From 7e511aeeb9f2863e78cd3276f8397071b5800fe2 Mon Sep 17 00:00:00 2001 From: semantic-release Date: Mon, 14 Oct 2024 12:32:50 +0000 Subject: [PATCH] chore(release): 8.0.0 Automatically generated by python-semantic-release Signed-off-by: semantic-release --- CHANGELOG.md | 189 +++++++++++------------------------------- cyclonedx/__init__.py | 2 +- docs/conf.py | 2 +- pyproject.toml | 2 +- 4 files changed, 50 insertions(+), 145 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79dbd60b..f9df9672 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,28 +1,60 @@ # CHANGELOG -## Unreleased -### Documentation - -* docs(chaneglog): omit chore/ci/refactor/style/test/build (#703) - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a210809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a210809efb34c2dc895fc0c6d96a3412a9097625)) - -* docs: rephrase migration paths +## v8.0.0 (2024-10-14) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b0260a7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b0260a7d45bc3e099b979001049a8c5a67b97634)) - -### Unknown +### Breaking -* Merge remote-tracking branch 'origin/main' into 8.0.0-dev ([`b9a33e6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b9a33e614a84ba4a6546a1907b70a0cbfee8cd6f)) +* feat!: v8.0.0 (#665) -* rework tools xml deserializer (#700) +### BREAKING Changes + +* Removed `cyclonedx.mode.ThisTool`, utilize `cyclonedx.builder.this.this_tool()` instead. +* Moved `cyclonedx.model.Tool` to `cyclonedx.model.tool.Tool`. +* Property `cyclonedx.mode.bom.BomMetaData.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`. + The getter will act accordingly; the setter might act in a backwards-compatible way. +* Property `cyclonedx.mode.vulnerability.Vulnerability.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`. + The getter will act accordingly; the setter might act in a backwards-compatible way. +* Constructor `cyclonedx.model.license.LicenseExpression()` accepts optional argument `acknowledgement` only as key-word argument, no longer as positional argument. + + +### Changes + +* Constructor of `cyclonedx.model.bom.BomMetaData` also accepts an instance of `cyclonedx.model.tool.ToolRepository` for argument `tools`. +* Constructor of `cyclonedx.model.bom.BomMetaData` no longer adds this very library as a tool. + Downstream users SHOULD add it manually, like `my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())`. + +### Fixes + +* Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered. + +### Added + +Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5 + +* New class `cyclonedx.model.tool.ToolRepository`. +* New function `cyclonedx.builder.this.this_component()` -- representation of this very python library as a `Component`. +* New function `cyclonedx.builder.this.this_tool()` -- representation of this very python library as a `Tool`. +* New function `cyclonedx.model.tool.Tool.from_component()`. + +### Dependencies + +* Raised runtime dependency `py-serializable>=1.1.1,<2`, was `>=1.1.0,<2`. + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Signed-off-by: Joshua Kugler <tek30584@adobe.com> +Signed-off-by: semantic-release <semantic-release@bot.local> +Co-authored-by: Joshua Kugler <joshua@azariah.com> +Co-authored-by: semantic-release <semantic-release@bot.local> ([`002f966`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/002f96630ce8fc6f1766ee6cc92a16b35a821c69)) -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1a24ee6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1a24ee6a0853e535465f85c6380971948281ad6e)) +### Documentation -* Merge remote-tracking branch 'origin/main' into 8.0.0-dev ([`4c57fa1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c57fa156516de07cdd4acd3f3057c0b20d108d7)) +* docs(chaneglog): omit chore/ci/refactor/style/test/build (#703) +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a210809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a210809efb34c2dc895fc0c6d96a3412a9097625)) ## v7.6.2 (2024-10-07) @@ -43,126 +75,9 @@ fixes #690 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d8b20bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d8b20bdc5224ea30cf767f6f3f1a6f8ff2754973)) -### Unknown - -* docs - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`68c681d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68c681d46c85230a97c4058de97400f3d93119f5)) - - -## v8.0.0-rc.2 (2024-09-27) - -### Fix - -* fix: ToolRepository serialize migrated tools deduplicated (#686) - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35ccdd1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35ccdd1bfec9757457763308d16e1dbf5d9e28e9)) - -### Unknown - -* docs - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2e16408`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2e16408098a3c649b80fb407d4f43aaa34aee39f)) - -* rename `ToolsRepository` -> `ToolRepository` (#687) - -Item class of repository is to be called in singular(`Tool`). - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e00af17`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e00af1739fa6d3933315e96266d96d9b290012ee)) - - -## v8.0.0-rc.1 (2024-09-25) - -### Documentation - -* docs: migrate to v8.0.0 (#684) - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0ac84d7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ac84d76f2e526f329937ab004480405492e7417)) - -### Fix - -* fix: assert copyright headers - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bef268b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bef268b7abe2c3f343274d7789906c99c80e9df9)) - -### Unknown - -* Merge branch 'main' into 8.0.0-dev - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`39514b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/39514b331eef98fbf5208ead341060831f8acddf)) - -* Merge branch 'main' into 8.0.0-dev ([`c123aff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c123aff4bd479ec0f5f1982725ffe8901afb87c9)) - ## v7.6.1 (2024-09-18) -### Breaking - -* feat!: this-builder (#649) - -reworked `ThisTool` for #635 - ---------- - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf5d2c7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf5d2c7e43883967c5d5837f465ecac5a8cc034e)) - -* refactor!: `LicenseExpression()` optional args are named args (#595) - -fixes #594 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0172564`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0172564d5f9529e7ce543da434969b552833de31)) - -* feat!: Add component and services for tools (#635) - -CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and -instead prefers object with an array of components and an array of -services. - -This PR implements that. - -This works de-serializing a Syft SBOM with a tool section like so: -``` - "metadata": { - "timestamp": "2024-06-10T13:06:52-08:00", - "tools": { - "components": [ - { - "type": "application", - "author": "anchore", - "name": "syft", - "version": "1.4.1" - } - ] - }, - "component": { - "bom-ref": "08329a07b4eb8eac", - "type": "file", - "name": "./" - } - }, -``` -Next up: docs, XML (de)serialization code, and tests. - -fixes #561 - ---------- - -Signed-off-by: Joshua Kugler <tek30584@adobe.com> -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> -Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f5fd7a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f5fd7a6be94d93d2260622d39ea01cd74614402)) - -* feat!: 8.0.0 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9ba4b8e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9ba4b8e5d255c8dba51df214786328bfa700291c)) - -### Feature - -* feat: don't add self to `metafata.tools` (#674) - -fixes #673 - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e0a153f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e0a153fbd553dcf29343d72e361c1cc9122c63b4)) - ### Fix * fix: file copyright headers (#676) @@ -173,16 +88,6 @@ correct headers Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35e00b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35e00b4ee5a9306b9e97b011025409bcbfcef309)) -### Unknown - -* Merge branch 'main' into 8.0.0-dev ([`3d1548a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d1548abf5db45764a22fcca96493574f96ff693)) - -* Merge branch 'main' into 8.0.0-dev - -Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`735c800`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/735c8003ce88b0c6efa802ccd806f17d22b4df89)) - -* Merge branch 'main' into 8.0.0-dev ([`0ec785d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ec785d29abcc215a5a0f6feec9bf16b0994cc92)) - ## v7.6.0 (2024-08-14) diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index 16718bf8..23b3f638 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -22,4 +22,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "8.0.0-rc.2" # noqa:Q000 +__version__ = "8.0.0" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index 0354d1e5..326c61be 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '8.0.0-rc.2' +release = '8.0.0' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 6da1ee19..b2919a4c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "8.0.0-rc.2" +version = "8.0.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ",