Skip to content

v6.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 10 Dec 19:04
· 203 commits to main since this release
v6.0.0
8800b68

v6.0.0 (2023-12-10)

Breaking

  • feat!: v6.0.0 (#492)

Breaking Changes

  • Removed symbols that were already marked as deprecated (via #493)
  • Removed symbols in parser.* (#489 via #495)
  • Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
  • Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
    Handling might raise warnings if a data loss occurred due to omitting.
    The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered.
  • Serialization of any model.component.Component with unsupported type raises exception.serialization.SerializationOfUnsupportedComponentTypeException (#490 via #496)
  • Object model.bom_ref.BomRef's property value defaults to Null, was arbitrary UUID (#504 via #505)
    This change does not affect serialization. All bom-refs are guaranteed to have unique values on rendering.
  • Removed helpers from public API (#503 via #506)

Added

  • Basic support for CycloneDX 1.5 (#404 via #488) -- Thanks to @Churro
    • No data models were enhanced nor added, yet.
      Pull requests to add functionality are welcome.
    • Existing enumerable got new cases, to reflect features of CycloneDX 1.5 (#404 via #488)
    • Outputters were enabled to render CycloneDX 1.5 (#404 via #488)

Tests

  • Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
  • Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)

Misc

  • Bumped dependency py-serializable@^0.16, was @^0.15 (via #496)

API Changes — the details for migration

  • Added new sub-package exception.serialization (via #496)
  • Removed class models.ComparableTuple (#503 via #506)
  • Enum model.ExternalReferenceType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
  • Removed function models.get_now_utc (#503 via #506)
  • Removed function models.sha1sum (#503 via #506)
  • Enum model.component.ComponentType got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
  • Removed model.component.Component.__init__()'s deprecated optional kwarg namespace (via #493)
    Use kwarg group instead.
  • Removed model.component.Component.__init__()'s deprecated optional kwarg license_str (via #493)
    Use kwarg licenses instead.
  • Removed deprecated method model.component.Component.get_namespace() (via #493)
  • Removed class models.dependency.DependencyDependencies (#503 via #506)
  • Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg source_name (via #493)
    Use kwarg source instead.
  • Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg source_url (via #493)
    Use kwarg source instead.
  • Removed model.vulnerability.Vulnerability.__init__()'s deprecated optional kwarg recommendations (via #493)
    Use kwarg recommendation instead.
  • Removed model.vulnerability.VulnerabilityRating.__init__()'s deprecated optional kwarg score_base (via #493)
    Use kwarg score instead.
  • Enum model.vulnerability.VulnerabilityScoreSource got new cases, to reflect features for CycloneDX 1.5 (#404 via #488)
  • Removed output.LATEST_SUPPORTED_SCHEMA_VERSION (#491 via #494)
  • Removed deprecated function output.get_instance() (via #493)
    Use function output.make_outputter() instead.
  • Added new class output.json.JsonV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
  • Added new item to dict output.json.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
  • Added new class output.xml.XmlV1Dot5, to reflect CycloneDX 1.5 (#404 via #488)
  • Added new item to dict output.xml.BY_SCHEMA_VERSION, to reflect CycloneDX 1.5 (#404 via #488)
  • Removed class parser.ParserWarning (#489 via #495)
  • Removed class parser.BaseParser (#489 via #495)
  • Enum schema.SchemaVersion got new case V1_5, to reflect CycloneDX 1.5 (#404 via #488)

Signed-off-by: Johannes Feichtner <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <[email protected]>
Co-authored-by: semantic-release <semantic-release> (74865f8)

Chore

  • chore(deps): bump python-semantic-release/python-semantic-release (#509)

Bumps python-semantic-release/python-semantic-release from 8.0.8 to 8.5.0.

updated-dependencies:

  • dependency-name: python-semantic-release/python-semantic-release
    dependency-type: direct:production
    update-type: version-update:semver-minor
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9ed9ab1)

  • chore(deps-dev): update isort requirement from 5.12.0 to 5.13.0 (#512)

Updates the requirements on isort to permit the latest version.

updated-dependencies:

  • dependency-name: isort
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (0eba631)

  • chore(deps-dev): update bandit requirement from 1.7.5 to 1.7.6 (#510)

Updates the requirements on bandit to permit the latest version.

updated-dependencies:

  • dependency-name: bandit
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (153b07a)

  • chore(deps): bump actions/setup-python from 4 to 5 (#508)

Bumps actions/setup-python from 4 to 5.

updated-dependencies:

  • dependency-name: actions/setup-python
    dependency-type: direct:production
    update-type: version-update:semver-major
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (4e3e0e0)

  • chore(deps): update sphinx-rtd-theme requirement (#499)

Updates the requirements on sphinx-rtd-theme to permit the latest version.

updated-dependencies:

  • dependency-name: sphinx-rtd-theme
    dependency-type: direct:production
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5d6dd41)

  • chore(deps-dev): update flake8-bugbear requirement (#500)

Updates the requirements on flake8-bugbear to permit the latest version.

updated-dependencies:

  • dependency-name: flake8-bugbear
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (e9a12b9)

  • chore(deps): update py-serializable requirement (#501)

Updates the requirements on py-serializable to permit the latest version.

updated-dependencies:

  • dependency-name: py-serializable
    dependency-type: direct:production
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (04435ab)

  • chore(deps-dev): update tox requirement from 4.11.3 to 4.11.4 (#502)

Updates the requirements on tox to permit the latest version.

updated-dependencies:

  • dependency-name: tox
    dependency-type: direct:development
    ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (8bf0e39)

What's Changed

  • chore(deps-dev): update tox requirement from 4.11.3 to 4.11.4 by @dependabot in #502
  • chore(deps): update py-serializable requirement from ^0.15 to >=0.15,<0.17 by @dependabot in #501
  • chore(deps-dev): update flake8-bugbear requirement from 23.9.16 to 23.11.28 by @dependabot in #500
  • chore(deps): update sphinx-rtd-theme requirement from <2,>=1.3.0 to >=1.3.0,<3 by @dependabot in #499
  • chore(deps): bump actions/setup-python from 4 to 5 by @dependabot in #508
  • chore(deps-dev): update bandit requirement from 1.7.5 to 1.7.6 by @dependabot in #510
  • chore(deps-dev): update isort requirement from 5.12.0 to 5.13.0 by @dependabot in #512
  • chore(deps): bump python-semantic-release/python-semantic-release from 8.0.8 to 8.5.0 by @dependabot in #509
  • feat!: v6.0.0 by @jkowalleck @Churro in #492

Full Changelog: v5.2.0...v6.0.0

Contributors

Churro, jkowalleck, and dependabot
Assets 4
Loading