v5.1.1

v5.1.1 (2023-11-02)

Fix

• fix: update own externalReferences (#480)

---

What's Changed

• fix: update own externalReferences by @jkowalleck in #480

Full Changelog: v5.1.0...v5.1.1

v5.1.0

Documentation

• docs: advance license docs (f61a730)

Feature

• feat: guarantee unique BomRefs in serialization result (#479) (a648775)
  Incorporate output.BomRefDiscriminator on serialization

---

What's Changed

• feat: guarantee unique BomRefs in serialization result by @jkowalleck in #479

Full Changelog: v5.0.1...v5.1.0

v5.0.1

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#474)

Bumps python-semantic-release/python-semantic-release from 8.0.8 to 8.3.0.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (9c3ffac)

• chore: make pyproject parsable by dependabot (#477)

Signed-off-by: Jan Kowalleck <[email protected]> (c4eaaa5)

Documentation

• docs: revisit project meta (#475)

Signed-off-by: Jan Kowalleck <[email protected]> (c3254d0)

• docs: fix RTFD build (#476)

Signed-off-by: Jan Kowalleck <[email protected]> (b9fcfb4)

Unknown

• "chore(deps): revert bump python-semantic-release/python-semantic-release (#474)"

This reverts commit 9c3ffac.

Signed-off-by: Jan Kowalleck <[email protected]> (aae7304)

---

What's Changed

• docs: fix RTFD build by @jkowalleck in #476
• docs: revisit project meta by @jkowalleck in #475
• chore: make pyproject parsable by dependabot by @jkowalleck in #477
• chore(deps): bump python-semantic-release/python-semantic-release from 8.0.8 to 8.3.0 by @dependabot in #474

Full Changelog: v5.0.0...v5.0.1

v5.0.0

BREAKING CHANGES

• Dropped support for python<3.8 (#436 via #441; enable #433)
• Reworked license related models, collections, and factories (#365 via #466)
• Behavior
  • Method model.bom.Bom.validate() will throw exception.LicenseExpressionAlongWithOthersException, if detecting invalid license constellation (#453 via #452)
  • Fixed tuple comparison when unequal lengths (via #461)
• API
  • Enum schema.SchemaVersion is no longer string-like (#442 via #447)
  • Enum schema.OutputVersion is no longer string-like (#442 via #447)
  • Abstract class output.BaseOutput requires implementation of new method output_format (#446 via #447)
  • Abstract method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
  • Abstract method output.BaseOutput.output_as_string() accepts arbitrary kwargs (via #458, #462)
  • Removed class factory.license.LicenseChoiceFactory (via #466)
    The old functionality was integrated into factory.license.LicenseFactory.
  • Method factory.license.LicenseFactory.make_from_string()'s parameter name_or_spdx was renamed to value (via #466)
  • Method factory.license.LicenseFactory.make_from_string()'s return value can also be a LicenseExpression (#365 via #466)
    The behavior imitates the old factory.license.LicenseChoiceFactory.make_from_string()
  • Renamed class module.License to module.license.DisjunctliveLicense (#365 via #466)
  • Removed class module.LicenseChoice (#365 via #466)
    Use dedicated classes module.license.DisjunctliveLicense and module.license.LicenseExpression instead
  • All occurrences of models.LicenseChoice were replaced by models.licenses.License (#365 via #466)
  • All occurrences of SortedSet[LicenseChoice] were specialized to models.license.LicenseRepository (#365 via #466)

Fixed

• Serialization of multy-licenses (#365 via #466)
• Detect unused "dependent" components in model.bom.validate() (via #464)

Changed

• Updated latest supported list of supported SPDX license identifiers (via #433)
• Shipped schema files are moved to a protected space (via #433)
  These files were never intended for public use.
• XML output uses a default namespace, which makes results smaller. (#438 via #458)

Added

• Support for Python 3.12 (via #460)
• JSON- & XML-Validators (#432, #446 via #433, #448)
  The functionality might require additional dependencies, that can be installed with the extra "validation".
  See the docs in section "Installation" for details.
• JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
• Type hints, typings & overloads for better integration downstream (via #463)
• API
  • New function output.make_outputter() (via #469)
    This replaces the deprecated function output.get_instance().
  • New sub-package validation (#432, #446 via #433, #448, #469, #468, #469)
  • New class exception.MissingOptionalDependencyException (#432 via #433)
  • New class exception.LicenseExpressionAlongWithOthersException (#453 via #452)
  • New dictionaries output.{json,xml}.BY_SCHEMA_VERSION (#446 via #447)
  • Existing implementations of class output.BaseOutput now have a new method output_format (#446 via #447)
  • Existing implementations of method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
  • Existing implementations of method output.BaseOutput.output_to_file() got new optional parameter indent (#437 via #458)
  • New method factory.license.LicenseFactory.make_with_expression() (via #466)
  • New class model.license.DisjunctiveLicense (#365 via #466)
  • New class model.license.LicenseExpression (#365 via #466)
  • New class model.license.LicenseRepository (#365 via #466)
  • New class serialization.LicenseRepositoryHelper (#365 via #466)

Deprecated

• Function output.get_instance() might be removed, use output.make_outputter() instead (via #469)

Tests

• Added validation tests with official CycloneDX schema test data (#432 via #433)
• Use proper snapshots, instead of pseudo comparison (#437 via #464)
• Added regression test for bug #365 (via #466, #467)

Misc

• Dependencies: bumped py-serializable@^0.15.0, was @^0.11.1 (via #458, #463, #464, #466)
• Style: streamlined quotes and strings (via #472)
• Chore: bumped internal dev- and QA-tools (#436 via #441, #472)
• Chore: added more QA tools to prevent common security issues (via #473)

---

What's Changed

• feat!: v5.0.0 by @jkowalleck in #440

Full Changelog: v4.2.3...v5.0.0

v5.0.0-rc.2

read the full change log.

---

Ci

• ci: revisit coverage reporting

Signed-off-by: Jan Kowalleck <[email protected]> (bc8e30b)

• ci: revisit coverage reporting

Signed-off-by: Jan Kowalleck <[email protected]> (2967f28)

Documentation

• docs: update title

Signed-off-by: Jan Kowalleck <[email protected]> (9373afc)

Feature

• feat: v5.0.0-rc.2

Signed-off-by: Jan Kowalleck <[email protected]> (e298726)

Style

• style: qa

Signed-off-by: Jan Kowalleck <[email protected]> (a2af2ed)

• style: streamline code quality (#472)

• raised some dev tools
• added more quality checkers and rules
• documented and applied additional code standards

---

Signed-off-by: Jan Kowalleck <[email protected]> (bb0f7a5)

Unknown

• reduce imports

Signed-off-by: Jan Kowalleck <[email protected]> (d09ac36)

• Merge remote-tracking branch 'origin/main' into 5.0.0-dev (c4f7281)

---

What's Changed

• refactor: schema based validator by @jkowalleck in #468
• refactor(DX): rename get_instance() by @jkowalleck in #469
• fix: SPDX-expression-validation internal crashes are cought and handled by @jkowalleck in #471
• style: streamline code quality by @jkowalleck in #472

Full Changelog: v5.0.0-rc.1...v5.0.0-rc.2

v4.2.3

v4.2.3 (2023-10-16)

Chore

• chore: Update CONTRIBUTING.md

Signed-off-by: Jan Kowalleck <[email protected]> (0ebaa21)

Ci

• ci: publish coverage report to codacy (#439)

Signed-off-by: Jan Kowalleck <[email protected]> (0012a82)

Fix

• fix: SPDX-expression-validation internal crashes are cought and handled (#471)

Signed-off-by: Jan Kowalleck <[email protected]> (5fa66a0)

v5.0.0-rc.1

BREAKING CHANGES

• Dropped support for python<3.8 (#436 via #441; enable #433)
• Reworked license related models, collections, and factories (#365 via #466)
• Behavior
  • Method model.bom.Bom.validate() will throw exception.LicenseExpressionAlongWithOthersException, if detecting invalid license constellation (#453 via #452)
  • Fixed tuple comparison when unequal lengths (via #461)
• API
  • Enum schema.SchemaVersion is no longer string-like (#442 via #447)
  • Enum schema.OutputVersion is no longer string-like (#442 via #447)
  • Abstract class output.BaseOutput requires implementation of new method output_format (#446 via #447)
  • Abstract method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
  • Abstract method output.BaseOutput.output_as_string() accepts arbitrary kwargs (via #458, #462)
  • Removed class factory.license.LicenseChoiceFactory (via #466)
    The old functionality was integrated into factory.license.LicenseFactory.
  • Method factory.license.LicenseFactory.make_from_string()'s parameter name_or_spdx was renamed to value (via #466)
  • Method factory.license.LicenseFactory.make_from_string()'s return value can also be a LicenseExpression (#365 via #466)
    The behavior imitates the old factory.license.LicenseChoiceFactory.make_from_string()
  • Renamed class module.License to module.license.DisjunctliveLicense (#365 via #466)
  • Removed class module.LicenseChoice (#365 via #466)
    Use dedicated classes module.license.DisjunctliveLicense and module.license.LicenseExpression instead
  • All occurrences of models.LicenseChoice were replaced by models.licenses.License (#365 via #466)
  • All occurrences of SortedSet[LicenseChoice] were specialized to models.license.LicenseRepository (#365 via #466)

Fixed

• Serialization of multy-licenses (#365 via #466)
• Detect unused "dependent" components in model.bom.validate() (via #464)

Changed

• Updated latest supported list of supported SPDX license identifiers (via #433)
• Shipped schema files are moved to a protected space (via #433)
  These files were never intended for public use.
• XML output uses a default namespace, which makes results smaller. (#438 via #458)

Added

• Support for Python 3.12 (via #460)
• JSON- & XML-Validators (#432, #446 via #433, #448)
  The functionality might require additional dependencies, that can be installed with the extra "validation".
  See the docs in section "Installation" for details.
• JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
• Type hints, typings & overloads for better integration downstream (via #463)
• API
  • New sub-package validation (#432, #446 via #433, #448)
  • New class exception.MissingOptionalDependencyException (#432 via #433)
  • New class exception.LicenseExpressionAlongWithOthersException (#453 via #452)
  • New dictionaries output.{json,xml}.BY_SCHEMA_VERSION (#446 via #447)
  • Existing implementations of class output.BaseOutput now have a new method output_format (#446 via #447)
  • Existing implementations of method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
  • Existing implementations of method output.BaseOutput.output_to_file() got new optional parameter indent (#437 via #458)
  • New method factory.license.LicenseFactory.make_with_expression() (via #466)
  • New class model.license.DisjunctiveLicense (#365 via #466)
  • New class model.license.LicenseExpression (#365 via #466)
  • New class model.license.LicenseRepository (#365 via #466)
  • New class serialization.LicenseRepositoryHelper (#365 via #466)

Tests

• Added validation tests with official CycloneDX schema test data (#432 via #433)
• Use proper snapshots, instead of pseudo comparison (#437 via #464)
• Added regression test for bug #365 (via #466, #467)

Misc

• Bumped internal dev- and QA-tools (#436 via #441)
• Raised dependency on py-serializable@^0.15.0, was @^0.11.1 (via #458, #463, #464, #466)

---

What's Changed

• chore: publish coverage report to codacy by @jkowalleck in #439
• proper enums by @jkowalleck in #447
• feat: easy access validators by @jkowalleck in #448
• fix: bom.validate() detects invalid license constellations by @jkowalleck in #452
• feat: options for beautiful output by @jkowalleck in #458
• chore: remove encoding leadin by @jkowalleck in #459
• feat: support python 3.12 by @jkowalleck in #460
• fix: tuple comparison by @jkowalleck in #461
• fix: typing for kwargs by @jkowalleck in #462
• Feat: typing, typehints, & overload by @jkowalleck in #463
• tests: snapshots and complete deep comparison, instead of pseudo-compare by @jkowalleck in #464
• fix: multiple licenses issue #365 by @jkowalleck in #466
• tests: import mixed licenses by @jkowalleck in #467

Full Changelog: v4.2.2...v5.0.0-rc.1

v4.2.2

v4.2.2 (2023-09-14)

Chore

• chore: dont lock poetry (#431)

fixes #430

Signed-off-by: Jan Kowalleck <[email protected]> (49b144b)

• chore(deps): bump actions/checkout from 3 to 4 (#429)

Bumps actions/checkout from 3 to 4.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (a70754d)

Documentation

• docs: fix shield in README

Signed-off-by: Jan Kowalleck <[email protected]> (6a941b1)

• docs(example): showcase LicenseChoiceFactory (#428)

Signed-off-by: Jan Kowalleck <[email protected]> (c56ec83)

Fix

• fix: ship meta files (#434)

Signed-off-by: Jan Kowalleck <[email protected]> (3a1a8a5)

v4.2.1

v4.2.1 (2023-09-06)

Fix

• fix: LicenseChoiceFactory.make_from_string() prioritize SPDX id over expression (#427)

Signed-off-by: Jan Kowalleck <[email protected]> (e1bdfdd)

v4.2.0

v4.2.0 (2023-09-06)

Chore

• chore(deps): bump python-semantic-release/python-semantic-release (#423)

Bumps python-semantic-release/python-semantic-release from 8.0.7 to 8.0.8.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: python-semantic-release/python-semantic-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  ...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (13e441d)

Feature

• feat: complete SPDX license expression (#425)

Signed-off-by: Jan Kowalleck <[email protected]> (e06f9fd)