- docs: fix headline structure in readme
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (74f07e1
)
- fix: schema-invalid CycloneDX when running PEP639 analysis (#828)
fixes #826
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b2595cf
)
- feat: add Python 3.13 support (#818)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f4eb79e
)
- feat!: v5.0.0 (#797)
- Emitted metadata tool name is
cyclonedx-py
, wascyclonedx-bom
. - Emitted metadata tools are up to non-deprecated CycloneDX specification.
- No longer emit deprecated or undocumented properties in namespace
cdx:poetry
(see previous release 4.6.0 for official replacements).cdx:poetry:source:package:reference
cdx:poetry:package:source:resolved_reference
cdx:poetry:package:source:vcs:requested_revision
cdx:poetry:package:source:vcs:commit_id
The mentioned changes are considered "breaking" for processes that relied on the respective data structures. Migration paths are self-explanatory.
- Requires
cyclonedx-python-lib>=8.0.0,<9
now, was>=7.3.0,<8.0.0,!=7.3.1
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (34cf6e3
)
- docs(chaneglog): omit chore/ci/refactor/style/test/build (#813)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6707959
)
- docs: contrib and setup hint
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ae46ff
)
- fix: help page for sub command "environment" on windows (#805)
fixes #804
Signed-off-by: Steve (Gadget) Barnes <gadgetsteve@hotmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e8a5d7
)
- docs: reformat help page in
usage
docs (#788)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a1354e5
)
- feat: populate properties
cdx:python:package:source:vcs:...
(#790)
populate the newly added/fixed CycloneDX properties
cdx:python:package:source:vcs:...
in accordance with
<CycloneDX/cyclonedx-property-taxonomy#96> and
<CycloneDX/cyclonedx-property-taxonomy#98>.
the deprecated properties are still used, so no breaking changes exist.
fixes #789
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b08e1bb
)
- docs: fix typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f9fa9e
)
- fix: assert copyright headers (#787)
utilizes flake8 plugin <https://pypi.org/project/flake8-copyright-validator/> to assert the correct headers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dddcb5d
)
- docs: exclude dep bumps from changelog (#750)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a
)
- docs: OSSF best practice badge percentage
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803
)
- feat: environment - gather declared license information according to PEP639 (#755)
From python environments, gather additional declared license information according to PEP 639 (improving license clarity with better package metadata).
New CLI switches for cyclonedx environment
:
--PEP-639
: Enable license gathering according to PEP 639 (improving license clarity with better package metadata). The behavior may change during the draft development of the PEP.--gather-license-texts
: Enable license text gathering.
In current state of implementation, --gather-license-texts
has effect
only if --PEP-639
is also given.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e9cc805
)
- Create config.yml
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (f13311b
)
- Rename feature_request.md to 1-feature_request.md
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (c4b15d8
)
- Rename bug_report.md to 2-bug_report.md
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (58199a5
)
- fix: do not use
cyclonedx-lib==7.3.1
(#729)
add regression test for #727 fixes #727
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aa715c0
)
- fix: release
lates
container image (#726)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0155450
)
- fix: release
lates
container image (#725)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8ba9d0b
)
- feat: publish to GHCR (#724)
Tee container image version of the app is also available on GitHubContainerRegistry: <https://github.com/orgs/CycloneDX/packages/container/package/cyclonedx-python>
Signed-off-by: jxdv <virgoj@protonmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release@bot.local>
Co-authored-by: jxdv <virgoj@protonmail.com>
Co-authored-by: semantic-release <semantic-release@bot.local> (8c18484
)
- feat: improve declared licenses detection (#722)
- Add declared licenses from License Troves if not mapped to SPDX license ID
- CycloneDX 1.6 mark licenses as "declared"
fixes #718
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b0ae453
)
- feat: support CycloneDX 1.6 output (#720)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (639b35a
)
- fix: more resilent PEP610 parsing (#716)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (93f0184
)
- fix: docs for default of CLI switch
--mc-type
(#710)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a218b40
)
- fix: poetry analyzer crashed with certain optional package's version constraints (#703)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8ade6e1
)
- docs: imprve
environment
use cases and examples (#690)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d38c7b
)
- fix: declared license texts as such, not as license name (#694)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ec7ab3e
)
- build: use poetry v1.8.1 (#682)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dba63b8
)
- docs: improve example for programmatic call of CLI (#670)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ac3f21
)
- fix: normalize package extras (#671)
ALL names of package extras are normalized, according to spec <https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4d550ad
)
- feat: support poetry multi-constraint dependencies (#668)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (50d2a4b
)
- docs (#666)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (491e875
)
-
feat!: v4.0.0 (#605)
See also the migration guide in the docs.
- BC: Removed support for python < 3.8
- BC: Removed deprecated shell script
cyclonedx-bom
; usecyclonedx-py
instead - BC: Removed conda support. However, conda's Python environments are fully supported. See below.
- BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
- BC: Complete redesign of the CommandLineInterface(CLI):
- Uses sub-commands for easy accessibility and divide in specific purposes and domains
- Easy understandable flags, switches and options -- in accordance with the domains
- Updated help pages, added usage examples
- Dozens of new features and fixes, such as:
- environment analyzer supports any Python (virtual) environment -- including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv
- Poetry analyzer support groups, filtering, and such
- Pipenv analyzer support categories, filtering, and such
- requirements analyzer is feature complete and fixed
- More details in the SBOM results (based on method)
- PackageURLs may have more qualifiers (enabled per default, disable via
--short-PURLs
) - component properties according to official taxonomy
- SBOM results may be validated (enabled per default, disable via
--no-validate
) - SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
- SBOM results may have root-component populated (if
pyproject
provided) - SBOM results are more
diff
-friendly and not just one long line of text - Fixed possible issues with input data encoding
- May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
- Strip authentication secrets from (private) download/index URLs
- Support CycloneDX 1.5 - which is the default now
- Upgraded documentation, examples, ...
- Complete rewrite from scratch
- Dependencies were bumped, dropped, added, ...
- QA and test suites were massively enhanced
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Thomas Graf <thomas.graf@siemens.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Andreas Fehlner <fehlner@arcor.de>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Thomas Graf <thomas.graf@siemens.com>
Co-authored-by: semantic-release <semantic-release>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Andreas Fehlner <fehlner@arcor.de> (6d24e65
)
- fix: toml-compatible fingers-crossed handling for failed input data decoding (#613)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fb3d7bf
)
- 3.11.7
Automatically generated by python-semantic-release (f680a9a
)
- fix: added a fingers-crossed handling for failed input data decoding (#612)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (be55902
)
- 3.11.6
Automatically generated by python-semantic-release (6002e0e
)
- fix: Custom input encoding (#601)
The custom input specified via CLI's -i
option did not properly detect the input encoding.
This was fixed.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (363934c
)
- 3.11.5
Automatically generated by python-semantic-release (46cd517
)
- fix: Input file encoding fallback
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0bc7296
)
- 3.11.4
Automatically generated by python-semantic-release (70889be
)
- docs: publish coverage (#600)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bd4f48e
)
- docs: adjust syntax hilight for code blocks (#592)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ccac31e
)
- docs: mark
ShellSession
in README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (411cf3d
)
- fix: input file encoding (#596)
Input files in lock-format are expected in a certain encoding, other input file encodings are detected.
fixes #448
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9dda4b
)
- 3.11.3
Automatically generated by python-semantic-release (02ab8cb
)
- Update usage.rst (#572)
Signed-off-by: Andreas Fehlner <fehlner@arcor.de> (04e1ea8
)
- fix: referenced branch
main
, instead ofmaster
(#562)
somebody renamed the master
branch to main
.
but forgot to transition the docs.
fixed this
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (830d15c
)
- 3.11.2
Automatically generated by python-semantic-release (614f6fa
)
- fix: fix typo in help page (#552)
it's
-> its
fixes #551
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (19bf41a
)
- 3.11.1
Automatically generated by python-semantic-release (d90b45c
)
-
docs: fix typo in CLI help page (#490) (
a8a8445
) -
docs: fix typos (#482)
-
Fix typo
Signed-off-by: Thomas Beutlich <thomas.beutlich@neocx.de>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (edbe3d4
)
- docs: fix shields (#473)
caused by badges/shields#8671
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e32b288
)
- feat: deprecated CLI command
cyclonedx-bom
prints deprecation warning on STDERR before execution (#489)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2009236
)
- 3.11.0
Automatically generated by python-semantic-release (fe5ea31
)
- docs: improve CONTRIBUTION instructions - sign-off step (#470)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (578c0a8
)
- fix: PURL for PyPI packages from 'conda list' have the correct format now (#471)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (1573064
)
- 3.10.1
Automatically generated by python-semantic-release (7b44aea
)
- feat: add support for poetry lock format v2.0 (#469)
Signed-off-by: tewfik-ghariani <tewfik.ghariani@1und1.de>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: tewfik-ghariani <tewfik.ghariani@1und1.de> (0b1e07f
)
- 3.10.0
Automatically generated by python-semantic-release (2501bed
)
- feat: parsers can outbut more debug messages (#466)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9eedb4f
)
- 3.9.0
Automatically generated by python-semantic-release (895f597
)
- feat: error- and debug-output is send to STDERR, instead of STDOUT (#465)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f543b69
)
- 3.8.0
Automatically generated by python-semantic-release (24c4163
)
- fix: ignore broken licenses in env parser (#463)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3118acd
)
- 3.7.4
Automatically generated by python-semantic-release (de188b8
)
- fix: adjust dependency
pip-requirements-parser
to a working version (#450)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6101986
)
- 3.7.3
Automatically generated by python-semantic-release (d425005
)
-
fix: add a missing space in the help pages
pathto
->path to
(#443) -
docs: fix typo
pathto
->path to
-
fix(help): added the missing space
pathto
->path to
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bc5fe57
)
- 3.7.2
Automatically generated by python-semantic-release (7aff239
)
- fix(EnvironmentParser): reduced crashes if no Classifiers are found (#441)
fixes #440
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (67f56e7
)
- 3.7.1
Automatically generated by python-semantic-release (b2a97e0
)
- feat: pass purl-bom-ref to EnvironmentParser (#432)
Signed-off-by: a1lu <github.foreshoe@slmail.me> (7cfefeb
)
- 3.7.0
Automatically generated by python-semantic-release (8c9a65a
)
- fix(EnvironmentParser): remove code break when classifier parsing in py>=3.8 (#431)
Signed-off-by: a1lu <github.foreshoe@slmail.me> (4ab075e
)
- 3.6.4
Automatically generated by python-semantic-release (f718356
)
- fix: CI release pipeline
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (99ccdc6
)
- 3.6.3
Automatically generated by python-semantic-release (ddea61e
)
- fix: CI release pipeline
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6515071
)
- 3.6.2
Automatically generated by python-semantic-release (0a8f8ff
)
- fix: properly declare licenses from environment (#417)
use named licenses instead of license expressions.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (25f9e29
)
- 3.6.1
Automatically generated by python-semantic-release (89c262a
)
- docs: describe
cyclonedx-py
rather thancyclonedx-bom
fixes #414
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c04196e
)
-
docs: Minor updates to poetry usage details & contributing.md (#407)
-
docs: fix minor typo in poetry usage docs
-
docs: update commit flag in contribution guidelines
Signed-off-by: Emily Schultz <emilyschultz16@gmail.com> (0abe230
)
- feat: enable dependency
cyclonedx-python-lib@^3
(#418)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (05cd51e
)
- 3.6.0
Automatically generated by python-semantic-release (049a5b3
)
- Merge pull request #415 from CycloneDX/docs_cyclonedx-py
docs: describe command line usages as cyclonedx-py
rather than cyclonedx-bom
#414 (348f689
)
- feat: optionally force
bom_ref
to bepurl
rather that the default random UUID format - thanks @RodneyRichardson
Merge pull request #361 from RodneyRichardson/use-explicit-bom-ref (9659d08
)
- 3.5.0
Automatically generated by python-semantic-release (d5465ec
)
- Update README.md with purl-bom-ref parameter.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (b9b3a01
)
- Add CLI option to use purl as bom-ref.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (d609ec3
)
- Remove unnecessary str() cast.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (b1f9895
)
-
Merge branch 'CycloneDX:master' into use-explicit-bom-ref (
23d10bf
) -
Merge branch 'master' into use-explicit-bom-ref (
f89f706
) -
chore: Bump cyclonedx-python-lib from 2.4.0 to 2.5.2 (#373)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9bbe5e
)
- feat: Update purl to match specification when ingesting packages from Conda - thanks to @RodneyRichardson (
072c8f1
)
- 3.4.0
Automatically generated by python-semantic-release (cf7c625
)
- Merge branch 'master' into fix-conda-purl (
2999022
)
- feat: Add Conda MD5 hash to Component.hashes, if available - thanks @RodneyRichardson (
772c517
)
- 3.3.0
Automatically generated by python-semantic-release (b028c2b
)
-
Merge branch 'master' into fix-conda-purl (
cf4a5e4
) -
Merge branch 'master' into add-conda-hash (
95c6893
) -
Merge branch 'master' into use-explicit-bom-ref
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (d5d0160
)
- Ignore missing typing for packageurl
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (5ac29c5
)
- Explicitly cast package_format to str.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (31d5daf
)
- Cast md5_hash to str
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (51afacf
)
- Fix sonatype-lift warning.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (5e60fac
)
- Add Conda MD5 hash to Component.hashes, if available
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (54c33b5
)
- Update Conda purl to match specification
Add conda_package_to_purl() utility function Add package_format field to CondaPackage purl specification can be found here: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#conda
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (e392cbc
)
- Merge branch 'CycloneDX:master' into use-explicit-bom-ref (
c99d993
)
-
fix: add actively used (transitive) dependencies (#363)
-
ci: add test with lowest dependencies
-
fix: have some typings corrected
-
fix: add actively used (transitive) dependencies
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1f45ad9
)
- 3.2.2
Automatically generated by python-semantic-release (f3f40c8
)
- Use purl.to_string() as default bom_ref for Components.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (0c8dd60
)
- Merge pull request #348 from sleightsec/include-pipenv-hashes-without-index-attribute
fix: remove check for index==pypi
which causes hashes to be excluded from the resultant BOM when using PipEnv Parser (ae537fb
)
- correct test for dependencies with hashes and no index attribute in pipenv
Signed-off-by: sleightsec <69399725+sleightsec@users.noreply.github.com> (b9ab033
)
- #347 - remove index=pypi attribute requirement for pipenv hash inclusion
Signed-off-by: sleightsec <69399725+sleightsec@users.noreply.github.com> (65bf318
)
- 3.2.1
Automatically generated by python-semantic-release (092bdf2
)
- Merge pull request #338 from CycloneDX/bugfix/json-format-default-file
fix: cli default file name for json format (929e26d
)
- fix: cli default file for json format
fixes #337
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8747620
)
- 3.2.0
Automatically generated by python-semantic-release (eb054b0
)
- Merge pull request #326 from CycloneDX/callable-module
feat: make package/module callable (193f1a4
)
- shield icons in README (
b647219
)
- docs: describe methods to call the tool
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2bac83a
)
- docs: add link to https://cyclonedx.org/ to README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fc4b8e4
)
- docs: add hint for RTFD to README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf4f534
)
- docs: add RTFD shield to README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7fef6ee
)
- docs: fixed link to RTFD
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3a8669a
)
- feat: make module callable
fixes #321
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b3d8d7
)
- fix(conda-parser): version recognition for strings (#332)
conda packacge string parser no longer raises unexpected errors, if the build-number is non-numeric. fixes #331
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (65246dd
)
- 3.1.1
Automatically generated by python-semantic-release (f5d7943
)
- Merge pull request #328 from CycloneDX/docs-hint-to-rtd
docs: add and fix hint to rtfd (3b3477b
)
- docs: update RequirementsFileParser docs to include nested file support
Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (9e9021d
)
- feat: Add pip-requirements-parser and update virtualenv to latest version
Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (73b2182
)
- fix: sort imports
Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (fdec44b
)
- fix: Try to fix the temp file issue on Windows machines
Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (684d4f0
)
- 3.1.0
Automatically generated by python-semantic-release (92b21f7
)
- Merge pull request #327 from mostafa/feat/parse-requirements-txt-with-locally-referenced-packages
feat: Change requirements parser (f973c91
)
- Merge pull request #320 from CycloneDX/sort-imports
style: sort imports (a527e0d
)
- feat: bump to latest
cyclonedx-python-lib
BREAKING CHANGE: Default Schema Version has been replaced by notion of LATEST supported Schema Version
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5902fbf
)
- feat: added marker and classifiers to denote this as typed (#313)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f317353
)
- feat: update to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6c8b517
)
- feat: update to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (bc8ee6b
)
- 3.0.0
Automatically generated by python-semantic-release (f7ca95c
)
- Merge pull request #316 from CycloneDX/feat/update-lib-2.0.x
feat: bump to latest cyclonedx-python-lib
feat: Added marker and classifiers to denote this as typed (#313)
BREAKING CHANGE: bump to latest cyclonedx-python-lib
(4700399
)
- 2.1.0
Automatically generated by python-semantic-release (cc848f7
)
- Merge pull request #311 from CycloneDX/feat/update-lib-2.0.x
BREAKING CHANGE: update to latest RC of cyclonedx-python-lib
(3cb14e0
)
- bumped to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (e193521
)
- updated tests to be more Pythonic
Signed-off-by: Paul Horton <paul.horton@owasp.org> (891cf3e
)
- bumped to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (54db3cd
)
- bump
cyclonedx-python-lib
rc
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a4795ed
)
- BREAKING CHANGE: update so default schema version is 1.4
Signed-off-by: Paul Horton <paul.horton@owasp.org> (689e7e9
)
- fix: docker image releae checkout ref w/o
tags
(#309)
fixes #308
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5d8b1e1
)
- 2.0.3
Automatically generated by python-semantic-release (8379712
)
-
fix: properly support reading from stdin (#307)
-
Adjust cli when reading from stdin.
Bind reading from stdin on specifying -i -
. This is part of
argparse.FileType
.
Local tests under the following conditions:
- implicit reading
poetry.lock
using args-p -o -
- explicit reading
poetry.lock
using args-p -i poetry.lock -o -
- explicit reading
poetry.lock
file after renaming usingcat p.lock | python -m cyclonedx_py.client -p -i - -o -
Signed-off-by: Theodor van Nahl <theo@van-nahl.org> (23f31a0
)
- 2.0.2
Automatically generated by python-semantic-release (916951a
)
- Update CONTRIBUTING.md
link to pep8 (4f87341
)
- fix: bump dependencies to get latest
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (87c3fe7
)
- 2.0.1
Automatically generated by python-semantic-release (a4a4c42
)
-
docs: readme maintenance - shields & links (#266)
-
README: added typehint to the vode blocks
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: fixed fenced-code and lists
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: shields got modernixed and linked
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: harmonized links
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a34046f
)
-
feat: add support for CycloneDX 1.4 specification (#294)
-
feat: add support for output to CycloneDX 1.4 (draft) feat: Error with return code 2 if attempting to output in JSON and SchemaVersion < 1.2 test: Multiple tests added
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: addressed flake8 issues fix: added missing bump to dependencies
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: corrected import
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- ci: removed poetry cache as broken?
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- bump to latest RC for cyclonedx-python-lib
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
doc: migration to RTD (#296)
-
doc: migration to RTD.
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: removed references to schema version 1.4
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- doc: updates to include schema version
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- doc: cleanup
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
feat: BREAKING CHANGE - relocated concrete parsers (#299) BREAKING CHANGE Concrete Parsers now reside in this project, not
cyclonedx-python-lib
-
re-located tests for Utils
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: BREAKING CHANGE - relocated concrete parsers from
cyclonedx-python-lib
doc: updated to reflect breaking changes dod: added changelog
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- feat: BREAKING CHANGE - relocated concrete parsers from
cyclonedx-python-lib
doc: updated to reflect breaking changes dod: added changelog
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: removed schema validation from unit tests as this is performed in upstream library
cyclonedx-python-lib
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: removed schema validation from unit tests as this is performed in upstream library
cyclonedx-python-lib
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: add pre-release manual GH workflow
Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: bump to latest RC of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- added
purl
intoComponent
s output by parsers
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Ignore type for packageurl imports
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- doc: corrected project title
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: bump to released version of
cyclonedx-python-lib
Signed-off-by: Paul Horton <paul.horton@owasp.org> (7bb6d32
)
- 1.6.0
Automatically generated by python-semantic-release (958af1a
)
-
doc: migration to RTD (#296)
-
doc: migration to RTD.
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: removed references to schema version 1.4
Signed-off-by: Paul Horton <phorton@sonatype.com> (1744f4d
)
-
Update CONTRIBUTING.md (
1175c84
) -
Merge pull request #279 from CycloneDX/contributing-file
initial CONTRIBUTING file (73fcd78
)
- initial CONTRIBUTING file
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (104d223
)
- gh-action: docker test build
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3b92b00
)
- rename python ci workflow
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b1f57fb
)
- CHORE: gh-action release use org's secrets
as part of #271 (71d1c47
)
- gh-action release use org's secrets
as of #271
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (80a6e68
)
- CHORE: build(deps-dev): Bump coverage from 6.1.2 to 6.2
build(deps-dev): Bump coverage from 6.1.2 to 6.2 (36dd7bd
)
- CHORE: build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29
build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 (c7a5fd0
)
- DOCS: fix README shield labels (
7291d06
)
- fix: revert to previous process for building Docker image as PyPi index update is too slow to pull straight away after publish
Signed-off-by: Paul Horton <phorton@sonatype.com> (67bb738
)
- 1.5.3
Automatically generated by python-semantic-release (ce33cf0
)
- Merge branch 'master' of github.com:CycloneDX/cyclonedx-python (
186bdda
)
- fix: corrected docker image build process to not rely on
dist
folder which is cleaned up by python-semantic-release
Signed-off-by: Paul Horton <phorton@sonatype.com> (6c65c11
)
- 1.5.2
Automatically generated by python-semantic-release (7586867
)
-
fix: Re-enable build and publish of Docker Image (#263)
-
fix: update
Dockerfile
to use Python 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com>
- ci: renable publishing of Docker Images
Signed-off-by: Paul Horton <phorton@sonatype.com> (478360d
)
- 1.5.1
Automatically generated by python-semantic-release (dd31888
)
-
feat: support for Python 3.10 (#261)
-
enabled py3.10 tests in CI
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- add py-version classifiers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f4f9ffe
)
- 1.5.0
Automatically generated by python-semantic-release (31fdd93
)
- fix: add static code analysis, better typing and bump cyclonedx-python-lib to 0.11
Signed-off-by: Paul Horton <phorton@sonatype.com> (d5d9f56
)
- 1.4.3
Automatically generated by python-semantic-release (8050477
)
-
FIX: add static code analysis, better typing and bump to
cyclonedx-python-lib
>=0.11.0
-
fixed some tox issues
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- add more QA
bumped cyclonedx-python-lib
to the version that opened type-checks
added QA tools: mypy
, flake8-annotations
, flake8-bugbear
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- gitignore alternative paths of
venv
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- gh-action CI no longer failes fast
this allowes to run all tests, regardless of failes in parallel tests of the matrix
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- add missing return types
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- make mypy pass
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- tests dont run subprocesses in the shell
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- unittest run in verbose mode
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fix windows tox run
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- make tests a module
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3080b57
)
- fix: if no input file is supplied and no input is provided on STDIN, we will now try to automatically locate (in the current working directory) a manifest with default name for the input type specified. This works for PIP (Pipfile.lock), Poetry (poetry.lock) and Requirements (requirements.txt)
Signed-off-by: Paul Horton <phorton@sonatype.com> (93f9e59
)
- 1.4.2
Automatically generated by python-semantic-release (e39ebd3
)
- Merge pull request #257 from CycloneDX/fix/256-no-default-file-when-no-input-on-stdin
FIX: Fallback to default manifest names in current directory when no -i
supplied and nothing piped in via STDIN (c0f0766
)
- doc: updated documentation
Signed-off-by: Paul Horton <phorton@sonatype.com> (47612e6
)
- typo corrected
Signed-off-by: Paul Horton <phorton@sonatype.com> (4949a0d
)
- Merge pull request #255 from CycloneDX/dependabot/pip/coverage-6.1.2
build(deps-dev): Bump coverage from 6.1.1 to 6.1.2 (6924dac
)
- Merge pull request #252 from jkowalleck/patch-1
Create CODEOWNERS (b64c707
)
-
run github "CI" on commits to master (
00532dd
) -
Merge pull request #251 from CycloneDX/dependabot/pip/coverage-6.1.1
build(deps-dev): Bump coverage from 5.5 to 6.1.1 (525ee0e
)
- Create CODEOWNERS
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a29525a
)
- fix: corrected documentation after deprecation of
-rf
,-pf
,--poetry-file
,--requirements-file
and--pip-file
doc: updated documentation to clarify there is a single input parameter:-i
Signed-off-by: Paul Horton <phorton@sonatype.com> (4c4c8d8
)
- 1.4.1
Automatically generated by python-semantic-release (8f525f2
)
- feat: add conda support (bump cyclonedx-python-lib to ^0.10.0)
Signed-off-by: Paul Horton <phorton@sonatype.com> (cb24275
)
- fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.2)
Signed-off-by: Paul Horton <phorton@sonatype.com> (da6772b
)
- fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.1)
Signed-off-by: Paul Horton <phorton@sonatype.com> (fe5df36
)
- 1.4.0
Automatically generated by python-semantic-release (564076b
)
- Merge pull request #247 from CycloneDX/feat/conda-support
FEATURE: Add Conda Support (c3709af
)
- fixed some tests
Signed-off-by: Paul Horton <phorton@sonatype.com> (002b31d
)
- fix: bump to cyclonedx-python-lib to resolve issue #244
Signed-off-by: Paul Horton <phorton@sonatype.com> (ebea3ef
)
- 1.3.1
Automatically generated by python-semantic-release (a030392
)
- Merge pull request #246 from CycloneDX/feat/add-basic-license-support
fix: bump to cyclonedx-python-lib to resolve issue #244 (d831254
)
- feat: add license information in CycloneDX BOM when using Environment as the source
Signed-off-by: Paul Horton <phorton@sonatype.com> (5d1f9a7
)
- 1.3.0
Automatically generated by python-semantic-release (8d01377
)
- Merge pull request #245 from CycloneDX/feat/add-basic-license-support
Add license information in CycloneDX BOM when using Environment as the source (26f2500
)
- feat: update to latest stable cyclonedx-python-lib
- Enables PipEnv support natively
- Vast improvements to quality and information contained in the genereated CycloneDX BOM documents - see
cyclonedx-python-lib
for details - Various old files removes
Signed-off-by: Paul Horton <phorton@sonatype.com> (6145bd5
)
- 1.2.0
Automatically generated by python-semantic-release (1e46b3d
)
- Merge pull request #243 from CycloneDX/feat/bump-cyclonedx-lib-0.8.x
Update to latest stable cyclonedx-python-lib
(68f7daa
)
- feat: add support for generating SBOM from poetry.lock files
Signed-off-by: Paul Horton <phorton@sonatype.com> (bb4ac0f
)
- 1.1.0
Automatically generated by python-semantic-release (ca992f2
)
- fix: handle
requirements.txt
which contain dependencies without a version statement and warn that they cannot be included in the resulting CycloneDX BOM
Signed-off-by: Paul Horton <phorton@sonatype.com> (e637e56
)
- 1.0.5
Automatically generated by python-semantic-release (5523909
)
- Merge pull request #236 from CycloneDX/enhancement/issue-235-requirements-unpinned-versions
fix: handle requirements.txt
which contain dependencies without a v… (f57ab1a
)
- fix: error message when
requirements.txt
file is non-existent updated
Signed-off-by: Paul Horton <phorton@sonatype.com> (3bbc071
)
- 1.0.4
Automatically generated by python-semantic-release (c8b00bc
)
- Merge pull request #234 from CycloneDX/enhancement/issue-232-error-message
fix: error message when requirements.txt
file is non-existent updated (2e6acee
)
- build: added flake8 as dev dependency
Signed-off-by: Paul Horton <phorton@sonatype.com> (a8fed84
)
- build: updated all dependencies
Signed-off-by: Paul Horton <phorton@sonatype.com> (616b949
)
- fix: default to "requirements.txt" in current directory when "-r" flag is supplied but not "-rf" flag is supplied
Signed-off-by: Paul Horton <phorton@sonatype.com> (bb7e30a
)
- 1.0.3
Automatically generated by python-semantic-release (f3522b9
)
- Merge pull request #233 from CycloneDX/fix/issue-230-hang-with-no-rf-flag
Fix for hang when no -rf
flag supplied with -r
flag (651b35f
)
- Merge pull request #229 from madpah/fix/bump-dependencies
build: updated all dependencies (5587777
)
- fix: Release GH action (
148421b
)
- 1.0.2
Automatically generated by python-semantic-release (5d077a2
)
- fix(ci): corrected main to master branch.
Signed-off-by: Paul Horton <phorton@sonatype.com> (7162cd9
)
- 1.0.1
Automatically generated by python-semantic-release (9af491d
)
-
Merged in master. (
95b89a7
) -
fix(ci) - bumped release workflow to run on Python 3.9 which is supported.
Signed-off-by: Paul Horton <phorton@sonatype.com> (fd7cd8c
)
- Merge pull request #221 from madpah/feature/migrate-to-cyclonedx-python-lib
Migration to new cyclonedx-python-lib for SBOM generation (3b1a13c
)
- Corrected Development Status classifier.
Signed-off-by: Paul Horton <phorton@sonatype.com> (0263610
)
- Removed Python 3.5, added 3.8, 3.9 support in GitLab CI.
Signed-off-by: Paul Horton <phorton@sonatype.com> (9ecb7b8
)
- Addressed issues reported by flake8..
Signed-off-by: Paul Horton <phorton@sonatype.com> (177a99f
)
- Updated documentation.
Signed-off-by: Paul Horton <phorton@sonatype.com> (ef76b4d
)
- Started rewrite of tests.
Signed-off-by: Paul Horton <phorton@sonatype.com> (914463b
)
- Fixed a few things:
- Was defaulting to Environment incorrectly
- Output to STDOUT also output to a file named '-'
- Now support data from STDIN
Signed-off-by: Paul Horton <phorton@sonatype.com> (4a47efb
)
- Moved from local cyclonedx-python-lib dependency to published version on PyPi.
Signed-off-by: Paul Horton <phorton@sonatype.com> (3ac87a6
)
- Re-work to consume new cyclonedx python library which will do all the heavy lifting.
Signed-off-by: Paul Horton <phorton@sonatype.com> (25f89fd
)
-
Merge pull request #190 from CycloneDX/dependabot/github_actions/actions/setup-python-2.2.2 (
f5a0946
) -
Merge pull request #191 from CycloneDX/dependabot/github_actions/actions/upload-release-asset-1.0.2 (
caac584
) -
Merge pull request #192 from CycloneDX/dependabot/github_actions/actions/create-release-1.1.4
Bump actions/create-release from 1 to 1.1.4 (33e47b0
)
- Merge pull request #202 from CycloneDX/dependabot/docker/python-3.9.6-slim-buster
Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster (c859cb7
)
- Merge pull request #206 from mgrajesh1/issue_205_pypi_connect_using_proxy
Issue# 205. Use HTTPS_PROXY if env is set (f5108c4
)
-
Updating copyright statements (
18e206e
) -
Issue# 205. Use HTTPS_PROXY if env is set
Signed-off-by: akshadpai <akshadpai01@gmail.com> (4fb8714
)
- Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster
Bumps python from 3.9.5-slim-buster to 3.9.6-slim-buster.
updated-dependencies:
- dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (ecd0fba
)
-
Added notice and updated file headers (
0f4ff74
) -
Bump actions/create-release from 1 to 1.1.4
Bumps actions/create-release from 1 to 1.1.4.
Signed-off-by: dependabot[bot] <support@github.com> (6371988
)
- Bump actions/upload-release-asset from 1 to 1.0.2
Bumps actions/upload-release-asset from 1 to 1.0.2.
Signed-off-by: dependabot[bot] <support@github.com> (50cfad3
)
- Bump actions/setup-python from 2.2.1 to 2.2.2
Bumps actions/setup-python from 2.2.1 to 2.2.2.
Signed-off-by: dependabot[bot] <support@github.com> (dbca5da
)
- Merge pull request #186 from CycloneDX/dependabot/docker/python-3.9.5-slim-buster
Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster (3cd645a
)
- Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster
Bumps python from 3.9.2-slim-buster to 3.9.5-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (657b1ff
)
- Merge pull request #173 from CycloneDX/dependabot/pip/packageurl-python-0.9.4
Bump packageurl-python from 0.9.3 to 0.9.4 (1615d91
)
- Merge pull request #165 from CycloneDX/dependabot/docker/python-3.9.2-slim-buster
Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster (4a33cf1
)
- Bump packageurl-python from 0.9.3 to 0.9.4
Bumps packageurl-python from 0.9.3 to 0.9.4.
Signed-off-by: dependabot[bot] <support@github.com> (7f153fa
)
- Merge pull request #161 from CycloneDX/dependabot/pip/packaging-20.9
Bump packaging from 20.7 to 20.9 (57a0b16
)
- Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster
Bumps python from 3.9.1-slim-buster to 3.9.2-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (fba5248
)
- Bump packaging from 20.7 to 20.9
Bumps packaging from 20.7 to 20.9.
Signed-off-by: dependabot[bot] <support@github.com> (240847f
)
- Merge pull request #149 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.1
Bump actions/setup-python from v2.2.0 to v2.2.1 (5eb87ee
)
- Bump actions/setup-python from v2.2.0 to v2.2.1
Bumps actions/setup-python from v2.2.0 to v2.2.1.
Signed-off-by: dependabot[bot] <support@github.com> (3c9eaae
)
- Merge pull request #147 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.0
Bump actions/setup-python from v2.1.4 to v2.2.0 (a31103e
)
- Bump actions/setup-python from v2.1.4 to v2.2.0
Bumps actions/setup-python from v2.1.4 to v2.2.0.
Signed-off-by: dependabot[bot] <support@github.com> (89dacb0
)
- Merge pull request #142 from CycloneDX/dependabot/docker/python-3.9.1-slim-buster
Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster (2f1f5ba
)
- Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster
Bumps python from 3.9.0-slim-buster to 3.9.1-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (37eaf19
)
-
Bug fix release - invalid XML character handling (
0d5c01e
) -
Merge pull request #140 from CycloneDX/invalid-xml-characters
Fix for invalid xml characters (8de9c16
)
-
Re-order test data (
c8fa641
) -
Add handling for invalid xml characters (
228af8d
) -
Add test for invalid xml unicode characters (
56bbb40
) -
Merge pull request #138 from CycloneDX/dependabot/pip/packaging-20.7
Bump packaging from 20.4 to 20.7 (ca4cf86
)
- Bump packaging from 20.4 to 20.7
Bumps packaging from 20.4 to 20.7.
Signed-off-by: dependabot[bot] <support@github.com> (0ce786c
)
- Merge pull request #137 from CycloneDX/dependabot/pip/requests-2.25.0
Bump requests from 2.24.0 to 2.25.0 (e943788
)
- Bump requests from 2.24.0 to 2.25.0
Bumps requests from 2.24.0 to 2.25.0.
Signed-off-by: dependabot[bot] <support@github.com> (5b22ddf
)
- Merge pull request #134 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.4
Bump actions/checkout from v2.3.3 to v2.3.4 (85bb4fc
)
- Bump actions/checkout from v2.3.3 to v2.3.4
Bumps actions/checkout from v2.3.3 to v2.3.4.
Signed-off-by: dependabot[bot] <support@github.com> (22b9305
)
- Merge pull request #132 from CycloneDX/dependabot/pip/setuptools-50.3.2
Bump setuptools from 50.3.1 to 50.3.2 (d01d920
)
- Bump setuptools from 50.3.1 to 50.3.2
Bumps setuptools from 50.3.1 to 50.3.2.
Signed-off-by: dependabot[bot] <support@github.com> (e2df914
)
- Merge pull request #133 from CycloneDX/dependabot/pip/pytest-6.1.2
Bump pytest from 6.1.1 to 6.1.2 (140a00a
)
- Bump pytest from 6.1.1 to 6.1.2
Bumps pytest from 6.1.1 to 6.1.2.
Signed-off-by: dependabot[bot] <support@github.com> (bf5267d
)
- Merge pull request #127 from CycloneDX/dependabot/pip/setuptools-50.3.1
Bump setuptools from 50.3.0 to 50.3.1 (bb69861
)
- Merge pull request #128 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.4
Bump actions/setup-python from v2.1.3 to v2.1.4 (de9da36
)
- Bump actions/setup-python from v2.1.3 to v2.1.4
Bumps actions/setup-python from v2.1.3 to v2.1.4.
Signed-off-by: dependabot[bot] <support@github.com> (765d9d1
)
- Bump setuptools from 50.3.0 to 50.3.1
Bumps setuptools from 50.3.0 to 50.3.1.
Signed-off-by: dependabot[bot] <support@github.com> (162d7ea
)
- Merge pull request #126 from CycloneDX/devcontainer
Add devcontainer configuration (859e9a4
)
-
Add devcontainer configuration (
b9c34a6
) -
Merge pull request #118 from c0d3nh4ck/master
Added support for metadata timestamp (d954df8
)
- check for metadata to be empty (
180f207
)
-
Maintenance release (
308f98e
) -
Merge pull request #121 from CycloneDX/dependabot/docker/python-3.9.0-slim-buster
Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster (7703a52
)
- Merge pull request #120 from CycloneDX/dependabot/pip/packageurl-python-0.9.3
Bump packageurl-python from 0.9.2 to 0.9.3 (257fa2b
)
- Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster
Bumps python from 3.8.6-slim-buster to 3.9.0-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (bf938c9
)
- Bump packageurl-python from 0.9.2 to 0.9.3
Bumps packageurl-python from 0.9.2 to 0.9.3.
Signed-off-by: dependabot[bot] <support@github.com> (1a7d36b
)
- Merge pull request #119 from CycloneDX/dependabot/pip/pytest-6.1.1
Bump pytest from 6.1.0 to 6.1.1 (202f029
)
- Bump pytest from 6.1.0 to 6.1.1
Bumps pytest from 6.1.0 to 6.1.1.
Signed-off-by: dependabot[bot] <support@github.com> (005f85f
)
-
update for the xml part to convert metadata to dictionary object (
d31e8b2
) -
updated metadata to dictionary from list (
deebd3d
) -
Added code to check for metadata value (
a3497fd
) -
added default value for metadata as None (
86641b6
) -
Added support for metadata timestamp (
27eb3e5
) -
Merge pull request #116 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.3
Bump actions/setup-python from v2.1.2 to v2.1.3 (e7c1cd9
)
- Bump actions/setup-python from v2.1.2 to v2.1.3
Bumps actions/setup-python from v2.1.2 to v2.1.3.
Signed-off-by: dependabot[bot] <support@github.com> (648ab6f
)
- Merge pull request #112 from CycloneDX/dependabot/pip/xmlschema-1.2.5
Bump xmlschema from 1.2.4 to 1.2.5 (9f22abf
)
- Merge pull request #113 from CycloneDX/dependabot/pip/pytest-6.1.0
Bump pytest from 6.0.1 to 6.1.0 (5801185
)
- Merge pull request #115 from praveenmylavarapu/make-component-generic
Make component type generic (584e929
)
- Merge pull request #114 from praveenmylavarapu/remove-duplicate
remove duplicate function call (7ad5892
)
-
Make component type generic (
4a2d220
) -
remove duplicate function call (
df6d6d0
) -
Bump pytest from 6.0.1 to 6.1.0
Bumps pytest from 6.0.1 to 6.1.0.
Signed-off-by: dependabot[bot] <support@github.com> (f8ffeeb
)
- Bump xmlschema from 1.2.4 to 1.2.5
Bumps xmlschema from 1.2.4 to 1.2.5.
Signed-off-by: dependabot[bot] <support@github.com> (8f94c58
)
- Revert "Bump pytest from 6.0.1 to 6.0.2"
This reverts commit 986d2ef737e051be04203b14ee5d11b26b00edb7. (528341a
)
- Merge pull request #108 from CycloneDX/dependabot/pip/pytest-6.0.2
Bump pytest from 6.0.1 to 6.0.2 (feed962
)
- Bump pytest from 6.0.1 to 6.0.2
Bumps pytest from 6.0.1 to 6.0.2.
Signed-off-by: dependabot[bot] <support@github.com> (986d2ef
)
- Merge pull request #109 from CycloneDX/dependabot/pip/packageurl-python-0.9.2
Bump packageurl-python from 0.9.1 to 0.9.2 (bfa1db6
)
- Bump packageurl-python from 0.9.1 to 0.9.2
Bumps packageurl-python from 0.9.1 to 0.9.2.
Signed-off-by: dependabot[bot] <support@github.com> (a2a3596
)
- Merge pull request #107 from CycloneDX/dependabot/pip/xmlschema-1.2.4
Bump xmlschema from 1.2.3 to 1.2.4 (c58a756
)
- Merge pull request #111 from CycloneDX/dependabot/docker/python-3.8.6-slim-buster
Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster (00eccf6
)
- Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster
Bumps python from 3.8.5-slim-buster to 3.8.6-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (0db21cd
)
- Merge pull request #110 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.3
Bump actions/checkout from v2.3.2 to v2.3.3 (f84ace1
)
- Bump actions/checkout from v2.3.2 to v2.3.3
Bumps actions/checkout from v2.3.2 to v2.3.3.
Signed-off-by: dependabot[bot] <support@github.com> (f1381a5
)
- Bump xmlschema from 1.2.3 to 1.2.4
Bumps xmlschema from 1.2.3 to 1.2.4.
Signed-off-by: dependabot[bot] <support@github.com> (8a92d37
)
- Merge pull request #101 from CycloneDX/dependabot/docker/python-3.8.5-slim-buster
Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster (bfa41d2
)
- Merge pull request #105 from CycloneDX/null-license-handling
Add test data for package with a null license (50e634b
)
- Fix test data for GitHub runners
There is something odd here that needs more investigation to make it more deterministic. (d2fee97
)
-
Merge branch 'master' into null-license-handling (
0d11a2e
) -
Add test data for package with a null license (
9958abb
)
- Bug fix release
- Fix handling of null licenses
- Fix Docker image bundled tool version (
ab588be
)
- Merge pull request #104 from rback123/patch-103
Prevent crash when package_license is none from pypi null value (57e31f0
)
-
Added NoneType check for package_license (
6b18250
) -
Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster
Bumps python from 3.8.1-slim-buster to 3.8.5-slim-buster.
Signed-off-by: dependabot[bot] <support@github.com> (a5e46d1
)
- Merge pull request #102 from CycloneDX/docker-release-fix
Use release built package when building Docker image (3c8b583
)
-
Install locally created package when creating Docker image (
890bdee
) -
Merge pull request #100 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.2
Bump actions/setup-python from v1 to v2.1.2 (60ecc7c
)
- Bump actions/setup-python from v1 to v2.1.2
Bumps actions/setup-python from v1 to v2.1.2.
Signed-off-by: dependabot[bot] <support@github.com> (6d34eaa
)
- Merge pull request #99 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.2
Bump actions/checkout from v1 to v2.3.2 (dc2af31
)
- Bump actions/checkout from v1 to v2.3.2
Bumps actions/checkout from v1 to v2.3.2.
Signed-off-by: dependabot[bot] <support@github.com> (127e885
)
- Merge pull request #98 from davidkarlsen/dependabot
fix language definition (6cc7a17
)
-
fix language definition (
cee1611
) -
Merge pull request #97 from davidkarlsen/dependabot
Configure dependabot through config-files (003e20c
)
- Configure dependabot through config-files
Signed-off-by: David Karlsen <david@davidkarlsen.com> (36c92f7
)
- Merge pull request #96 from CycloneDX/dependabot/pip/setuptools-50.3.0
Bump setuptools from 50.1.0 to 50.3.0 (2727ff9
)
- Bump setuptools from 50.1.0 to 50.3.0
Bumps setuptools from 50.1.0 to 50.3.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (60e3547
)
-
Add additional comments/doco to the GitHub workflows (
f49bad6
) -
Merge pull request #93 from CycloneDX/dependabot/pip/setuptools-50.1.0
Bump setuptools from 18.5 to 50.1.0 (de6c3a9
)
- Bump setuptools from 18.5 to 50.1.0
Bumps setuptools from 18.5 to 50.1.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (b9dd248
)
- Merge pull request #84 from CycloneDX/dependabot/pip/packageurl-python-0.9.1
Bump packageurl-python from 0.8.7 to 0.9.1 (1434bd8
)
- Bump packageurl-python from 0.8.7 to 0.9.1
Bumps packageurl-python from 0.8.7 to 0.9.1.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (c45e7b7
)
-
Add 30 minute timeout for GitHub workflows (
47341f7
) -
Merge pull request #68 from CycloneDX/dependabot/pip/packaging-20.4
Bump packaging from 19.2 to 20.4 (9123452
)
- Bump packaging from 19.2 to 20.4
Bumps packaging from 19.2 to 20.4.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (cc0ba25
)
- Merge pull request #82 from CycloneDX/dependabot/pip/pytest-6.0.1
Bump pytest from 4.6.9 to 6.0.1 (ab1eb35
)
- Merge pull request #78 from CycloneDX/dependabot/pip/requests-2.24.0
Bump requests from 2.22.0 to 2.24.0 (ac5ab88
)
- Bump requests from 2.22.0 to 2.24.0
Bumps requests from 2.22.0 to 2.24.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (53ed092
)
- Merge pull request #89 from CycloneDX/dependabot/pip/xmlschema-1.2.3
Bump xmlschema from 1.0.16 to 1.2.3 (72cad92
)
- Bump xmlschema from 1.0.16 to 1.2.3
Bumps xmlschema from 1.0.16 to 1.2.3.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (2e0aa9f
)
-
Fix incorrect twine upload repo (
2ad67fe
) -
Feature release
- add JSON support
- include schema files in package
- code quality improvements (
74cdcaf
)
-
Remove manual release script (
927da78
) -
Add Docker image and GitHub release to workflow (
4f921a8
) -
Add docker build and push to release workflow (
7b868dc
) -
Merge branch 'master' into github-workflows (
6134a9b
) -
Merge pull request #94 from CycloneDX/github-workflows
GitHub workflow for releases (aa84147
)
-
Add release workflow (
9396ba8
) -
Remove newline from VERSION (
c67b398
) -
Run CI tests on Ubuntu, Windows and Mac agents (
eb84c46
) -
Rename pythonpackge workflow file to ci (
2137711
) -
Bump pytest from 4.6.9 to 6.0.1
Bumps pytest from 4.6.9 to 6.0.1.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (a3db165
)
- Merge pull request #63 from coderpatros/json
Support for JSON output (a71084c
)
-
Replace snapshot JSON schema with final v1.2 schema (
44ad74b
) -
Update existing tests to use CLI instead of module imports (
99430cc
) -
Add initial "preview" JSON output support (
44e0667
) -
Fix bug that can result in duplicate components being included in the BOM (
5fd04f5
) -
Refactor to use Component, Hash and License classes and rename some XML methods
This is in preparation for supporting JSON output. (3be896a
)
-
Fix path issue when debugging from virtual environment (
d208b16
) -
Git ignore files in build/ and dist/ (
d80b959
) -
Merge pull request #55 from coderpatros/tests
Add a basic happy path test (c373dad
)
-
Include xml schema files in package (
0ae93d6
) -
Merge remote-tracking branch 'refs/remotes/origin/master'
Conflicts: cyclonedx/cli/generateBom.py
Changes to generateBom.py moved to reader.py (ab307e5
)
- Merge pull request #59 from RobertMaaskant/pypi-mirror-support
Pypi mirror support (169b642
)
- Use OrderedDict for hashes to fix failing test under Python 3.5
The dictionary implementation was changed from version 3.6. This means
generated output is different under Python 3.5 (518cae9
)
-
Fixup for mirror support (
d53a5d1
) -
Fixup of bad refactoring (
af95c39
) -
Refactor + add package info mirror support (
4876f41
) -
Simplified populate_digests method (
b9c5e0a
) -
Refactor bom building (
5043e85
) -
Prevent main client from running on import (
d3ce0c7
) -
Reorder imports (
19f47b9
) -
Remove deprecated python 2.7 from build (
3791c94
) -
Add basic bom generation test (
1018f4c
) -
Make read_bom importable from cyclonedx.cli (
421258f
) -
Use script relative paths for setup.py reference files (
b06a628
) -
Add create-virtualenv.sh helper script (
cf8f68b
) -
Add .gitignore (
d07d736
) -
Added Slack badge (
f975a73
) -
Update README.rst (
c845183
) -
Update README.rst (
f089c23
) -
Update README.rst (
7cc8e37
) -
Added docker deployment on release (
6ce0123
) -
Merge pull request #46 from davidkarlsen/feature/dockerimage
Docker image. Fixes #45 (fbf1482
)
- Docker image. Fixes #45
Signed-off-by: David Karlsen <david@davidkarlsen.com> (7b06b3a
)
- bump (
0364312
)
- bump (
85b4755
)
-
call python (
0d7ceca
) -
#11 #34 - Fix for version comparison (
eeaca97
) -
Merge pull request #16 from CycloneDX/dependabot/pip/requirements-parser-0.2.0
Bump requirements-parser from 0.1.0 to 0.2.0 (5ac8aa0
)
- Bump requirements-parser from 0.1.0 to 0.2.0
Bumps requirements-parser from 0.1.0 to 0.2.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (1505aa1
)
- Merge pull request #19 from CycloneDX/dependabot/pip/packaging-19.2
Bump packaging from 19.1 to 19.2 (f4a558f
)
- Merge pull request #30 from CycloneDX/dependabot/pip/xmlschema-1.0.16
Bump xmlschema from 1.0.14 to 1.0.16 (b22762a
)
-
Merge remote-tracking branch 'origin/master' (
3dba3a4
) -
Changed lang (
b586534
) -
Merge pull request #4 from msander/patch-1
Continue with other requirements (88193b2
)
- Bump xmlschema from 1.0.14 to 1.0.16
Bumps xmlschema from 1.0.14 to 1.0.16.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (575595c
)
-
Updating release process (
2d47de4
) -
Merge pull request #29 from llamahunter/patch-1
Support requirements.txt with local files (f476f4f
)
- Support requirements.txt with local files
It's possible for the requirements.txt file to have local file listings. These do not have 'name' values, and so cause a runtime error when trying to concatenate a NoneType with a string. Test for 'local_file' requirements and skip them when generating bom.
See https://requirements-parser.readthedocs.io/en/latest/usage.html#parsing-requirement-specifiers (97d0cde
)
-
Update README.rst (
89b488b
) -
Update pythonpackage.yml (
86d1451
) -
Update pythonpackage.yml (
5db4810
) -
migrating from travis-ci to github actions (
29d989e
) -
Update README.rst (
a1aa609
) -
Update pythonpackage.yml (
1cb93bf
) -
Update pythonpackage.yml (
b9386aa
) -
Update pythonpackage.yml (
c9dc482
) -
Update pythonpackage.yml (
3416ee8
) -
bump (
e84e29f
) -
Bump packaging from 19.1 to 19.2
Bumps packaging from 19.1 to 19.2.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (99ad2cb
)
-
Fixes requirements (
79993b7
) -
Merge pull request #21 from tngraf/master
Encoding detection added (a41d616
)
-
Encoding detection added (
938374a
) -
Merge pull request #18 from TTMaZa/TTMaZa-UTF-8-CLI
Enforced UTF-8 encoding while writing bom.xml (b3944a1
)
-
Enforced UTF-8 encoding while writing bom.xml (
2478bf1
) -
Merge pull request #17 from CycloneDX/dependabot/pip/packaging-19.1
Bump packaging from 19.0 to 19.1 (cd0ff73
)
- Bump packaging from 19.0 to 19.1
Bumps packaging from 19.0 to 19.1.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (b0a2719
)
- Merge pull request #14 from CycloneDX/dependabot/pip/requests-2.22.0
Bump requests from 2.20.1 to 2.22.0 (973a89f
)
- Bump requests from 2.20.1 to 2.22.0
Bumps requests from 2.20.1 to 2.22.0.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (ad3169d
)
- Merge pull request #15 from CycloneDX/dependabot/pip/packageurl-python-0.8.7
Bump packageurl-python from 0.8.1 to 0.8.7 (324d6a0
)
- Bump packageurl-python from 0.8.1 to 0.8.7
Bumps packageurl-python from 0.8.1 to 0.8.7.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (c47b17e
)
- Merge pull request #12 from CycloneDX/dependabot/pip/xmlschema-1.0.14
Bump xmlschema from 1.0.7 to 1.0.14 (e747f9f
)
- Bump xmlschema from 1.0.7 to 1.0.14
Bumps xmlschema from 1.0.7 to 1.0.14.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (4159f7b
)
- Continue with other requirements
Currently the BOM generation breaks when a single requirement does not refer to a specific version. It would be better to continue with the other requirements. (c633e4f
)
-
Update README.rst (
b4a1dc0
) -
version bump. Added xml pretty printing (
83cbb7a
) -
Merge pull request #10 from emnetag/patch-08-19
Handle package versions not found in PyPi (5d12795
)
- Handle packages not found in PyPi
If a package version is not found in PyPi, create an entry
for that version and print a warning to the console. (2fbb145
)
-
Updating SPDX license list to v3.6 (
51a1727
) -
Adding release script (
f2a486d
) -
Added topics (
7bbc751
) -
version bump (
aa16564
) -
Updating SPDX license list to v3.5 (
ddb11b7
) -
Merge pull request #8 from rback123/patch-6
Support PEP 440 concepts like pre, post, and development versions (20d6c5d
)
-
Support PEP 440 concepts like pre, post, and development versioning schemes. (
4344b9a
) -
Merge pull request #5 from msander/patch-2
Add 'requests' requirement to install_requires (e026932
)
- Merge pull request #1 from jhermann/stdin-as-input
Support -i -
(read from stdin) (e5356ef
)
-
Add 'requests' requirement to install_requires (
625b5a3
) -
main: support '-i -' (read from stdin)
This allows to call...
pip freeze | cyclonedx-py -i - ([`e8522a6`](https://github.com/CycloneDX/cyclonedx-python/commit/e8522a679ebd11d151970c26eabf411bd232a881))
-
main: output guarded by context (
e634cb8
) -
setup: set +x flag (
4a1c0d6
) -
consolidated main (
967ca09
) -
bump (
273c3fc
) -
Moved to cli package. Fixed requirements and setup issues. Fixed issue with req not having a version when parsed. (
4624657
) -
Removed unneeded requires entry (
c857ba8
) -
corrected keywords (
7e39138
) -
corrected dependency name - version bump (
3f2cb11
) -
correcting publish (
635a329
) -
formatting (
2dc1b65
) -
formatting (
fcd2f00
) -
formatting (
fb166d0
) -
mods (
d584ef6
) -
mods (
9a524a2
) -
mods (
e4e3950
) -
Added hashes (
21d0fd0
) -
Added bom validation after generation (
273b828
) -
Added bom validation after generation (
2d82ac0
) -
Added keywords and project url (
818498a
) -
Adding Python 3.5 test (
74807e4
) -
Added bdist_wheel (
6bf71f7
) -
removed comment (
173056e
) -
headers (
128a260
) -
Updated cli args and readme (
c02b7b6
) -
Initial commit (
cc233b7
) -
Initial commit (
b9e62ba
) -
Initial commit (
57bb85f
)