Skip to content

v8.0.0-rc.2

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 Sep 11:41
· 171 commits to main since this release
v8.0.0-rc.2
ce4a149

BREAKING change from v8.0.0-rc.1 to v8.0.0-rc.2

  • rename ToolsRepository -> ToolRepository (#687)

Fixes

  • ToolRepository serialization will properly deduplicate migrated items

What's Changed

Full Changelog: v8.0.0-rc.1...v8.0.0-rc.2

Full change log of v8.0.0:

BREAKING Changes

  • Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
  • Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
  • Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
    The getter will act accordingly; the setter might act in a backwards-compatible way.
  • cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

  • Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository
  • Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool. Downstream users may do so by utilizing cyclonedx.builder.this.this_tool().

Fixes

  • Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

Added

Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5

  • New class cyclonedx.model.tool.ToolRepository.
  • New function cyclonedx.builder.this.this_component() -- representation of this very python library as a Component.
  • New function cyclonedx.builder.this.this_tool() -- representation of this very python library as a Tool.
  • New function cyclonedx.model.tool.Tool.from_component().

Dependencies

  • Raised runtime dependency py-serializable>=1.1.1,<2, was >=1.1.0,<2.

Docs & Migration Paths

rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/

Contributors

jkowalleck
Assets 6
Loading