dependencies:
- dependency-name: flake8-logging
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (dfc63b6)
- chore(deps-dev): Update tox requirement from 4.14.1 to 4.14.2 (#700)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7ae2145)
- chore(deps): Update packaging requirement || ^24 (#697)
updated-dependencies:
- dependency-name: packaging
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (bd3f232)
- chore(deps-dev): Update coverage requirement from 7.4.3 to 7.4.4 (#696)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8181ce9)
Fix
- fix: poetry analyzer crashed with certain optional package's version constraints (#703)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8ade6e1)
What's Changed
- chore(deps-dev): Update coverage requirement from 7.4.3 to 7.4.4 by @dependabot in #696
- chore(deps): Update packaging requirement from ^22||^23 to ^22||^23 || ^24 by @dependabot in #697
- chore(deps-dev): Update tox requirement from 4.14.1 to 4.14.2 by @dependabot in #700
- chore(deps-dev): Update flake8-logging requirement from 1.5.0 to 1.6.0 by @dependabot in #701
- chore(deps-dev): Update autopep8 requirement from 2.0.4 to 2.1.0 by @dependabot in #699
- fix: poetry analyzer crashed with certain optional package's version constraints by @jkowalleck in #703
Full Changelog: v4.1.3...v4.1.4
Contributors
Assets 4
v4.1.3
v4.1.3 (2024-03-15)
Chore
- chore(deps): Bump python-semantic-release/python-semantic-release (#683)
Bumps python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1.
updated-dependencies:
- dependency-name: python-semantic-release/python-semantic-release
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (f27170e)
- chore(deps): Bump actions/setup-python from 4 to 5 (#673)
Bumps actions/setup-python from 4 to 5.
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (e661fb2)
- chore(deps-dev): Update bandit requirement from 1.7.7 to 1.7.8 (#688)
Updates the requirements on bandit to permit the latest version.
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (40f16e0)
- chore(deps-dev): Update tox requirement from 4.13.0 to 4.14.1 (#687)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (16efe0b)
- chore(deps-dev): Update mypy requirement from 1.8.0 to 1.9.0 (#686)
Updates the requirements on mypy to permit the latest version.
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (de3be95)
- chore(deps-dev): Update tox requirement from 4.11.4 to 4.13.0 (#685)
Updates the requirements on tox to permit the latest version.
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (33d2b9b)
- chore(deps-dev): Update ddt requirement from 1.7.1 to 1.7.2 (#684)
Updates the requirements on ddt to permit the latest version.
updated-dependencies:
- dependency-name: ddt
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (743324a)
Ci
- ci: default to python 3.12 (#693)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dc81c35)
Documentation
- docs: imprve
environmentuse cases and examples (#690)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d38c7b)
Fix
- fix: declared license texts as such, not as license name (#694)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ec7ab3e)
What's Changed
- chore(deps-dev): Update ddt requirement from 1.7.1 to 1.7.2 by @dependabot in #684
- chore(deps-dev): Update tox requirement from 4.11.4 to 4.13.0 by @dependabot in #685
- chore(deps-dev): Update mypy requirement from 1.8.0 to 1.9.0 by @dependabot in #686
- chore(deps-dev): Update tox requirement from 4.13.0 to 4.14.1 by @dependabot in #687
- chore(deps-dev): Update bandit requirement from 1.7.7 to 1.7.8 by @dependabot in #688
- docs: imprve
environmentuse cases and examples by @jkowalleck in #690 - chore(deps): Bump actions/setup-python from 4 to 5 by @dependabot in #673
- ci: default to python 3.12 by @jkowalleck in #693
- chore(deps): Bump python-semantic-release/python-semantic-release from 8.5.1 to 9.1.1 by @dependabot in #683
- fix: declared license texts as such, not as license name by @jkowalleck in #694
Full Changelog: v4.1.2...v4.1.3
Contributors
Assets 4
v4.1.2
v4.1.2 (2024-03-01)
Mainenance release.
Build
- build: use poetry v1.8.1 (#682)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dba63b8)
Chore
- chore(deps-dev): Update coverage requirement from 7.4.1 to 7.4.3 (#680)
Updates the requirements on coverage to permit the latest version.
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (dadc9b5)
- chore(deps): Bump Gr1N/setup-poetry from 8 to 9 (#681)
Bumps Gr1N/setup-poetry from 8 to 9.
updated-dependencies:
- dependency-name: Gr1N/setup-poetry
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5ee8bb2)
- chore(deps-dev): Update flake8-quotes requirement from 3.3.2 to 3.4.0 (#679)
Updates the requirements on flake8-quotes to permit the latest version.
updated-dependencies:
- dependency-name: flake8-quotes
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4da9c9e)
- chore(deps-dev): Update flake8-bugbear requirement (#677)
Updates the requirements on flake8-bugbear to permit the latest version.
updated-dependencies:
- dependency-name: flake8-bugbear
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (14a8ec0)
What's Changed
- chore(deps-dev): Update flake8-bugbear requirement from 24.1.17 to 24.2.6 by @dependabot in #677
- chore(deps-dev): Update flake8-quotes requirement from 3.3.2 to 3.4.0 by @dependabot in #679
- chore(deps): Bump Gr1N/setup-poetry from 8 to 9 by @dependabot in #681
- chore(deps-dev): Update coverage requirement from 7.4.1 to 7.4.3 by @dependabot in #680
- build: use poetry v1.8.1 by @jkowalleck in #682
Full Changelog: v4.1.1...v4.1.2
Contributors
Assets 4
v4.1.1
v4.1.1 (2024-02-03)
Documentation
- docs: improve example for programmatic call of CLI (#670)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ac3f21)
Fix
- fix: normalize package extras (#671)
ALL names of package extras are normalized, according to spec <https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4d550ad)
What's Changed
- docs: improve example for programmatic call of CLI by @jkowalleck in #670
- fix: normalize package extras by @jkowalleck in #671
Full Changelog: v4.1.0...v4.1.1
Contributors
Assets 4
v4.1.0
v4.1.0 (2024-02-02)
Feature
- feat: support poetry multi-constraint dependencies (#668)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (50d2a4b)
Unknown
- tests: modernize testbeds (#667)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2fd3faf)
- docs (#666)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (491e875)
What's Changed
- docs: revisit toctree by @jkowalleck in #666
- tests: modernize testbeds by @jkowalleck in #667
- feat: support poetry multi-constraint dependencies by @jkowalleck in #668
Full Changelog: v4.0.0...v4.1.0
Contributors
Assets 4
v4.0.0
v4.0.0 (2024-01-31)
Changelog
See also the migration guide in the docs: https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html
- BC: Removed support for python < 3.8
- BC: Removed deprecated shell script
cyclonedx-bom; usecyclonedx-pyinstead - BC: Removed conda support. However, conda's Python environments are fully supported. See below.
- BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
- BC: Complete redesign of the CommandLineInterface(CLI):
- Uses sub-commands for easy accessibility and divide in specific purposes and domains
- Easy understandable flags, switches and options -- in accordance with the domains
- Updated help pages, added usage examples
- Dozens of new features and fixes, such as:
- environment analyzer supports any Python (virtual) environment --
including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv - Poetry analyzer support groups, filtering, and such
- Pipenv analyzer support categories, filtering, and such
- requirements analyzer is feature complete and fixed
- More details in the SBOM results (based on method)
- PackageURLs may have more qualifiers (enabled per default, disable via
--short-PURLs) - component properties according to official taxonomy
- SBOM results may be validated (enabled per default, disable via
--no-validate) - SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
- SBOM results may have root-component populated (if
pyprojectprovided) - SBOM results are more
diff-friendly and not just one long line of text - Fixed possible issues with input data encoding
- May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
- Strip authentication secrets from (private) download/index URLs
- Support CycloneDX 1.5 - which is the default now
- environment analyzer supports any Python (virtual) environment --
- Upgraded documentation, examples, ...
- Complete rewrite from scratch
- Dependencies were bumped, dropped, added, ...
- QA and test suites were massively enhanced
What's Changed
- chore(deps): Bump actions/setup-python from 4 to 5 by @dependabot in #620
- feat!: v4.0.0 by @jkowalleck , @madpah , @t-graf , @andife in #605
Full Changelog: v3.11.7...v4.0.0
What's Changed since v4.0.0-RC6
- Added more documentation here and there
- Added a migration guide to the docs : https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html
Full Changelog since v4.0.0-RC6: v4.0.0-rc.6...v4.0.0
Contributors
Assets 4
v4.0.0-rc.6
v4.0.0-rc.6 (2024-01-12)
changes since RC5:
- fix: package name normalization - #652
Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc6
What's Changed
- tests: more tests by @jkowalleck in #650
- fix: package name normalization by @jkowalleck in #652
Full Changelog: v4.0.0-rc.5...v4.0.0-rc.6
Contributors
Assets 4
v4.0.0-rc.5
v4.0.0-rc.5 (2024-01-10)
changes since RC4:
- feat: strip authentication secrets from private index/download URL - #646
Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc5
What's Changed
- chore: bump dev tools by @jkowalleck in #644
- feat: strip authentication secrets from download/registry urls by @jkowalleck in #647
Full Changelog: v4.0.0-rc.4...v4.0.0-rc.5
Contributors
Assets 4
v4.0.0-rc.4
v4.0.0-rc.4 (2023-12-25)
No changes since RC3.
Fixed docker image release process.
Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc4
v4.0.0-rc.3
v4.0.0-rc.3 (2023-12-25)
No changes since RC2.
Try to fix docker image release process.
Changelog: see #605
Docs: see https://cyclonedx-bom-tool.readthedocs.io/en/dev-4.0.0/
Install via: pip install cyclonedx-bom==4.0.0rc3