Releases: sw360/capywfa
Releases · sw360/capywfa
v0.10.0
This new release brings some major changes (in some regards, they might be breaking changes for a small number of users):
major changes:
- respect PURL qualifiers during mapping, if PURLs don't match, source attachments are checked and the user is informed about the result
- SBOM properties for workflow control renamed from distroclearing:* to capywfa:* Additionally, our property Sw360SourceFileChecked was renamed to Sw360SourceFileCheck
- deprecate Python 3.9 so we can update urllib3 to 2.5 to fix CVE-2025-50181/-50182
new features / fixes:
- lst_to_sbom: add support for guessing Alpine Linux 3.22
- lst_to_sbom: create valid CycloneDX BOMs using the CycloneDX Python library
- update requests to 2.32.4 to fix CVE-2024-47081
Note this release can't be pushed to PyPI as we're depending on the main branch of CaPyCli, we have to wait for a new CaPyCli release including the PURL qualifier mapping feature.
Full Changelog: v0.9.3...v0.10.0
v0.9.3
What's Changed
- update CaPyCli to 2.8.0 including better PackageURL handling and release verification, watch out for "No unique release/component match" in the output!
Changelog: https://github.com/sw360/capywfa/blob/main/ChangeLog.md#093
Full Changelog: v0.9.2...v0.9.3