v2.3.0

Feature

• Add support for Dependency Graph in Model and output serialisation (ea34513)

v2.2.0

Feature

• Bump XML schemas to latest fix version for 1.2-1.4 - see: (bd2e756)
• Bump JSON schemas to latest fix verison for 1.2 and 1.3 - see: (bd6a088)

v2.1.1

Fix

• Prevent error if version not set (b9a84b5)
• version being optional in JSON output can raise error (ba0c82f)

v2.1.0

Feature

• Output errors are verbose (bfe8fb1)

v2.0.0

Feature

• Bump dependencies (da3f0ca)
• Completed work on #155 (#172) (a926b34)
• Support complete model for bom.metadata (#162) (2938a6c)
• Support for bom.externalReferences in JSON and XML #124 (1b733d7)
• Complete support for bom.components (#155) (32c0139)
• Support services in XML BOMs (9edf6c9)

Fix

• license_url not serialised in XML output #179 (#180) (f014d7c)
• Component.bom_ref is not Optional in our model implementation (in the schema it is) - we generate a UUID if bom_ref is not supplied explicitly (5c954d1)
• Temporary fix for __hash__ of Component with properties #153 (a51766d)
• Further fix for #150 (1f55f3e)
• Regression introduced by first fix for #150 (c09e396)
• Components with no version (optional since 1.4) produce invalid BOM output in XML #150 (70d25c8)
• expression not supported in Component Licsnes for version 1.0 (15b081b)

Breaking

• Adopt PEP-3102 (da3f0ca)
• Optional Lists are now non-optional Sets (da3f0ca)
• Remove concept of DEFAULT schema version - replaced with LATEST schema version (da3f0ca)
• Added BomRef data type (da3f0ca)

v1.3.0

Feature

• bom-ref for Component and Vulnerability default to a UUID (#142) (3953bb6)

v1.2.0

Feature

• Add CPE to component (#138) (269ee15)

v1.1.1

Fix

• Bump dependencies (#136) (18ec498)

v1.1.0

Feature

• Add support for bom.metadata.component (#118) (1ac31f4)

v1.0.0

Support for CycloneDX schema version 1.4 (#108)

Breaking Changes

Support for CycloneDX 1.4. This includes:

• Support for tools having externalReferences
• Allowing version for a Component to be optional in 1.4
• Support for releaseNotes per Component
• Support for the core schema implementation of Vulnerabilities (VEX)

Features

• $schema is now included in JSON BOMs
• Concrete Parsers have now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python

Fixes

• Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
• Ensure schema is adhered to in 1.0
• URIs are now used throughout the library through a new XsUri class to provide URI validation

Other

• Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
• Added reference to release of this library on Anaconda

Full Changelog: v0.12.3...v1.0.0