./security/py-cyclonedx-python-lib, Python library for generating CycloneDX SBOMs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 8.4.0, Package name: py312-cyclonedx-python-lib-8.4.0, Maintainer: pkgsrc-users

This CycloneDX module for Python can generate valid CycloneDX
bill-of-material document containing an aggregate of all project
dependencies.

This module is not designed for standalone use.


Master sites:

Filesize: 1105.01 KB

Version history: (Expand)


CVS history: (Expand)


   2024-04-28 11:54:08 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: update to 7.3.2.

7.3.2

* fix: properly sort components based on all properties (#599)
  reverts #587 - as this one introduced errors fixes #598 fixes #586

7.3.1

* chore: semantic-release git commit/sign valid email address
* fix: include all fields of `Component` in `__lt__` function for #586 (#587)
   2024-04-21 17:35:36 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: update to 7.3.0.

7.3.0

Feature

    feat: license factory set acknowledgement (#593)

add a parameter to LicenseFactory.make_*() methods, to set the \ 
LicenseAcknowledgement.

## v7.2.0 (2024-04-19)

### Feature

* feat: disjunctive license acknowledgement (#591)

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> \ 
([`9bf1839`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bf1839859a244e790e91c3e1edd82d333598d60))

### Unknown

* tests: add meaningful names to validation tests (#588)

When packaging cyclonedx-python-lib for a Linux distribution, it’s
pretty common that some JSON validation tests fail. [1]

Due to the large number of combinations and the fact that these tests
are consecutively numbered, it has been tedious to figure out which
tests are exactly failing and why. This in turn makes it difficult to
decide which tests to disable or report upstream.

Append meaningful names to validation tests so that instead of e.g.:

    […]::TestJsonValidator::test_validate_no_none_001
    […]::TestJsonValidator::test_validate_no_none_002
    […]::TestJsonValidator::test_validate_no_none_003
    […]::TestJsonValidator::test_validate_no_none_004
    […]::TestJsonValidator::test_validate_no_none_005
    […]::TestJsonValidator::test_validate_no_none_006
    […]::TestJsonValidator::test_validate_no_none_007
    […]::TestJsonValidator::test_validate_no_none_008

the tests are named:

    […]::TestJsonValidator::test_validate_no_none_001_valid_component_swid_1_6
    \ 
[…]::TestJsonValidator::test_validate_no_none_002_valid_machine_learning_consi \ 
derations_env_1_6
    […]::TestJsonValidator::test_validate_no_none_003_valid_metadata_tool_1_6
    […]::TestJsonValidator::test_validate_no_none_004_valid_patch_1_6
    […]::TestJsonValidator::test_validate_no_none_005_valid_empty_components_1_6
    […]::TestJsonValidator::test_validate_no_none_006_valid_properties_1_6
    […]::TestJsonValidator::test_validate_no_none_007_valid_service_1_6
    […]::TestJsonValidator::test_validate_no_none_008_valid_metadata_author_1_6

[1]: \ 
https://aur.archlinux.org/cgit/aur.git/diff/PKGBUILD?h=python-cyclonedx-lib&id=9c6ae556874a633a521407a77a9a85bb31da2047

* doc: poor merge resolved
   2024-04-18 10:55:26 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
py-cyclonedx-python-lib: update to 7.1.0.

7.1.0

Documentation
    docs: missing schema support table & update schema support to reflect \ 
version 7.0.0 (#584)
Feature
    feat: support bom.properties for CycloneDX v1.5+ (#585)

7.0.0

Breaking
    feat!: Support for CycloneDX v1.6
    added draft v1.6 schemas and boilerplate for v1.6
    re-generated test snapshots for v1.6
    note bom.metadata.manufacture as deprecated
    work on bom.metadata for v1.6
    Deprecated .component.author. Added .component.authors and \ 
.component.manufacturer
    work to add .component.omniborid - but tests deserialisation tests fail due \ 
to schema differences (.component.author not in 1.6)
    work to get deserialization tests passing
    chore(deps): bump py-serializable to >=1.0.3 to resolve issues with \ 
deserialization to XML
    imports tidied
    properly added .component.swhid
    add .component.cryptoProperties - with test failures for SchemaVersion < 1.6
    typing and bandit ignores
    coding standards
    test filtering
    coding standards
    additional tests to increase code coverage
    corrected CryptoMode enum
    coding standards
    Added address to organizationalEntity
    Added address to organizationalEntity
    raise UserWarning in .component.version has length > 1024
    coding standards and typing
    add acknowledgement to LicenseExpression (#582)
    more proper way to filter test cases
    update schema to published versions
    fetch schema 1.6 JSON
    fetch test data for CDX 1.6
    reformat
    reformat
    refactor
    style
    refactor
    docs
   2024-03-24 14:04:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: updated to 6.4.4

6.4.4

fix: wrong extra name for xml validation
   2024-03-04 19:49:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: updated to 6.4.3

v6.4.3

fix: serialization of model.component.Diff
   2024-03-03 12:40:53 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: update to 6.4.2.

Maintenance release.
   2024-02-05 11:53:31 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-cyclonedx-python-lib: updated to 6.4.1

v6.4.1

chore(deps-dev): update bandit requirement from 1.7.6 to 1.7.7
chore(deps-dev): update coverage requirement from 7.4.0 to 7.4.1
docs: ship docs with sdist build
docs: refactor example
fix: model.BomRef no longer equal to unset peers
   2024-01-28 14:20:00 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cyclonedx-python-lib: update to 6.4.0.

Chore

    chore(deps-dev): update tox requirement from 4.12.0 to 4.12.1 (#533)

Updates the requirements on tox to permit the latest version.