Skip to content

Latest commit

 

History

History
2883 lines (1503 loc) · 124 KB

CHANGELOG.md

File metadata and controls

2883 lines (1503 loc) · 124 KB

CHANGELOG

v5.1.1 (2024-11-09)

Documentation

  • docs: fix headline structure in readme

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (74f07e1)

Fix

  • fix: schema-invalid CycloneDX when running PEP639 analysis (#828)

fixes #826


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b2595cf)

v5.1.0 (2024-10-23)

Feature

  • feat: add Python 3.13 support (#818)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f4eb79e)

v5.0.0 (2024-10-15)

Breaking

  • feat!: v5.0.0 (#797)

BREAKING Changes

  • Emitted metadata tool name is cyclonedx-py, was cyclonedx-bom.
  • Emitted metadata tools are up to non-deprecated CycloneDX specification.
  • No longer emit deprecated or undocumented properties in namespace cdx:poetry (see previous release 4.6.0 for official replacements).
    • cdx:poetry:source:package:reference
    • cdx:poetry:package:source:resolved_reference
    • cdx:poetry:package:source:vcs:requested_revision
    • cdx:poetry:package:source:vcs:commit_id

The mentioned changes are considered "breaking" for processes that relied on the respective data structures. Migration paths are self-explanatory.

Dependencies

  • Requires cyclonedx-python-lib&gt;=8.0.0,&lt;9 now, was &gt;=7.3.0,&lt;8.0.0,!=7.3.1.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (34cf6e3)

Documentation

  • docs(chaneglog): omit chore/ci/refactor/style/test/build (#813)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6707959)

v4.6.1 (2024-09-30)

Documentation

  • docs: contrib and setup hint

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ae46ff)

Fix

  • fix: help page for sub command "environment" on windows (#805)

fixes #804


Signed-off-by: Steve (Gadget) Barnes <gadgetsteve@hotmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e8a5d7)

v4.6.0 (2024-09-20)

Documentation

  • docs: reformat help page in usage docs (#788)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a1354e5)

Feature

  • feat: populate properties cdx:python:package:source:vcs:... (#790)

populate the newly added/fixed CycloneDX properties cdx:python:package:source:vcs:... in accordance with <CycloneDX/cyclonedx-property-taxonomy#96> and <CycloneDX/cyclonedx-property-taxonomy#98>.

the deprecated properties are still used, so no breaking changes exist.

fixes #789


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b08e1bb)

v4.5.1 (2024-09-18)

Documentation

  • docs: fix typo

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f9fa9e)

Fix

  • fix: assert copyright headers (#787)

utilizes flake8 plugin <https://pypi.org/project/flake8-copyright-validator/> to assert the correct headers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dddcb5d)

v4.5.0 (2024-06-10)

Documentation

  • docs: exclude dep bumps from changelog (#750)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a)

  • docs: OSSF best practice badge percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803)

Feature

  • feat: environment - gather declared license information according to PEP639 (#755)

From python environments, gather additional declared license information according to PEP 639 (improving license clarity with better package metadata).

New CLI switches for cyclonedx environment:

  • --PEP-639: Enable license gathering according to PEP 639 (improving license clarity with better package metadata). The behavior may change during the draft development of the PEP.
  • --gather-license-texts: Enable license text gathering.

In current state of implementation, --gather-license-texts has effect only if --PEP-639 is also given.


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e9cc805)

Unknown

  • Create config.yml

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (f13311b)

  • Rename feature_request.md to 1-feature_request.md

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (c4b15d8)

  • Rename bug_report.md to 2-bug_report.md

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> (58199a5)

v4.4.3 (2024-04-26)

Fix

  • fix: do not use cyclonedx-lib==7.3.1 (#729)

add regression test for #727 fixes #727


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aa715c0)

v4.4.2 (2024-04-21)

Fix

  • fix: release lates container image (#726)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0155450)

v4.4.1 (2024-04-21)

Fix

  • fix: release lates container image (#725)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8ba9d0b)

v4.4.0 (2024-04-21)

Feature

  • feat: publish to GHCR (#724)

Tee container image version of the app is also available on GitHubContainerRegistry: <https://github.com/orgs/CycloneDX/packages/container/package/cyclonedx-python>


Signed-off-by: jxdv <virgoj@protonmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: semantic-release <semantic-release@bot.local> Co-authored-by: jxdv <virgoj@protonmail.com> Co-authored-by: semantic-release <semantic-release@bot.local> (8c18484)

v4.3.0 (2024-04-20)

Feature

  • feat: improve declared licenses detection (#722)
  • Add declared licenses from License Troves if not mapped to SPDX license ID
  • CycloneDX 1.6 mark licenses as "declared"

fixes #718


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b0ae453)

v4.2.0 (2024-04-18)

Feature

  • feat: support CycloneDX 1.6 output (#720)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (639b35a)

v4.1.6 (2024-04-15)

Fix

  • fix: more resilent PEP610 parsing (#716)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (93f0184)

v4.1.5 (2024-04-11)

Fix

  • fix: docs for default of CLI switch --mc-type (#710)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a218b40)

v4.1.4 (2024-03-28)

Fix

  • fix: poetry analyzer crashed with certain optional package's version constraints (#703)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8ade6e1)

v4.1.3 (2024-03-15)

Documentation

  • docs: imprve environment use cases and examples (#690)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0d38c7b)

Fix

  • fix: declared license texts as such, not as license name (#694)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ec7ab3e)

v4.1.2 (2024-03-01)

Build

  • build: use poetry v1.8.1 (#682)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dba63b8)

v4.1.1 (2024-02-03)

Documentation

  • docs: improve example for programmatic call of CLI (#670)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2ac3f21)

Fix

  • fix: normalize package extras (#671)

ALL names of package extras are normalized, according to spec <https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization>


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4d550ad)

v4.1.0 (2024-02-02)

Feature

  • feat: support poetry multi-constraint dependencies (#668)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (50d2a4b)

Unknown

  • docs (#666)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (491e875)

v4.0.0 (2024-01-31)

Breaking

  • feat!: v4.0.0 (#605)

    Changelog

    See also the migration guide in the docs.

    • BC: Removed support for python < 3.8
    • BC: Removed deprecated shell script cyclonedx-bom; use cyclonedx-py instead
    • BC: Removed conda support. However, conda's Python environments are fully supported. See below.
    • BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
    • BC: Complete redesign of the CommandLineInterface(CLI):
      • Uses sub-commands for easy accessibility and divide in specific purposes and domains
      • Easy understandable flags, switches and options -- in accordance with the domains
      • Updated help pages, added usage examples
    • Dozens of new features and fixes, such as:
      • environment analyzer supports any Python (virtual) environment -- including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv
      • Poetry analyzer support groups, filtering, and such
      • Pipenv analyzer support categories, filtering, and such
      • requirements analyzer is feature complete and fixed
      • More details in the SBOM results (based on method)
      • PackageURLs may have more qualifiers (enabled per default, disable via --short-PURLs)
      • component properties according to official taxonomy
      • SBOM results may be validated (enabled per default, disable via --no-validate)
      • SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
      • SBOM results may have root-component populated (if pyproject provided)
      • SBOM results are more diff-friendly and not just one long line of text
      • Fixed possible issues with input data encoding
      • May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
      • Strip authentication secrets from (private) download/index URLs
      • Support CycloneDX 1.5 - which is the default now
    • Upgraded documentation, examples, ...
    • Complete rewrite from scratch
    • Dependencies were bumped, dropped, added, ...
    • QA and test suites were massively enhanced

Signed-off-by: Paul Horton <paul.horton@owasp.org> Signed-off-by: Thomas Graf <thomas.graf@siemens.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Andreas Fehlner <fehlner@arcor.de> Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> Signed-off-by: semantic-release <semantic-release> Co-authored-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Thomas Graf <thomas.graf@siemens.com> Co-authored-by: semantic-release <semantic-release> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Andreas Fehlner <fehlner@arcor.de> (6d24e65)

v3.11.7 (2023-11-03)

Fix

  • fix: toml-compatible fingers-crossed handling for failed input data decoding (#613)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fb3d7bf)

Unknown

  • 3.11.7

Automatically generated by python-semantic-release (f680a9a)

v3.11.6 (2023-11-03)

Fix

  • fix: added a fingers-crossed handling for failed input data decoding (#612)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (be55902)

Unknown

  • 3.11.6

Automatically generated by python-semantic-release (6002e0e)

v3.11.5 (2023-10-20)

Fix

  • fix: Custom input encoding (#601)

The custom input specified via CLI's -i option did not properly detect the input encoding.
This was fixed.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (363934c)

Unknown

  • 3.11.5

Automatically generated by python-semantic-release (46cd517)

v3.11.4 (2023-10-19)

Fix

  • fix: Input file encoding fallback

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0bc7296)

Unknown

  • 3.11.4

Automatically generated by python-semantic-release (70889be)

v3.11.3 (2023-10-19)

Documentation

  • docs: publish coverage (#600)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bd4f48e)

  • docs: adjust syntax hilight for code blocks (#592)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ccac31e)

  • docs: mark ShellSession in README

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (411cf3d)

Fix

  • fix: input file encoding (#596)

Input files in lock-format are expected in a certain encoding, other input file encodings are detected.

fixes #448


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9dda4b)

Unknown

  • 3.11.3

Automatically generated by python-semantic-release (02ab8cb)

  • Update usage.rst (#572)

Signed-off-by: Andreas Fehlner <fehlner@arcor.de> (04e1ea8)

v3.11.2 (2023-07-12)

Fix

  • fix: referenced branch main, instead of master (#562)

somebody renamed the master branch to main. but forgot to transition the docs.

fixed this

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (830d15c)

Unknown

  • 3.11.2

Automatically generated by python-semantic-release (614f6fa)

v3.11.1 (2023-07-12)

Fix

  • fix: fix typo in help page (#552)

it&#39;s -> its

fixes #551

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (19bf41a)

Unknown

  • 3.11.1

Automatically generated by python-semantic-release (d90b45c)

v3.11.0 (2023-02-11)

Documentation

  • docs: fix typo in CLI help page (#490) (a8a8445)

  • docs: fix typos (#482)

  • Fix typo

Signed-off-by: Thomas Beutlich <thomas.beutlich@neocx.de> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (edbe3d4)

  • docs: fix shields (#473)

caused by badges/shields#8671

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e32b288)

Feature

  • feat: deprecated CLI command cyclonedx-bom prints deprecation warning on STDERR before execution (#489)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2009236)

Unknown

  • 3.11.0

Automatically generated by python-semantic-release (fe5ea31)

v3.10.1 (2022-12-15)

Documentation

  • docs: improve CONTRIBUTION instructions - sign-off step (#470)

Signed-off-by: Roland Weber <rolweber@de.ibm.com> (578c0a8)

Fix

  • fix: PURL for PyPI packages from 'conda list' have the correct format now (#471)

Signed-off-by: Roland Weber <rolweber@de.ibm.com> (1573064)

Unknown

  • 3.10.1

Automatically generated by python-semantic-release (7b44aea)

v3.10.0 (2022-12-13)

Feature

  • feat: add support for poetry lock format v2.0 (#469)

Signed-off-by: tewfik-ghariani <tewfik.ghariani@1und1.de> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: tewfik-ghariani <tewfik.ghariani@1und1.de> (0b1e07f)

Unknown

  • 3.10.0

Automatically generated by python-semantic-release (2501bed)

v3.9.0 (2022-12-13)

Feature

  • feat: parsers can outbut more debug messages (#466)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9eedb4f)

Unknown

  • 3.9.0

Automatically generated by python-semantic-release (895f597)

v3.8.0 (2022-12-12)

Feature

  • feat: error- and debug-output is send to STDERR, instead of STDOUT (#465)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f543b69)

Unknown

  • 3.8.0

Automatically generated by python-semantic-release (24c4163)

v3.7.4 (2022-12-12)

Fix

  • fix: ignore broken licenses in env parser (#463)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3118acd)

Unknown

  • 3.7.4

Automatically generated by python-semantic-release (de188b8)

v3.7.3 (2022-12-11)

Fix

  • fix: adjust dependency pip-requirements-parser to a working version (#450)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6101986)

Unknown

  • 3.7.3

Automatically generated by python-semantic-release (d425005)

v3.7.2 (2022-11-15)

Fix

  • fix: add a missing space in the help pages pathto -> path to (#443)

  • docs: fix typo pathto -> path to

  • fix(help): added the missing space pathto -> path to

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bc5fe57)

Unknown

  • 3.7.2

Automatically generated by python-semantic-release (7aff239)

v3.7.1 (2022-11-10)

Fix

  • fix(EnvironmentParser): reduced crashes if no Classifiers are found (#441)

fixes #440

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (67f56e7)

Unknown

  • 3.7.1

Automatically generated by python-semantic-release (b2a97e0)

v3.7.0 (2022-11-10)

Feature

  • feat: pass purl-bom-ref to EnvironmentParser (#432)

Signed-off-by: a1lu <github.foreshoe@slmail.me> (7cfefeb)

Unknown

  • 3.7.0

Automatically generated by python-semantic-release (8c9a65a)

v3.6.4 (2022-11-10)

Fix

  • fix(EnvironmentParser): remove code break when classifier parsing in py>=3.8 (#431)

Signed-off-by: a1lu <github.foreshoe@slmail.me> (4ab075e)

Unknown

  • 3.6.4

Automatically generated by python-semantic-release (f718356)

v3.6.3 (2022-09-19)

Fix

  • fix: CI release pipeline

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (99ccdc6)

Unknown

  • 3.6.3

Automatically generated by python-semantic-release (ddea61e)

v3.6.2 (2022-09-19)

Fix

  • fix: CI release pipeline

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6515071)

Unknown

  • 3.6.2

Automatically generated by python-semantic-release (0a8f8ff)

v3.6.1 (2022-09-19)

Fix

  • fix: properly declare licenses from environment (#417)

use named licenses instead of license expressions.

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (25f9e29)

Unknown

  • 3.6.1

Automatically generated by python-semantic-release (89c262a)

v3.6.0 (2022-09-16)

Documentation

  • docs: describe cyclonedx-py rather than cyclonedx-bom

fixes #414

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c04196e)

  • docs: Minor updates to poetry usage details & contributing.md (#407)

  • docs: fix minor typo in poetry usage docs

  • docs: update commit flag in contribution guidelines

Signed-off-by: Emily Schultz <emilyschultz16@gmail.com> (0abe230)

Feature

  • feat: enable dependency cyclonedx-python-lib@^3 (#418)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (05cd51e)

Unknown

  • 3.6.0

Automatically generated by python-semantic-release (049a5b3)

  • Merge pull request #415 from CycloneDX/docs_cyclonedx-py

docs: describe command line usages as cyclonedx-py rather than cyclonedx-bom #414 (348f689)

v3.5.0 (2022-06-27)

Feature

  • feat: optionally force bom_ref to be purl rather that the default random UUID format - thanks @RodneyRichardson

Merge pull request #361 from RodneyRichardson/use-explicit-bom-ref (9659d08)

Unknown

  • 3.5.0

Automatically generated by python-semantic-release (d5465ec)

  • Update README.md with purl-bom-ref parameter.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (b9b3a01)

  • Add CLI option to use purl as bom-ref.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (d609ec3)

  • Remove unnecessary str() cast.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (b1f9895)

  • Merge branch 'CycloneDX:master' into use-explicit-bom-ref (23d10bf)

  • Merge branch 'master' into use-explicit-bom-ref (f89f706)

  • chore: Bump cyclonedx-python-lib from 2.4.0 to 2.5.2 (#373)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9bbe5e)

v3.4.0 (2022-06-16)

Feature

  • feat: Update purl to match specification when ingesting packages from Conda - thanks to @RodneyRichardson (072c8f1)

Unknown

  • 3.4.0

Automatically generated by python-semantic-release (cf7c625)

  • Merge branch 'master' into fix-conda-purl (2999022)

v3.3.0 (2022-06-16)

Feature

  • feat: Add Conda MD5 hash to Component.hashes, if available - thanks @RodneyRichardson (772c517)

Unknown

  • 3.3.0

Automatically generated by python-semantic-release (b028c2b)

  • Merge branch 'master' into fix-conda-purl (cf4a5e4)

  • Merge branch 'master' into add-conda-hash (95c6893)

  • Merge branch 'master' into use-explicit-bom-ref

Conflicts:

tests/test_parser_requirements.py

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (d5d0160)

  • Ignore missing typing for packageurl

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (5ac29c5)

  • Explicitly cast package_format to str.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (31d5daf)

  • Cast md5_hash to str

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (51afacf)

  • Fix sonatype-lift warning.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (5e60fac)

  • Add Conda MD5 hash to Component.hashes, if available

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (54c33b5)

  • Update Conda purl to match specification

Add conda_package_to_purl() utility function Add package_format field to CondaPackage purl specification can be found here: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#conda

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (e392cbc)

  • Merge branch 'CycloneDX:master' into use-explicit-bom-ref (c99d993)

v3.2.2 (2022-06-02)

Fix

  • fix: add actively used (transitive) dependencies (#363)

  • ci: add test with lowest dependencies

  • fix: have some typings corrected

  • fix: add actively used (transitive) dependencies

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1f45ad9)

Unknown

  • 3.2.2

Automatically generated by python-semantic-release (f3f40c8)

  • Use purl.to_string() as default bom_ref for Components.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (0c8dd60)

  • Merge pull request #348 from sleightsec/include-pipenv-hashes-without-index-attribute

fix: remove check for index==pypi which causes hashes to be excluded from the resultant BOM when using PipEnv Parser (ae537fb)

  • correct test for dependencies with hashes and no index attribute in pipenv

Signed-off-by: sleightsec <69399725+sleightsec@users.noreply.github.com> (b9ab033)

  • #347 - remove index=pypi attribute requirement for pipenv hash inclusion

Signed-off-by: sleightsec <69399725+sleightsec@users.noreply.github.com> (65bf318)

v3.2.1 (2022-04-05)

Unknown

  • 3.2.1

Automatically generated by python-semantic-release (092bdf2)

  • Merge pull request #338 from CycloneDX/bugfix/json-format-default-file

fix: cli default file name for json format (929e26d)

v3.2.0 (2022-04-05)

Fix

  • fix: cli default file for json format

fixes #337

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8747620)

Unknown

  • 3.2.0

Automatically generated by python-semantic-release (eb054b0)

  • Merge pull request #326 from CycloneDX/callable-module

feat: make package/module callable (193f1a4)

v3.1.1 (2022-03-21)

Documentation

  • docs: describe methods to call the tool

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2bac83a)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fc4b8e4)

  • docs: add hint for RTFD to README

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cf4f534)

  • docs: add RTFD shield to README

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7fef6ee)

  • docs: fixed link to RTFD

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3a8669a)

Feature

  • feat: make module callable

fixes #321

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5b3d8d7)

Fix

  • fix(conda-parser): version recognition for strings (#332)

conda packacge string parser no longer raises unexpected errors, if the build-number is non-numeric. fixes #331

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (65246dd)

Unknown

  • 3.1.1

Automatically generated by python-semantic-release (f5d7943)

  • Merge pull request #328 from CycloneDX/docs-hint-to-rtd

docs: add and fix hint to rtfd (3b3477b)

v3.1.0 (2022-03-10)

Documentation

  • docs: update RequirementsFileParser docs to include nested file support

Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (9e9021d)

Feature

  • feat: Add pip-requirements-parser and update virtualenv to latest version

Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (73b2182)

Fix

  • fix: sort imports

Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (fdec44b)

  • fix: Try to fix the temp file issue on Windows machines

Signed-off-by: Mostafa Moradian <mostafamoradian0@gmail.com> (684d4f0)

Unknown

  • 3.1.0

Automatically generated by python-semantic-release (92b21f7)

  • Merge pull request #327 from mostafa/feat/parse-requirements-txt-with-locally-referenced-packages

feat: Change requirements parser (f973c91)

  • Merge pull request #320 from CycloneDX/sort-imports

style: sort imports (a527e0d)

v3.0.0 (2022-02-21)

Breaking

  • feat: bump to latest cyclonedx-python-lib

BREAKING CHANGE: Default Schema Version has been replaced by notion of LATEST supported Schema Version

Signed-off-by: Paul Horton <paul.horton@owasp.org> (5902fbf)

Feature

  • feat: added marker and classifiers to denote this as typed (#313)

Signed-off-by: Paul Horton <paul.horton@owasp.org> (f317353)

  • feat: update to latest RC of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (6c8b517)

  • feat: update to latest RC of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (bc8ee6b)

Unknown

  • 3.0.0

Automatically generated by python-semantic-release (f7ca95c)

  • Merge pull request #316 from CycloneDX/feat/update-lib-2.0.x

feat: bump to latest cyclonedx-python-lib

feat: Added marker and classifiers to denote this as typed (#313)

BREAKING CHANGE: bump to latest cyclonedx-python-lib (4700399)

  • 2.1.0

Automatically generated by python-semantic-release (cc848f7)

  • Merge pull request #311 from CycloneDX/feat/update-lib-2.0.x

BREAKING CHANGE: update to latest RC of cyclonedx-python-lib (3cb14e0)

  • bumped to latest RC of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (e193521)

  • updated tests to be more Pythonic

Signed-off-by: Paul Horton <paul.horton@owasp.org> (891cf3e)

  • bumped to latest RC of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (54db3cd)

  • bump cyclonedx-python-lib rc

Signed-off-by: Paul Horton <paul.horton@owasp.org> (a4795ed)

  • BREAKING CHANGE: update so default schema version is 1.4

Signed-off-by: Paul Horton <paul.horton@owasp.org> (689e7e9)

v2.0.3 (2022-02-03)

Fix

  • fix: docker image releae checkout ref w/o tags (#309)

fixes #308

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5d8b1e1)

Unknown

  • 2.0.3

Automatically generated by python-semantic-release (8379712)

v2.0.2 (2022-02-03)

Fix

  • fix: properly support reading from stdin (#307)

  • Adjust cli when reading from stdin.

Bind reading from stdin on specifying -i -. This is part of argparse.FileType.

Local tests under the following conditions:

  • implicit reading poetry.lock using args -p -o -
  • explicit reading poetry.lock using args -p -i poetry.lock -o -
  • explicit reading poetry.lock file after renaming using cat p.lock | python -m cyclonedx_py.client -p -i - -o -

Signed-off-by: Theodor van Nahl <theo@van-nahl.org> (23f31a0)

Unknown

  • 2.0.2

Automatically generated by python-semantic-release (916951a)

  • Update CONTRIBUTING.md

link to pep8 (4f87341)

v2.0.1 (2022-01-24)

Fix

  • fix: bump dependencies to get latest cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (87c3fe7)

Unknown

  • 2.0.1

Automatically generated by python-semantic-release (a4a4c42)

v2.0.0 (2022-01-13)

Documentation

  • docs: readme maintenance - shields & links (#266)

  • README: added typehint to the vode blocks

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • README: fixed fenced-code and lists

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • README: shields got modernixed and linked

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • README: harmonized links

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a34046f)

Feature

  • feat: add support for CycloneDX 1.4 specification (#294)

  • feat: add support for output to CycloneDX 1.4 (draft) feat: Error with return code 2 if attempting to output in JSON and SchemaVersion < 1.2 test: Multiple tests added

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • fix: addressed flake8 issues fix: added missing bump to dependencies

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • fix: corrected import

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • ci: removed poetry cache as broken?

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • bump to latest RC for cyclonedx-python-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • doc: migration to RTD (#296)

  • doc: migration to RTD.

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • doc: removed references to schema version 1.4

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • doc: updates to include schema version

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • doc: cleanup

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • feat: BREAKING CHANGE - relocated concrete parsers (#299) BREAKING CHANGE Concrete Parsers now reside in this project, not cyclonedx-python-lib

  • re-located tests for Utils

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • feat: BREAKING CHANGE - relocated concrete parsers from cyclonedx-python-lib doc: updated to reflect breaking changes dod: added changelog

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • feat: BREAKING CHANGE - relocated concrete parsers from cyclonedx-python-lib doc: updated to reflect breaking changes dod: added changelog

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • chore: removed schema validation from unit tests as this is performed in upstream library cyclonedx-python-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • chore: removed schema validation from unit tests as this is performed in upstream library cyclonedx-python-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • chore: add pre-release manual GH workflow

Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • chore: bump to latest RC of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • added purl into Components output by parsers

Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • Ignore type for packageurl imports

Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • doc: corrected project title

Signed-off-by: Paul Horton <paul.horton@owasp.org>

  • chore: bump to released version of cyclonedx-python-lib

Signed-off-by: Paul Horton <paul.horton@owasp.org> (7bb6d32)

Unknown

  • 1.6.0

Automatically generated by python-semantic-release (958af1a)

  • doc: migration to RTD (#296)

  • doc: migration to RTD.

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • doc: removed references to schema version 1.4

Signed-off-by: Paul Horton <phorton@sonatype.com> (1744f4d)

  • Update CONTRIBUTING.md (1175c84)

  • Merge pull request #279 from CycloneDX/contributing-file

initial CONTRIBUTING file (73fcd78)

  • initial CONTRIBUTING file

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (104d223)

  • gh-action: docker test build

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3b92b00)

  • rename python ci workflow

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b1f57fb)

  • CHORE: gh-action release use org's secrets

as part of #271 (71d1c47)

  • gh-action release use org's secrets

as of #271

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (80a6e68)

  • CHORE: build(deps-dev): Bump coverage from 6.1.2 to 6.2

build(deps-dev): Bump coverage from 6.1.2 to 6.2 (36dd7bd)

  • CHORE: build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 (c7a5fd0)

  • DOCS: fix README shield labels (7291d06)

v1.5.3 (2021-11-23)

Fix

  • fix: revert to previous process for building Docker image as PyPi index update is too slow to pull straight away after publish

Signed-off-by: Paul Horton <phorton@sonatype.com> (67bb738)

Unknown

  • 1.5.3

Automatically generated by python-semantic-release (ce33cf0)

  • Merge branch 'master' of github.com:CycloneDX/cyclonedx-python (186bdda)

v1.5.2 (2021-11-23)

Fix

  • fix: corrected docker image build process to not rely on dist folder which is cleaned up by python-semantic-release

Signed-off-by: Paul Horton <phorton@sonatype.com> (6c65c11)

Unknown

  • 1.5.2

Automatically generated by python-semantic-release (7586867)

v1.5.1 (2021-11-23)

Fix

  • fix: Re-enable build and publish of Docker Image (#263)

  • fix: update Dockerfile to use Python 3.10

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • ci: renable publishing of Docker Images

Signed-off-by: Paul Horton <phorton@sonatype.com> (478360d)

Unknown

  • 1.5.1

Automatically generated by python-semantic-release (dd31888)

v1.5.0 (2021-11-17)

Feature

  • feat: support for Python 3.10 (#261)

  • enabled py3.10 tests in CI

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • add py-version classifiers

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f4f9ffe)

Unknown

  • 1.5.0

Automatically generated by python-semantic-release (31fdd93)

v1.4.3 (2021-11-16)

Fix

  • fix: add static code analysis, better typing and bump cyclonedx-python-lib to 0.11

Signed-off-by: Paul Horton <phorton@sonatype.com> (d5d9f56)

Unknown

  • 1.4.3

Automatically generated by python-semantic-release (8050477)

  • FIX: add static code analysis, better typing and bump to cyclonedx-python-lib >= 0.11.0

  • fixed some tox issues

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • add more QA

bumped cyclonedx-python-lib to the version that opened type-checks added QA tools: mypy, flake8-annotations, flake8-bugbear

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • gitignore alternative paths of venv

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • gh-action CI no longer failes fast

this allowes to run all tests, regardless of failes in parallel tests of the matrix

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • add missing return types

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • make mypy pass

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • tests dont run subprocesses in the shell

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • unittest run in verbose mode

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • fix windows tox run

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

  • make tests a module

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3080b57)

v1.4.2 (2021-11-12)

Fix

  • fix: if no input file is supplied and no input is provided on STDIN, we will now try to automatically locate (in the current working directory) a manifest with default name for the input type specified. This works for PIP (Pipfile.lock), Poetry (poetry.lock) and Requirements (requirements.txt)

Signed-off-by: Paul Horton <phorton@sonatype.com> (93f9e59)

Unknown

  • 1.4.2

Automatically generated by python-semantic-release (e39ebd3)

  • Merge pull request #257 from CycloneDX/fix/256-no-default-file-when-no-input-on-stdin

FIX: Fallback to default manifest names in current directory when no -i supplied and nothing piped in via STDIN (c0f0766)

  • doc: updated documentation

Signed-off-by: Paul Horton <phorton@sonatype.com> (47612e6)

  • typo corrected

Signed-off-by: Paul Horton <phorton@sonatype.com> (4949a0d)

  • Merge pull request #255 from CycloneDX/dependabot/pip/coverage-6.1.2

build(deps-dev): Bump coverage from 6.1.1 to 6.1.2 (6924dac)

  • Merge pull request #252 from jkowalleck/patch-1

Create CODEOWNERS (b64c707)

  • run github "CI" on commits to master (00532dd)

  • Merge pull request #251 from CycloneDX/dependabot/pip/coverage-6.1.1

build(deps-dev): Bump coverage from 5.5 to 6.1.1 (525ee0e)

  • Create CODEOWNERS

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a29525a)

v1.4.1 (2021-10-26)

Fix

  • fix: corrected documentation after deprecation of -rf, -pf, --poetry-file, --requirements-file and --pip-file doc: updated documentation to clarify there is a single input parameter: -i

Signed-off-by: Paul Horton <phorton@sonatype.com> (4c4c8d8)

Unknown

  • 1.4.1

Automatically generated by python-semantic-release (8f525f2)

v1.4.0 (2021-10-21)

Feature

  • feat: add conda support (bump cyclonedx-python-lib to ^0.10.0)

Signed-off-by: Paul Horton <phorton@sonatype.com> (cb24275)

Fix

  • fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.2)

Signed-off-by: Paul Horton <phorton@sonatype.com> (da6772b)

  • fix: encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.1)

Signed-off-by: Paul Horton <phorton@sonatype.com> (fe5df36)

Unknown

  • 1.4.0

Automatically generated by python-semantic-release (564076b)

  • Merge pull request #247 from CycloneDX/feat/conda-support

FEATURE: Add Conda Support (c3709af)

  • fixed some tests

Signed-off-by: Paul Horton <phorton@sonatype.com> (002b31d)

v1.3.1 (2021-10-19)

Fix

  • fix: bump to cyclonedx-python-lib to resolve issue #244

Signed-off-by: Paul Horton <phorton@sonatype.com> (ebea3ef)

Unknown

  • 1.3.1

Automatically generated by python-semantic-release (a030392)

  • Merge pull request #246 from CycloneDX/feat/add-basic-license-support

fix: bump to cyclonedx-python-lib to resolve issue #244 (d831254)

v1.3.0 (2021-10-19)

Feature

  • feat: add license information in CycloneDX BOM when using Environment as the source

Signed-off-by: Paul Horton <phorton@sonatype.com> (5d1f9a7)

Unknown

  • 1.3.0

Automatically generated by python-semantic-release (8d01377)

  • Merge pull request #245 from CycloneDX/feat/add-basic-license-support

Add license information in CycloneDX BOM when using Environment as the source (26f2500)

v1.2.0 (2021-10-12)

Feature

  • feat: update to latest stable cyclonedx-python-lib
  • Enables PipEnv support natively
  • Vast improvements to quality and information contained in the genereated CycloneDX BOM documents - see cyclonedx-python-lib for details
  • Various old files removes

Signed-off-by: Paul Horton <phorton@sonatype.com> (6145bd5)

Unknown

  • 1.2.0

Automatically generated by python-semantic-release (1e46b3d)

  • Merge pull request #243 from CycloneDX/feat/bump-cyclonedx-lib-0.8.x

Update to latest stable cyclonedx-python-lib (68f7daa)

v1.1.0 (2021-10-04)

Feature

  • feat: add support for generating SBOM from poetry.lock files

Signed-off-by: Paul Horton <phorton@sonatype.com> (bb4ac0f)

Unknown

  • 1.1.0

Automatically generated by python-semantic-release (ca992f2)

v1.0.5 (2021-09-27)

Fix

  • fix: handle requirements.txt which contain dependencies without a version statement and warn that they cannot be included in the resulting CycloneDX BOM

Signed-off-by: Paul Horton <phorton@sonatype.com> (e637e56)

Unknown

  • 1.0.5

Automatically generated by python-semantic-release (5523909)

  • Merge pull request #236 from CycloneDX/enhancement/issue-235-requirements-unpinned-versions

fix: handle requirements.txt which contain dependencies without a v… (f57ab1a)

v1.0.4 (2021-09-27)

Fix

  • fix: error message when requirements.txt file is non-existent updated

Signed-off-by: Paul Horton <phorton@sonatype.com> (3bbc071)

Unknown

  • 1.0.4

Automatically generated by python-semantic-release (c8b00bc)

  • Merge pull request #234 from CycloneDX/enhancement/issue-232-error-message

fix: error message when requirements.txt file is non-existent updated (2e6acee)

v1.0.3 (2021-09-27)

Build

  • build: added flake8 as dev dependency

Signed-off-by: Paul Horton <phorton@sonatype.com> (a8fed84)

  • build: updated all dependencies

Signed-off-by: Paul Horton <phorton@sonatype.com> (616b949)

Fix

  • fix: default to "requirements.txt" in current directory when "-r" flag is supplied but not "-rf" flag is supplied

Signed-off-by: Paul Horton <phorton@sonatype.com> (bb7e30a)

Unknown

  • 1.0.3

Automatically generated by python-semantic-release (f3522b9)

  • Merge pull request #233 from CycloneDX/fix/issue-230-hang-with-no-rf-flag

Fix for hang when no -rf flag supplied with -r flag (651b35f)

  • Merge pull request #229 from madpah/fix/bump-dependencies

build: updated all dependencies (5587777)

v1.0.2 (2021-09-13)

Fix

Unknown

  • 1.0.2

Automatically generated by python-semantic-release (5d077a2)

v1.0.1 (2021-09-13)

Fix

  • fix(ci): corrected main to master branch.

Signed-off-by: Paul Horton <phorton@sonatype.com> (7162cd9)

Unknown

  • 1.0.1

Automatically generated by python-semantic-release (9af491d)

  • Merged in master. (95b89a7)

  • fix(ci) - bumped release workflow to run on Python 3.9 which is supported.

Signed-off-by: Paul Horton <phorton@sonatype.com> (fd7cd8c)

  • Merge pull request #221 from madpah/feature/migrate-to-cyclonedx-python-lib

Migration to new cyclonedx-python-lib for SBOM generation (3b1a13c)

  • Corrected Development Status classifier.

Signed-off-by: Paul Horton <phorton@sonatype.com> (0263610)

  • Removed Python 3.5, added 3.8, 3.9 support in GitLab CI.

Signed-off-by: Paul Horton <phorton@sonatype.com> (9ecb7b8)

  • Addressed issues reported by flake8..

Signed-off-by: Paul Horton <phorton@sonatype.com> (177a99f)

  • Updated documentation.

Signed-off-by: Paul Horton <phorton@sonatype.com> (ef76b4d)

  • Started rewrite of tests.

Signed-off-by: Paul Horton <phorton@sonatype.com> (914463b)

  • Fixed a few things:
  • Was defaulting to Environment incorrectly
  • Output to STDOUT also output to a file named '-'
  • Now support data from STDIN

Signed-off-by: Paul Horton <phorton@sonatype.com> (4a47efb)

  • Moved from local cyclonedx-python-lib dependency to published version on PyPi.

Signed-off-by: Paul Horton <phorton@sonatype.com> (3ac87a6)

  • Re-work to consume new cyclonedx python library which will do all the heavy lifting.

Signed-off-by: Paul Horton <phorton@sonatype.com> (25f89fd)

  • Merge pull request #190 from CycloneDX/dependabot/github_actions/actions/setup-python-2.2.2 (f5a0946)

  • Merge pull request #191 from CycloneDX/dependabot/github_actions/actions/upload-release-asset-1.0.2 (caac584)

  • Merge pull request #192 from CycloneDX/dependabot/github_actions/actions/create-release-1.1.4

Bump actions/create-release from 1 to 1.1.4 (33e47b0)

  • Merge pull request #202 from CycloneDX/dependabot/docker/python-3.9.6-slim-buster

Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster (c859cb7)

  • Merge pull request #206 from mgrajesh1/issue_205_pypi_connect_using_proxy

Issue# 205. Use HTTPS_PROXY if env is set (f5108c4)

  • Updating copyright statements (18e206e)

  • Issue# 205. Use HTTPS_PROXY if env is set

Signed-off-by: akshadpai <akshadpai01@gmail.com> (4fb8714)

  • Bump python from 3.9.5-slim-buster to 3.9.6-slim-buster

Bumps python from 3.9.5-slim-buster to 3.9.6-slim-buster.


updated-dependencies:

  • dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] <support@github.com> (ecd0fba)

  • Added notice and updated file headers (0f4ff74)

  • Bump actions/create-release from 1 to 1.1.4

Bumps actions/create-release from 1 to 1.1.4.

Signed-off-by: dependabot[bot] <support@github.com> (6371988)

  • Bump actions/upload-release-asset from 1 to 1.0.2

Bumps actions/upload-release-asset from 1 to 1.0.2.

Signed-off-by: dependabot[bot] <support@github.com> (50cfad3)

  • Bump actions/setup-python from 2.2.1 to 2.2.2

Bumps actions/setup-python from 2.2.1 to 2.2.2.

Signed-off-by: dependabot[bot] <support@github.com> (dbca5da)

  • Merge pull request #186 from CycloneDX/dependabot/docker/python-3.9.5-slim-buster

Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster (3cd645a)

  • Bump python from 3.9.2-slim-buster to 3.9.5-slim-buster

Bumps python from 3.9.2-slim-buster to 3.9.5-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (657b1ff)

  • Merge pull request #173 from CycloneDX/dependabot/pip/packageurl-python-0.9.4

Bump packageurl-python from 0.9.3 to 0.9.4 (1615d91)

  • Merge pull request #165 from CycloneDX/dependabot/docker/python-3.9.2-slim-buster

Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster (4a33cf1)

  • Bump packageurl-python from 0.9.3 to 0.9.4

Bumps packageurl-python from 0.9.3 to 0.9.4.

Signed-off-by: dependabot[bot] <support@github.com> (7f153fa)

  • Merge pull request #161 from CycloneDX/dependabot/pip/packaging-20.9

Bump packaging from 20.7 to 20.9 (57a0b16)

  • Bump python from 3.9.1-slim-buster to 3.9.2-slim-buster

Bumps python from 3.9.1-slim-buster to 3.9.2-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (fba5248)

  • Bump packaging from 20.7 to 20.9

Bumps packaging from 20.7 to 20.9.

Signed-off-by: dependabot[bot] <support@github.com> (240847f)

  • Merge pull request #149 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.1

Bump actions/setup-python from v2.2.0 to v2.2.1 (5eb87ee)

  • Bump actions/setup-python from v2.2.0 to v2.2.1

Bumps actions/setup-python from v2.2.0 to v2.2.1.

Signed-off-by: dependabot[bot] <support@github.com> (3c9eaae)

  • Merge pull request #147 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.2.0

Bump actions/setup-python from v2.1.4 to v2.2.0 (a31103e)

  • Bump actions/setup-python from v2.1.4 to v2.2.0

Bumps actions/setup-python from v2.1.4 to v2.2.0.

Signed-off-by: dependabot[bot] <support@github.com> (89dacb0)

  • Merge pull request #142 from CycloneDX/dependabot/docker/python-3.9.1-slim-buster

Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster (2f1f5ba)

  • Bump python from 3.9.0-slim-buster to 3.9.1-slim-buster

Bumps python from 3.9.0-slim-buster to 3.9.1-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (37eaf19)

v0.4.3 (2020-12-05)

Unknown

  • Bug fix release - invalid XML character handling (0d5c01e)

  • Merge pull request #140 from CycloneDX/invalid-xml-characters

Fix for invalid xml characters (8de9c16)

  • Re-order test data (c8fa641)

  • Add handling for invalid xml characters (228af8d)

  • Add test for invalid xml unicode characters (56bbb40)

  • Merge pull request #138 from CycloneDX/dependabot/pip/packaging-20.7

Bump packaging from 20.4 to 20.7 (ca4cf86)

  • Bump packaging from 20.4 to 20.7

Bumps packaging from 20.4 to 20.7.

Signed-off-by: dependabot[bot] <support@github.com> (0ce786c)

  • Merge pull request #137 from CycloneDX/dependabot/pip/requests-2.25.0

Bump requests from 2.24.0 to 2.25.0 (e943788)

  • Bump requests from 2.24.0 to 2.25.0

Bumps requests from 2.24.0 to 2.25.0.

Signed-off-by: dependabot[bot] <support@github.com> (5b22ddf)

  • Merge pull request #134 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.4

Bump actions/checkout from v2.3.3 to v2.3.4 (85bb4fc)

  • Bump actions/checkout from v2.3.3 to v2.3.4

Bumps actions/checkout from v2.3.3 to v2.3.4.

Signed-off-by: dependabot[bot] <support@github.com> (22b9305)

  • Merge pull request #132 from CycloneDX/dependabot/pip/setuptools-50.3.2

Bump setuptools from 50.3.1 to 50.3.2 (d01d920)

  • Bump setuptools from 50.3.1 to 50.3.2

Bumps setuptools from 50.3.1 to 50.3.2.

Signed-off-by: dependabot[bot] <support@github.com> (e2df914)

  • Merge pull request #133 from CycloneDX/dependabot/pip/pytest-6.1.2

Bump pytest from 6.1.1 to 6.1.2 (140a00a)

  • Bump pytest from 6.1.1 to 6.1.2

Bumps pytest from 6.1.1 to 6.1.2.

Signed-off-by: dependabot[bot] <support@github.com> (bf5267d)

  • Merge pull request #127 from CycloneDX/dependabot/pip/setuptools-50.3.1

Bump setuptools from 50.3.0 to 50.3.1 (bb69861)

  • Merge pull request #128 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.4

Bump actions/setup-python from v2.1.3 to v2.1.4 (de9da36)

  • Bump actions/setup-python from v2.1.3 to v2.1.4

Bumps actions/setup-python from v2.1.3 to v2.1.4.

Signed-off-by: dependabot[bot] <support@github.com> (765d9d1)

  • Bump setuptools from 50.3.0 to 50.3.1

Bumps setuptools from 50.3.0 to 50.3.1.

Signed-off-by: dependabot[bot] <support@github.com> (162d7ea)

  • Merge pull request #126 from CycloneDX/devcontainer

Add devcontainer configuration (859e9a4)

  • Add devcontainer configuration (b9c34a6)

  • Merge pull request #118 from c0d3nh4ck/master

Added support for metadata timestamp (d954df8)

  • check for metadata to be empty (180f207)

v0.4.2 (2020-10-08)

Unknown

  • Maintenance release (308f98e)

  • Merge pull request #121 from CycloneDX/dependabot/docker/python-3.9.0-slim-buster

Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster (7703a52)

  • Merge pull request #120 from CycloneDX/dependabot/pip/packageurl-python-0.9.3

Bump packageurl-python from 0.9.2 to 0.9.3 (257fa2b)

  • Bump python from 3.8.6-slim-buster to 3.9.0-slim-buster

Bumps python from 3.8.6-slim-buster to 3.9.0-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (bf938c9)

  • Bump packageurl-python from 0.9.2 to 0.9.3

Bumps packageurl-python from 0.9.2 to 0.9.3.

Signed-off-by: dependabot[bot] <support@github.com> (1a7d36b)

  • Merge pull request #119 from CycloneDX/dependabot/pip/pytest-6.1.1

Bump pytest from 6.1.0 to 6.1.1 (202f029)

  • Bump pytest from 6.1.0 to 6.1.1

Bumps pytest from 6.1.0 to 6.1.1.

Signed-off-by: dependabot[bot] <support@github.com> (005f85f)

  • update for the xml part to convert metadata to dictionary object (d31e8b2)

  • updated metadata to dictionary from list (deebd3d)

  • Added code to check for metadata value (a3497fd)

  • added default value for metadata as None (86641b6)

  • Added support for metadata timestamp (27eb3e5)

  • Merge pull request #116 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.3

Bump actions/setup-python from v2.1.2 to v2.1.3 (e7c1cd9)

  • Bump actions/setup-python from v2.1.2 to v2.1.3

Bumps actions/setup-python from v2.1.2 to v2.1.3.

Signed-off-by: dependabot[bot] <support@github.com> (648ab6f)

  • Merge pull request #112 from CycloneDX/dependabot/pip/xmlschema-1.2.5

Bump xmlschema from 1.2.4 to 1.2.5 (9f22abf)

  • Merge pull request #113 from CycloneDX/dependabot/pip/pytest-6.1.0

Bump pytest from 6.0.1 to 6.1.0 (5801185)

  • Merge pull request #115 from praveenmylavarapu/make-component-generic

Make component type generic (584e929)

  • Merge pull request #114 from praveenmylavarapu/remove-duplicate

remove duplicate function call (7ad5892)

  • Make component type generic (4a2d220)

  • remove duplicate function call (df6d6d0)

  • Bump pytest from 6.0.1 to 6.1.0

Bumps pytest from 6.0.1 to 6.1.0.

Signed-off-by: dependabot[bot] <support@github.com> (f8ffeeb)

  • Bump xmlschema from 1.2.4 to 1.2.5

Bumps xmlschema from 1.2.4 to 1.2.5.

Signed-off-by: dependabot[bot] <support@github.com> (8f94c58)

  • Revert "Bump pytest from 6.0.1 to 6.0.2"

This reverts commit 986d2ef737e051be04203b14ee5d11b26b00edb7. (528341a)

  • Merge pull request #108 from CycloneDX/dependabot/pip/pytest-6.0.2

Bump pytest from 6.0.1 to 6.0.2 (feed962)

  • Bump pytest from 6.0.1 to 6.0.2

Bumps pytest from 6.0.1 to 6.0.2.

Signed-off-by: dependabot[bot] <support@github.com> (986d2ef)

  • Merge pull request #109 from CycloneDX/dependabot/pip/packageurl-python-0.9.2

Bump packageurl-python from 0.9.1 to 0.9.2 (bfa1db6)

  • Bump packageurl-python from 0.9.1 to 0.9.2

Bumps packageurl-python from 0.9.1 to 0.9.2.

Signed-off-by: dependabot[bot] <support@github.com> (a2a3596)

  • Merge pull request #107 from CycloneDX/dependabot/pip/xmlschema-1.2.4

Bump xmlschema from 1.2.3 to 1.2.4 (c58a756)

  • Merge pull request #111 from CycloneDX/dependabot/docker/python-3.8.6-slim-buster

Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster (00eccf6)

  • Bump python from 3.8.5-slim-buster to 3.8.6-slim-buster

Bumps python from 3.8.5-slim-buster to 3.8.6-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (0db21cd)

  • Merge pull request #110 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.3

Bump actions/checkout from v2.3.2 to v2.3.3 (f84ace1)

  • Bump actions/checkout from v2.3.2 to v2.3.3

Bumps actions/checkout from v2.3.2 to v2.3.3.

Signed-off-by: dependabot[bot] <support@github.com> (f1381a5)

  • Bump xmlschema from 1.2.3 to 1.2.4

Bumps xmlschema from 1.2.3 to 1.2.4.

Signed-off-by: dependabot[bot] <support@github.com> (8a92d37)

  • Merge pull request #101 from CycloneDX/dependabot/docker/python-3.8.5-slim-buster

Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster (bfa41d2)

  • Merge pull request #105 from CycloneDX/null-license-handling

Add test data for package with a null license (50e634b)

  • Fix test data for GitHub runners

There is something odd here that needs more investigation to make it more deterministic. (d2fee97)

  • Merge branch 'master' into null-license-handling (0d11a2e)

  • Add test data for package with a null license (9958abb)

v0.4.1 (2020-09-08)

Unknown

  • Bug fix release
  • Fix handling of null licenses
  • Fix Docker image bundled tool version (ab588be)
  • Merge pull request #104 from rback123/patch-103

Prevent crash when package_license is none from pypi null value (57e31f0)

  • Added NoneType check for package_license (6b18250)

  • Bump python from 3.8.1-slim-buster to 3.8.5-slim-buster

Bumps python from 3.8.1-slim-buster to 3.8.5-slim-buster.

Signed-off-by: dependabot[bot] <support@github.com> (a5e46d1)

  • Merge pull request #102 from CycloneDX/docker-release-fix

Use release built package when building Docker image (3c8b583)

  • Install locally created package when creating Docker image (890bdee)

  • Merge pull request #100 from CycloneDX/dependabot/github_actions/actions/setup-python-v2.1.2

Bump actions/setup-python from v1 to v2.1.2 (60ecc7c)

  • Bump actions/setup-python from v1 to v2.1.2

Bumps actions/setup-python from v1 to v2.1.2.

Signed-off-by: dependabot[bot] <support@github.com> (6d34eaa)

  • Merge pull request #99 from CycloneDX/dependabot/github_actions/actions/checkout-v2.3.2

Bump actions/checkout from v1 to v2.3.2 (dc2af31)

  • Bump actions/checkout from v1 to v2.3.2

Bumps actions/checkout from v1 to v2.3.2.

Signed-off-by: dependabot[bot] <support@github.com> (127e885)

  • Merge pull request #98 from davidkarlsen/dependabot

fix language definition (6cc7a17)

  • fix language definition (cee1611)

  • Merge pull request #97 from davidkarlsen/dependabot

Configure dependabot through config-files (003e20c)

  • Configure dependabot through config-files

Signed-off-by: David Karlsen <david@davidkarlsen.com> (36c92f7)

  • Merge pull request #96 from CycloneDX/dependabot/pip/setuptools-50.3.0

Bump setuptools from 50.1.0 to 50.3.0 (2727ff9)

  • Bump setuptools from 50.1.0 to 50.3.0

Bumps setuptools from 50.1.0 to 50.3.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (60e3547)

  • Add additional comments/doco to the GitHub workflows (f49bad6)

  • Merge pull request #93 from CycloneDX/dependabot/pip/setuptools-50.1.0

Bump setuptools from 18.5 to 50.1.0 (de6c3a9)

  • Bump setuptools from 18.5 to 50.1.0

Bumps setuptools from 18.5 to 50.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (b9dd248)

  • Merge pull request #84 from CycloneDX/dependabot/pip/packageurl-python-0.9.1

Bump packageurl-python from 0.8.7 to 0.9.1 (1434bd8)

  • Bump packageurl-python from 0.8.7 to 0.9.1

Bumps packageurl-python from 0.8.7 to 0.9.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (c45e7b7)

  • Add 30 minute timeout for GitHub workflows (47341f7)

  • Merge pull request #68 from CycloneDX/dependabot/pip/packaging-20.4

Bump packaging from 19.2 to 20.4 (9123452)

  • Bump packaging from 19.2 to 20.4

Bumps packaging from 19.2 to 20.4.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (cc0ba25)

  • Merge pull request #82 from CycloneDX/dependabot/pip/pytest-6.0.1

Bump pytest from 4.6.9 to 6.0.1 (ab1eb35)

  • Merge pull request #78 from CycloneDX/dependabot/pip/requests-2.24.0

Bump requests from 2.22.0 to 2.24.0 (ac5ab88)

  • Bump requests from 2.22.0 to 2.24.0

Bumps requests from 2.22.0 to 2.24.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (53ed092)

  • Merge pull request #89 from CycloneDX/dependabot/pip/xmlschema-1.2.3

Bump xmlschema from 1.0.16 to 1.2.3 (72cad92)

  • Bump xmlschema from 1.0.16 to 1.2.3

Bumps xmlschema from 1.0.16 to 1.2.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (2e0aa9f)

v0.4.0 (2020-09-03)

Unknown

  • Fix incorrect twine upload repo (2ad67fe)

  • Feature release

  • add JSON support
  • include schema files in package
  • code quality improvements (74cdcaf)
  • Remove manual release script (927da78)

  • Add Docker image and GitHub release to workflow (4f921a8)

  • Add docker build and push to release workflow (7b868dc)

  • Merge branch 'master' into github-workflows (6134a9b)

  • Merge pull request #94 from CycloneDX/github-workflows

GitHub workflow for releases (aa84147)

  • Add release workflow (9396ba8)

  • Remove newline from VERSION (c67b398)

  • Run CI tests on Ubuntu, Windows and Mac agents (eb84c46)

  • Rename pythonpackge workflow file to ci (2137711)

  • Bump pytest from 4.6.9 to 6.0.1

Bumps pytest from 4.6.9 to 6.0.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (a3db165)

  • Merge pull request #63 from coderpatros/json

Support for JSON output (a71084c)

  • Replace snapshot JSON schema with final v1.2 schema (44ad74b)

  • Update existing tests to use CLI instead of module imports (99430cc)

  • Add initial "preview" JSON output support (44e0667)

  • Fix bug that can result in duplicate components being included in the BOM (5fd04f5)

  • Refactor to use Component, Hash and License classes and rename some XML methods

This is in preparation for supporting JSON output. (3be896a)

  • Fix path issue when debugging from virtual environment (d208b16)

  • Git ignore files in build/ and dist/ (d80b959)

  • Merge pull request #55 from coderpatros/tests

Add a basic happy path test (c373dad)

  • Include xml schema files in package (0ae93d6)

  • Merge remote-tracking branch 'refs/remotes/origin/master'

Conflicts: cyclonedx/cli/generateBom.py

Changes to generateBom.py moved to reader.py (ab307e5)

  • Merge pull request #59 from RobertMaaskant/pypi-mirror-support

Pypi mirror support (169b642)

  • Use OrderedDict for hashes to fix failing test under Python 3.5

The dictionary implementation was changed from version 3.6. This means generated output is different under Python 3.5 (518cae9)

  • Fixup for mirror support (d53a5d1)

  • Fixup of bad refactoring (af95c39)

  • Refactor + add package info mirror support (4876f41)

  • Simplified populate_digests method (b9c5e0a)

  • Refactor bom building (5043e85)

  • Prevent main client from running on import (d3ce0c7)

  • Reorder imports (19f47b9)

  • Remove deprecated python 2.7 from build (3791c94)

  • Add basic bom generation test (1018f4c)

  • Make read_bom importable from cyclonedx.cli (421258f)

  • Use script relative paths for setup.py reference files (b06a628)

  • Add create-virtualenv.sh helper script (cf8f68b)

  • Add .gitignore (d07d736)

  • Added Slack badge (f975a73)

  • Update README.rst (c845183)

  • Update README.rst (f089c23)

  • Update README.rst (7cc8e37)

  • Added docker deployment on release (6ce0123)

  • Merge pull request #46 from davidkarlsen/feature/dockerimage

Docker image. Fixes #45 (fbf1482)

  • Docker image. Fixes #45

Signed-off-by: David Karlsen <david@davidkarlsen.com> (7b06b3a)

v0.3.5 (2019-12-05)

Unknown

v0.3.4 (2019-12-05)

Unknown

  • call python (0d7ceca)

  • #11 #34 - Fix for version comparison (eeaca97)

  • Merge pull request #16 from CycloneDX/dependabot/pip/requirements-parser-0.2.0

Bump requirements-parser from 0.1.0 to 0.2.0 (5ac8aa0)

  • Bump requirements-parser from 0.1.0 to 0.2.0

Bumps requirements-parser from 0.1.0 to 0.2.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (1505aa1)

  • Merge pull request #19 from CycloneDX/dependabot/pip/packaging-19.2

Bump packaging from 19.1 to 19.2 (f4a558f)

  • Merge pull request #30 from CycloneDX/dependabot/pip/xmlschema-1.0.16

Bump xmlschema from 1.0.14 to 1.0.16 (b22762a)

  • Merge remote-tracking branch 'origin/master' (3dba3a4)

  • Changed lang (b586534)

  • Merge pull request #4 from msander/patch-1

Continue with other requirements (88193b2)

  • Bump xmlschema from 1.0.14 to 1.0.16

Bumps xmlschema from 1.0.14 to 1.0.16.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (575595c)

v0.3.3 (2019-11-14)

Unknown

  • Updating release process (2d47de4)

  • Merge pull request #29 from llamahunter/patch-1

Support requirements.txt with local files (f476f4f)

  • Support requirements.txt with local files

It's possible for the requirements.txt file to have local file listings. These do not have 'name' values, and so cause a runtime error when trying to concatenate a NoneType with a string. Test for 'local_file' requirements and skip them when generating bom. See https://requirements-parser.readthedocs.io/en/latest/usage.html#parsing-requirement-specifiers (97d0cde)

  • Update README.rst (89b488b)

  • Update pythonpackage.yml (86d1451)

  • Update pythonpackage.yml (5db4810)

  • migrating from travis-ci to github actions (29d989e)

  • Update README.rst (a1aa609)

  • Update pythonpackage.yml (1cb93bf)

  • Update pythonpackage.yml (b9386aa)

  • Update pythonpackage.yml (c9dc482)

  • Update pythonpackage.yml (3416ee8)

  • bump (e84e29f)

  • Bump packaging from 19.1 to 19.2

Bumps packaging from 19.1 to 19.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (99ad2cb)

  • Fixes requirements (79993b7)

  • Merge pull request #21 from tngraf/master

Encoding detection added (a41d616)

  • Encoding detection added (938374a)

  • Merge pull request #18 from TTMaZa/TTMaZa-UTF-8-CLI

Enforced UTF-8 encoding while writing bom.xml (b3944a1)

  • Enforced UTF-8 encoding while writing bom.xml (2478bf1)

  • Merge pull request #17 from CycloneDX/dependabot/pip/packaging-19.1

Bump packaging from 19.0 to 19.1 (cd0ff73)

  • Bump packaging from 19.0 to 19.1

Bumps packaging from 19.0 to 19.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (b0a2719)

  • Merge pull request #14 from CycloneDX/dependabot/pip/requests-2.22.0

Bump requests from 2.20.1 to 2.22.0 (973a89f)

  • Bump requests from 2.20.1 to 2.22.0

Bumps requests from 2.20.1 to 2.22.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (ad3169d)

  • Merge pull request #15 from CycloneDX/dependabot/pip/packageurl-python-0.8.7

Bump packageurl-python from 0.8.1 to 0.8.7 (324d6a0)

  • Bump packageurl-python from 0.8.1 to 0.8.7

Bumps packageurl-python from 0.8.1 to 0.8.7.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (c47b17e)

  • Merge pull request #12 from CycloneDX/dependabot/pip/xmlschema-1.0.14

Bump xmlschema from 1.0.7 to 1.0.14 (e747f9f)

  • Bump xmlschema from 1.0.7 to 1.0.14

Bumps xmlschema from 1.0.7 to 1.0.14.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com> (4159f7b)

  • Continue with other requirements

Currently the BOM generation breaks when a single requirement does not refer to a specific version. It would be better to continue with the other requirements. (c633e4f)

  • Update README.rst (b4a1dc0)

  • version bump. Added xml pretty printing (83cbb7a)

  • Merge pull request #10 from emnetag/patch-08-19

Handle package versions not found in PyPi (5d12795)

  • Handle packages not found in PyPi

If a package version is not found in PyPi, create an entry for that version and print a warning to the console. (2fbb145)

  • Updating SPDX license list to v3.6 (51a1727)

  • Adding release script (f2a486d)

  • Added topics (7bbc751)

  • version bump (aa16564)

  • Updating SPDX license list to v3.5 (ddb11b7)

  • Merge pull request #8 from rback123/patch-6

Support PEP 440 concepts like pre, post, and development versions (20d6c5d)

  • Support PEP 440 concepts like pre, post, and development versioning schemes. (4344b9a)

  • Merge pull request #5 from msander/patch-2

Add 'requests' requirement to install_requires (e026932)

  • Merge pull request #1 from jhermann/stdin-as-input

Support -i - (read from stdin) (e5356ef)

  • Add 'requests' requirement to install_requires (625b5a3)

  • main: support '-i -' (read from stdin)

This allows to call...

pip freeze | cyclonedx-py -i - ([`e8522a6`](https://github.com/CycloneDX/cyclonedx-python/commit/e8522a679ebd11d151970c26eabf411bd232a881))