v8.6.0

v8.6.0 (2025-02-04)

Feature

• feat: expand the capabilities of models.definition.Standard (#713)
• feat: allow empty OrganizationalEntity object (#768)

---

What's Changed

• feat: allow empty OrganizationalEntity object by @Churro in #768
• chore: tools shebang by @jkowalleck in #770
• feat: add extended support for Definitions by @hakandilek in #713

Full Changelog: v8.5.1...v8.6.0

v8.5.1

v8.5.1 (2025-01-28)

Documentation

• docs: responsibilities & capabilities (#763)
• docs: Fix typos in conda-forge.md and remove unused reference in README (#762)
• docs: modernize docstrings for CDX1.6 (#759)

Feature

• feat: couple classes and their serializes (#757)
  Deprecates .serialization.BomRefHelper and .serialization.LicenseRepositoryHelper.
  (stealth-release of this feature, as it is almost only used internally)

---

What's Changed

• chore(deps-dev): update tomli requirement from 2.1.0 to 2.2.1 by @dependabot in #744
• chore(deps-dev): update flake8-bugbear requirement from 24.10.31 to 24.12.12 by @dependabot in #748
• chore(deps-dev): update mypy requirement from 1.13.0 to 1.14.1 by @dependabot in #751
• docs: modernize docstrings for CDX1.6 by @jkowalleck in #759
• feat: couple classes and their serializes by @jkowalleck in #757
• chore(deps-dev): update tox requirement from 4.23.2 to 4.24.1 by @dependabot in #761
• docs: Fix typos in in conda-forge.md and remove unused reference in README by @bact in #762
• docs: responsibilities & capabilities by @jkowalleck in #763

New Contributors

• @bact made their first contribution in #762

Full Changelog: v8.5.0...v8.5.1

v8.5.0

v8.5.0 (2024-11-18)

Documentation

• docs: remove invalid docsting note about auto-assigned bom-ref values (#733) (5aa5787)

Feature

• feat: support CycloneDX 1.6.1 (#742)

---

What's Changed

• docs: remove invalid docsting note about auto-assigned bom-ref values by @jkowalleck in #733
• chore(deps-dev): update flake8-bugbear requirement from 24.8.19 to 24.10.31 by @dependabot in #734
• chore(deps-dev): update tomli requirement from 2.0.2 to 2.1.0 by @dependabot in #739
• feat: support CycloneDX 1.6.1 by @jkowalleck in #742

Full Changelog: v8.4.0...v8.5.0

v8.4.0

v8.4.0 (2024-10-29)

Feature

• feat: add factory method XsUri.make_bom_link() (#728)

Fix

• fix: no warning for missing dependencies if no component exists (#720)

Docs

• docs: fix Definitions docstring (#731)

---

What's Changed

• refactor: reuse internal helper bom_ref_from_str by @jkowalleck in #727
• chore(deps-dev): update tox requirement from 4.23.0 to 4.23.2 by @dependabot in #729
• chore(deps-dev): update mypy requirement from 1.12.0 to 1.13.0 by @dependabot in #730
• doc: fix Definitions docstring by @hakandilek in #731
• feat: add factory method XsUri.make_bom_link() by @saquibsaifee in #728
• fix: no warning for missing dependencies if no component exists by @weichslgartner in #720

New Contributors

• @saquibsaifee made their first contribution in #728

Full Changelog: v8.3.0...v8.4.0

v8.3.0

v8.3.0 (2024-10-26)

Documentation

• docs: revisit examples readme (#725)

Feature

• feat: add basic support for Definitions (#701)

---

What's Changed

• docs: revisit examples readme by @jkowalleck in #725
• feat: add basic support for Definitions by @hakandilek in #701

Full Changelog: v8.2.1...v8.3.0

v8.2.1

v8.2.1 (2024-10-24)

Fix

• fix: encode quotation mark in URL (#724)

---

What's Changed

• chore: fix pre-commit hook for mypy by @weichslgartner in #723
• fix: encode quotation mark in URL by @jkowalleck in #724

New Contributors

• @weichslgartner made their first contribution in #723

Full Changelog: v8.2.0...v8.2.1

v8.2.0

v8.2.0 (2024-10-22)

Feature

• feat: Add Python 3.13 support (#718)

---

What's Changed

• feat: Add Python 3.13 support by @gruebel in #718

Full Changelog: v8.1.0...v8.2.0

v8.1.0

v8.1.0 (2024-10-21)

Documentation

• docs: fix code examples regarding outputting (#709)

Feature

• feat: add support for Lifecycles in BOM metadata (#698)

---

What's Changed

• docs: fix code examples regarding outputting by @hakandilek in #709
• chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @dependabot in #716
• chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @dependabot in #714
• chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @dependabot in #715
• feat: add support for Lifecycles in BOM metadata by @Churro in #698

Full Changelog: v8.0.0...v8.1.0

v8.0.0

v8.0.0 (2024-10-14)

Breaking

• feat!: v8.0.0 (#665)

BREAKING Changes

• Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
• Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
• Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Constructor cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

• Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository for argument tools.
• Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool.
  Downstream users SHOULD add it manually, like my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).

Fixes

• Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

• New class cyclonedx.model.tool.ToolRepository.
• New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
• New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
• New function cyclonedx.model.tool.Tool.from_component().

Dependencies

• Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

---

Docs & Migration Paths

see https://cyclonedx-python-library.readthedocs.io/en/v8.0.0/upgrading.html

---

What's Changed

• chore: ignore coverage of abstract methods by @jkowalleck in #699
• docs(chaneglog): omit chore/ci/refactor/style/test/build by @jkowalleck in #703
• feat!: v8.0.0 by @jkugler & @jkowalleck in #665

Full Changelog: v7.6.2...v8.0.0

v7.6.2

v7.6.2 (2024-10-07)

Chore

• chore: trusted publishing (#695)

fixes #681

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (cc09c42)

Documentation

• docs: fix some doc strings

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4fa8fc1)

Fix

• fix: behavior of and typing for crypto setters with optional values (#694)

fixes #690

---

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d8b20bd)

---

What's Changed

• chore(deps-dev): update tox requirement from 4.18.1 to 4.20.0 by @dependabot in #680
• chore(deps-dev): update bandit requirement from 1.7.9 to 1.7.10 by @dependabot in #688
• chore(deps-dev): update tox requirement from 4.20.0 to 4.21.2 by @dependabot in #693
• chore: trusted publishing by @jkowalleck in #695
• fix: behavior of and typing for crypto setters with optional values by @jkowalleck in #694

Full Changelog: v7.6.1...v7.6.2