Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: CycloneDX/cyclonedx-python-lib
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v9.1.0
Choose a base ref
...
head repository: CycloneDX/cyclonedx-python-lib
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v10.0.0
Choose a head ref
  • 11 commits
  • 49 files changed
  • 5 contributors

Commits on Mar 1, 2025

  1. chore: delete .gitattributes

    file no longer needed, as we have `cyclonedx/schema/_res/.gitattributes` 
    
    Signed-off-by: Jan Kowalleck <[email protected]>
    jkowalleck authored Mar 1, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    84dcdf1 View commit details

Commits on Mar 3, 2025

  1. chore: use 'python-semantic-release/publish-action' (#796)

    Signed-off-by: Indivar <[email protected]>
    indiVar0508 authored Mar 3, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    b647b26 View commit details
  2. chore(release): 9.1.1-rc.1

    Automatically generated by python-semantic-release
    
    Signed-off-by: semantic-release <[email protected]>
    semantic-release committed Mar 3, 2025
    Copy the full SHA
    adc5a43 View commit details
  3. chore: pin python-semantic-release/publish-action to v9

    Signed-off-by: Jan Kowalleck <[email protected]>
    jkowalleck authored Mar 3, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    694cfd2 View commit details

Commits on Mar 13, 2025

  1. chore(deps-dev): update tox requirement from 4.24.1 to 4.24.2 (#798)

    Updates the requirements on [tox](https://github.com/tox-dev/tox) to
    permit the latest version.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/tox-dev/tox/releases">tox's
    releases</a>.</em></p>
    <blockquote>
    <h2>4.24.2</h2>
    <!-- raw HTML omitted -->
    <h2>What's Changed</h2>
    <ul>
    <li>TOX-3117 bugfix -c pyproject with non legacy by <a
    href="https://github.com/AdrianCert"><code>@​AdrianCert</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3471">tox-dev/tox#3471</a></li>
    <li>fix(docs): update expected code by <a
    href="https://github.com/gforcada"><code>@​gforcada</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3480">tox-dev/tox#3480</a></li>
    <li>Add missing bracket in config example by <a
    href="https://github.com/jodal"><code>@​jodal</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3481">tox-dev/tox#3481</a></li>
    <li>Gh issue 3456 update environment variable documentation by <a
    href="https://github.com/jugmac00"><code>@​jugmac00</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3482">tox-dev/tox#3482</a></li>
    <li>fix: Respect <code>--parallel N</code> with
    <code>--parallel-no-spinner</code> by <a
    href="https://github.com/tusharsadhwani"><code>@​tusharsadhwani</code></a>
    in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3495">tox-dev/tox#3495</a></li>
    <li>TOML set_env file support by <a
    href="https://github.com/juditnovak"><code>@​juditnovak</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3478">tox-dev/tox#3478</a></li>
    </ul>
    <h2>New Contributors</h2>
    <ul>
    <li><a
    href="https://github.com/AdrianCert"><code>@​AdrianCert</code></a> made
    their first contribution in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3471">tox-dev/tox#3471</a></li>
    <li><a href="https://github.com/gforcada"><code>@​gforcada</code></a>
    made their first contribution in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3480">tox-dev/tox#3480</a></li>
    <li><a href="https://github.com/jodal"><code>@​jodal</code></a> made
    their first contribution in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3481">tox-dev/tox#3481</a></li>
    <li><a
    href="https://github.com/juditnovak"><code>@​juditnovak</code></a> made
    their first contribution in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3478">tox-dev/tox#3478</a></li>
    </ul>
    <p><strong>Full Changelog</strong>: <a
    href="https://github.com/tox-dev/tox/compare/4.24.1...4.24.2">https://github.com/tox-dev/tox/compare/4.24.1...4.24.2</a></p>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
    changelog</a>.</em></p>
    <blockquote>
    <h2>v4.24.2 (2025-03-07)</h2>
    <p>Bugfixes - 4.24.2</p>
    <pre><code>- multiple source_type supports for the same filename. Like
    pyproject.toml can be load by both TomlPyProject &amp; LegacyToml
    (:issue:`3117`)
    - Support ``set_env = { file = &quot;conf{/}local.env&quot;}`` for TOML
    format - by :user:`juditnovak`. (:issue:`3474`)
    - fix example on the docs (:issue:`3480`)
    - - ``--parallel-no-spinner`` now respects max CPU set by ``--parallel
    N`` (:issue:`3495`)
    <p>Improved Documentation - 4.24.2
    </code></pre></p>
    <ul>
    <li>Updates the documentation for <code>os.environ['KEY']</code> when
    the variable does not exist - by :user:<code>jugmac00</code>.
    (:issue:<code>3456</code>)</li>
    </ul>
    <h2>v4.24.1 (2025-01-21)</h2>
    <p>Misc - 4.24.1</p>
    <pre><code>- :issue:`3426`
    <h2>v4.24.0 (2025-01-21)</h2>
    <p>Features - 4.24.0
    </code></pre></p>
    <ul>
    <li>
    <p>Add a <code>schema</code> command to produce a JSON Schema for tox
    and the current plugins.</p>
    <ul>
    <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
    </ul>
    </li>
    </ul>
    <p>Bugfixes - 4.24.0</p>
    <pre><code>- Log exception name when subprocess execution produces one.
    <ul>
    <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
    </ul>
    <p>Improved Documentation - 4.24.0
    </code></pre></p>
    <ul>
    <li>
    <p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to
    <code>{:}</code>.</p>
    <ul>
    <li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li>
    </ul>
    </li>
    <li>
    <p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code>
    variables by default in <code>pass_env</code> to make generic binaries
    work under Nix/NixOS.</p>
    <ul>
    <li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li>
    </ul>
    </li>
    </ul>
    <h2>v4.23.2 (2024-10-22)</h2>
    <p>Misc - 4.23.2</p>
    <pre><code>&lt;/tr&gt;&lt;/table&gt; 
    </code></pre>
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/tox-dev/tox/commit/05835bfe5db31dfaa71d9fb146602ffcc6b7bfb9"><code>05835bf</code></a>
    release 4.24.2</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/48522626d78e3d01ca18d815b3c02c1701ea7cb0"><code>4852262</code></a>
    TOML set_env file support (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3478">#3478</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/1dac11f5f2ba46272d5a9f0a0731ea243e744aa0"><code>1dac11f</code></a>
    fix: Respect <code>--parallel N</code> with
    <code>--parallel-no-spinner</code> (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3495">#3495</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/fd4490414d9abf7b63380fcdfe5bd38b021cc2e0"><code>fd44904</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3488">#3488</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/32879c8d06752cc860471e98dfd6769be9ccd13e"><code>32879c8</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3486">#3486</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/0a4ba54e5ec68491fe3a82325f2c3fdc8c26d0b4"><code>0a4ba54</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3484">#3484</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/65d404e0e4c5150a72601f8d78e648d964df9888"><code>65d404e</code></a>
    Gh issue 3456 update environment variable documentation (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3482">#3482</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/28212ab9f259656319ca179421a78ae3a2d510f4"><code>28212ab</code></a>
    Add missing bracket in config example (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3481">#3481</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/6b40c0c1598bd6736fedf6e9775d594b1b27dea6"><code>6b40c0c</code></a>
    fix(docs): update expected code (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3480">#3480</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/6e53aea9e22ef4908ad81d3edd401202430ce094"><code>6e53aea</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3479">#3479</a>)</li>
    <li>Additional commits viewable in <a
    href="https://github.com/tox-dev/tox/compare/4.24.1...4.24.2">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    
    
    </details>
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Mar 13, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    aa97f6d View commit details

Commits on Mar 23, 2025

  1. ci: add docs for macos-13 runner

    Signed-off-by: Jan Kowalleck <[email protected]>
    jkowalleck committed Mar 23, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    jkowalleck Jan Kowalleck
    Copy the full SHA
    5c3785c View commit details

Commits on Mar 24, 2025

  1. chore: bandit ignore tox dir

    Signed-off-by: Jan Kowalleck <[email protected]>
    jkowalleck committed Mar 24, 2025

    Verified

    This commit was signed with the committer’s verified signature.
    jkowalleck Jan Kowalleck
    Copy the full SHA
    b346dd8 View commit details

Commits on Apr 2, 2025

  1. chore(deps-dev): update tox requirement from 4.24.2 to 4.25.0 (#803)

    Updates the requirements on [tox](https://github.com/tox-dev/tox) to
    permit the latest version.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/tox-dev/tox/releases">tox's
    releases</a>.</em></p>
    <blockquote>
    <h2>4.25.0</h2>
    <!-- raw HTML omitted -->
    <h2>What's Changed</h2>
    <ul>
    <li>Tests: Adjust expected exception message for Python 3.14.0a6 by <a
    href="https://github.com/hroncok"><code>@​hroncok</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3500">tox-dev/tox#3500</a></li>
    <li>feat(config): Allow ranges in envlist by <a
    href="https://github.com/mimre25"><code>@​mimre25</code></a> in <a
    href="https://redirect.github.com/tox-dev/tox/pull/3503">tox-dev/tox#3503</a></li>
    </ul>
    <p><strong>Full Changelog</strong>: <a
    href="https://github.com/tox-dev/tox/compare/4.24.2...4.25.0">https://github.com/tox-dev/tox/compare/4.24.2...4.25.0</a></p>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
    changelog</a>.</em></p>
    <blockquote>
    <h2>v4.25.0 (2025-03-27)</h2>
    <p>Features - 4.25.0</p>
    <pre><code>- Add support for number ranges in generative environments,
    more details :ref:`here&lt;generative-environment-list&gt;`. - by
    :user:`mimre25` (:issue:`3502`)
    <p>Bugfixes - 4.25.0
    </code></pre></p>
    <ul>
    <li>Make tox tests pass with Python 3.14.0a6
    <ul>
    <li>by :user:<code>hroncok</code> (:issue:<code>3500</code>)</li>
    </ul>
    </li>
    </ul>
    <h2>v4.24.2 (2025-03-07)</h2>
    <p>Bugfixes - 4.24.2</p>
    <pre><code>- multiple source_type supports for the same filename. Like
    pyproject.toml can be load by both TomlPyProject &amp; LegacyToml
    (:issue:`3117`)
    - Support ``set_env = { file = &quot;conf{/}local.env&quot;}`` for TOML
    format - by :user:`juditnovak`. (:issue:`3474`)
    - fix example on the docs (:issue:`3480`)
    - - ``--parallel-no-spinner`` now respects max CPU set by ``--parallel
    N`` (:issue:`3495`)
    <p>Improved Documentation - 4.24.2
    </code></pre></p>
    <ul>
    <li>Updates the documentation for <code>os.environ['KEY']</code> when
    the variable does not exist - by :user:<code>jugmac00</code>.
    (:issue:<code>3456</code>)</li>
    </ul>
    <h2>v4.24.1 (2025-01-21)</h2>
    <p>Misc - 4.24.1</p>
    <pre><code>- :issue:`3426`
    <h2>v4.24.0 (2025-01-21)</h2>
    <p>Features - 4.24.0
    </code></pre></p>
    <ul>
    <li>
    <p>Add a <code>schema</code> command to produce a JSON Schema for tox
    and the current plugins.</p>
    <ul>
    <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
    </ul>
    </li>
    </ul>
    <p>Bugfixes - 4.24.0</p>
    <pre><code>- Log exception name when subprocess execution produces one.
    <ul>
    <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
    </ul>
    <p>Improved Documentation - 4.24.0
    </code></pre></p>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/tox-dev/tox/commit/3d35559ca1e9411708b9e5f73d610691a4fbdefc"><code>3d35559</code></a>
    release 4.25.0</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/0e6b4ad70b96c750e581ed02ae8dcdcad83cee66"><code>0e6b4ad</code></a>
    feat(config): Allow ranges in envlist (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3503">#3503</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/5a67ae1a9e350e1e5a0149d6835bd29c517cc3ee"><code>5a67ae1</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3505">#3505</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/f5f5cb1d7a9269a7a628af9c57eb8f7fbc18cf9f"><code>f5f5cb1</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3499">#3499</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/beba4be197d49abdb8797ae1218dad1e6d1ee005"><code>beba4be</code></a>
    Tests: Adjust expected exception message for Python 3.14.0a6 (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3500">#3500</a>)</li>
    <li><a
    href="https://github.com/tox-dev/tox/commit/794e6be20f8314f989c78699723f4039ab3b22f2"><code>794e6be</code></a>
    [pre-commit.ci] pre-commit autoupdate (<a
    href="https://redirect.github.com/tox-dev/tox/issues/3496">#3496</a>)</li>
    <li>See full diff in <a
    href="https://github.com/tox-dev/tox/compare/4.24.2...4.25.0">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    
    
    </details>
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 2, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    d6a87c5 View commit details

Commits on Apr 23, 2025

  1. feat!: drop support for Python <3.9 (#809)

    Python 3.8 is end-of-life. 
    
    ---------
    
    Signed-off-by: Simoh23999 <[email protected]>
    Signed-off-by: Jan Kowalleck <[email protected]>
    Co-authored-by: Jan Kowalleck <[email protected]>
    Simoh23999 and jkowalleck authored Apr 23, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    8b2a07d View commit details
  2. chore(deps): bump python-semantic-release/python-semantic-release fro…

    …m 9.1.1 to 9.21.0 (#797)
    
    Bumps
    [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release)
    from 9.1.1 to 9.21.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/python-semantic-release/python-semantic-release/releases">python-semantic-release/python-semantic-release's
    releases</a>.</em></p>
    <blockquote>
    <h2>v9.21.0 (2025-02-23)</h2>
    <p><em>This release is published under the MIT License.</em></p>
    <h3>✨ Features</h3>
    <ul>
    <li>Add package name variant, <code>python-semantic-release</code>,
    project script (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1199">PR#1199</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1ac97bc74c69ce61cec98242c19bf8adc1d37fb9"><code>1ac97bc</code></a>)</li>
    </ul>
    <h3>📖 Documentation</h3>
    <ul>
    <li><strong>github-actions</strong>: Update example workflow to handle
    rapid merges (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1200">PR#1200</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1a4116af4b999144998cf94cf84c9c23ff2e352f"><code>1a4116a</code></a>)</li>
    </ul>
    <h3>✅ Resolved Issues</h3>
    <ul>
    <li><a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1195">#1195</a>:
    <em>Native <code>uvx</code> support</em></li>
    </ul>
    <hr />
    <p><strong>Detailed Changes</strong>: <a
    href="https://github.com/python-semantic-release/python-semantic-release/compare/v9.20.0...v9.21.0">v9.20.0...v9.21.0</a></p>
    <hr />
    <p><strong>Installable artifacts are available from</strong>:</p>
    <ul>
    <li>
    <p><a
    href="https://pypi.org/project/python-semantic-release/9.21.0">PyPi
    Registry</a></p>
    </li>
    <li>
    <p><a
    href="https://github.com/python-semantic-release/python-semantic-release/releases/tag/v9.21.0">GitHub
    Release Assets</a></p>
    </li>
    </ul>
    <h2>v9.20.0 (2025-02-17)</h2>
    <p><em>This release is published under the MIT License.</em></p>
    <h3>✨ Features</h3>
    <ul>
    <li>
    <p><strong>cmd-version</strong>: Enable stamping of tag formatted
    versions into files (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1190">PR#1190</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/8906d8e70467af1489d797ec8cb09b1f95e5d409"><code>8906d8e</code></a>)</p>
    </li>
    <li>
    <p><strong>cmd-version</strong>: Extend <code>version_variables</code>
    to stamp versions with <code>@</code> symbol separator (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1185">PR#1185</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/23f69b6ac206d111b1e566367f9b2f033df5c87a"><code>23f69b6</code></a>)</p>
    </li>
    </ul>
    <h3>📖 Documentation</h3>
    <ul>
    <li>
    <p><strong>configuration</strong>: Add usage information for tag format
    version stamping (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1190">PR#1190</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/8906d8e70467af1489d797ec8cb09b1f95e5d409"><code>8906d8e</code></a>)</p>
    </li>
    <li>
    <p><strong>configuration</strong>: Clarify
    <code>version_variables</code> config description &amp; <code>@</code>
    separator usage (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1185">PR#1185</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/23f69b6ac206d111b1e566367f9b2f033df5c87a"><code>23f69b6</code></a>)</p>
    </li>
    </ul>
    <h3>⚙️ Build System</h3>
    <ul>
    <li><strong>deps</strong>: Add <code>deprecated~=1.2</code> for
    deprecation notices &amp; sphinx documentation (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1190">PR#1190</a>,
    <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/8906d8e70467af1489d797ec8cb09b1f95e5d409"><code>8906d8e</code></a>)</li>
    </ul>
    <h3>✅ Resolved Issues</h3>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst">python-semantic-release/python-semantic-release's
    changelog</a>.</em></p>
    <blockquote>
    <h1>v9.21.0 (2025-02-23)</h1>
    <h2>✨ Features</h2>
    <ul>
    <li>Add package name variant, <code>python-semantic-release</code>,
    project script, closes
    <code>[#1195](https://github.com/python-semantic-release/python-semantic-release/issues/1195)</code>_
    (<code>PR#1199</code><em>, <code>1ac97bc</code></em>)</li>
    </ul>
    <h2>📖 Documentation</h2>
    <ul>
    <li><strong>github-actions</strong>: Update example workflow to handle
    rapid merges (<code>PR#1200</code><em>, <code>1a4116a</code></em>)</li>
    </ul>
    <p>.. _<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1195">#1195</a>:
    <a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1195">python-semantic-release/python-semantic-release#1195</a>
    .. _1a4116a: <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1a4116af4b999144998cf94cf84c9c23ff2e352f">https://github.com/python-semantic-release/python-semantic-release/commit/1a4116af4b999144998cf94cf84c9c23ff2e352f</a>
    .. _1ac97bc: <a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1ac97bc74c69ce61cec98242c19bf8adc1d37fb9">https://github.com/python-semantic-release/python-semantic-release/commit/1ac97bc74c69ce61cec98242c19bf8adc1d37fb9</a>
    .. _PR#1199: <a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1199">python-semantic-release/python-semantic-release#1199</a>
    .. _PR#1200: <a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/pull/1200">python-semantic-release/python-semantic-release#1200</a></p>
    <p>.. _changelog-v9.20.0:</p>
    <h1>v9.20.0 (2025-02-17)</h1>
    <h2>✨ Features</h2>
    <ul>
    <li>
    <p><strong>cmd-version</strong>: Enable stamping of tag formatted
    versions into files, closes
    <code>[#846](https://github.com/python-semantic-release/python-semantic-release/issues/846)</code>_
    (<code>PR#1190</code><em>,
    <code>8906d8e</code></em>)</p>
    </li>
    <li>
    <p><strong>cmd-version</strong>: Extend <code>version_variables</code>
    to stamp versions with <code>@</code> symbol separator,
    closes
    <code>[#1156](https://github.com/python-semantic-release/python-semantic-release/issues/1156)</code>_
    (<code>PR#1185</code><em>, <code>23f69b6</code></em>)</p>
    </li>
    </ul>
    <h2>📖 Documentation</h2>
    <ul>
    <li>
    <p><strong>configuration</strong>: Add usage information for tag format
    version stamping (<code>PR#1190</code><em>,
    <code>8906d8e</code></em>)</p>
    </li>
    <li>
    <p><strong>configuration</strong>: Clarify
    <code>version_variables</code> config description &amp; <code>@</code>
    separator usage
    (<code>PR#1185</code><em>, <code>23f69b6</code></em>)</p>
    </li>
    </ul>
    <h2>⚙️ Build System</h2>
    <ul>
    <li><strong>deps</strong>: Add <code>deprecated~=1.2</code> for
    deprecation notices &amp; sphinx documentation
    (<code>PR#1190</code><em>,
    <code>8906d8e</code></em>)</li>
    </ul>
    <p>.. _<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1156">#1156</a>:
    <a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1156">python-semantic-release/python-semantic-release#1156</a></p>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/26bb37cfab71a5a372e3db0f48a6eac57519a4a6"><code>26bb37c</code></a>
    9.21.0</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1a4116af4b999144998cf94cf84c9c23ff2e352f"><code>1a4116a</code></a>
    ci(release): improve concurrency restrictions to prevent release
    collisions (...</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/1ac97bc74c69ce61cec98242c19bf8adc1d37fb9"><code>1ac97bc</code></a>
    feat: add package name variant, <code>python-semantic-release</code>,
    project script (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1">#1</a>...</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/2e868255e9de7550f19996018d8825cb254ba7a4"><code>2e86825</code></a>
    ci(deps): bump
    <code>python-semantic-release/[email protected]</code> to 9.20.0
    (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1">#1</a>...</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/3b7466302c07c543377ec0c79bf178291d51f7ca"><code>3b74663</code></a>
    9.20.0</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/23f69b6ac206d111b1e566367f9b2f033df5c87a"><code>23f69b6</code></a>
    feat(cmd-version): extend <code>version_variables</code> to stamp
    versions with <code>@</code> symb...</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/8906d8e70467af1489d797ec8cb09b1f95e5d409"><code>8906d8e</code></a>
    feat(cmd-version): enable stamping of tag formatted versions into files
    (<a
    href="https://redirect.github.com/python-semantic-release/python-semantic-release/issues/1190">#1190</a>)</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/84b203f75d30f3047705bc669dbeae90f54e2cef"><code>84b203f</code></a>
    test(main): use easiest &amp; common repo for non-comprehensive
    tests</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/0363ea30bb9fcfc8b5747fea5a8ba1502bd1c4c6"><code>0363ea3</code></a>
    test(cmd-version): fix release notes test implementation to avoid date
    change...</li>
    <li><a
    href="https://github.com/python-semantic-release/python-semantic-release/commit/a900b2b21318a8a59cdb25c3d99de732340b77bb"><code>a900b2b</code></a>
    ci(tests-e2e): mark long running tests to prevent windows execution</li>
    <li>Additional commits viewable in <a
    href="https://github.com/python-semantic-release/python-semantic-release/compare/v9.1.1...v9.21.0">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-semantic-release/python-semantic-release&package-manager=github_actions&previous-version=9.1.1&new-version=9.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    You can trigger a rebase of this PR by commenting `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    
    
    </details>
    
    > **Note**
    > Automatic rebases have been disabled on this pull request as it has
    been open for over 30 days.
    
    ---------
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Signed-off-by: Jan Kowalleck <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Jan Kowalleck <[email protected]>
    dependabot[bot] and jkowalleck authored Apr 23, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    5a6a8f8 View commit details
  3. chore(release): 10.0.0

    Automatically generated by python-semantic-release
    
    Signed-off-by: semantic-release <[email protected]>
    semantic-release committed Apr 23, 2025
    Copy the full SHA
    707ae92 View commit details
Showing with 1,505 additions and 2,916 deletions.
  1. +0 −3 .gitattributes
  2. +7 −5 .github/workflows/python.yml
  3. +3 −3 .github/workflows/release.yml
  4. +1,332 −2,754 CHANGELOG.md
  5. +1 −0 bandit.yml
  6. +1 −1 cyclonedx/__init__.py
  7. +3 −3 cyclonedx/_internal/compare.py
  8. +15 −14 cyclonedx/model/__init__.py
  9. +2 −1 cyclonedx/model/bom.py
  10. +2 −2 cyclonedx/model/bom_ref.py
  11. +11 −10 cyclonedx/model/component.py
  12. +2 −1 cyclonedx/model/contact.py
  13. +2 −1 cyclonedx/model/crypto.py
  14. +4 −3 cyclonedx/model/definition.py
  15. +5 −4 cyclonedx/model/dependency.py
  16. +2 −1 cyclonedx/model/issue.py
  17. +4 −4 cyclonedx/model/license.py
  18. +4 −4 cyclonedx/model/lifecycle.py
  19. +2 −1 cyclonedx/model/release_note.py
  20. +2 −1 cyclonedx/model/service.py
  21. +10 −9 cyclonedx/model/tool.py
  22. +7 −6 cyclonedx/model/vulnerability.py
  23. +3 −2 cyclonedx/output/__init__.py
  24. +4 −4 cyclonedx/output/json.py
  25. +2 −2 cyclonedx/output/xml.py
  26. +2 −2 cyclonedx/schema/__init__.py
  27. +4 −4 cyclonedx/schema/_res/__init__.py
  28. +2 −2 cyclonedx/schema/schema.py
  29. +3 −3 cyclonedx/spdx.py
  30. +2 −2 cyclonedx/validation/json.py
  31. +2 −2 cyclonedx/validation/xml.py
  32. +1 −1 docs/conf.py
  33. +20 −15 pyproject.toml
  34. +5 −4 tests/__init__.py
  35. +4 −4 tests/_data/models.py
  36. +6 −5 tests/test_builder_this.py
  37. +2 −1 tests/test_deserialize_json.py
  38. +2 −1 tests/test_deserialize_xml.py
  39. +4 −3 tests/test_enums.py
  40. +2 −2 tests/test_model_bom.py
  41. +1 −2 tests/test_model_component.py
  42. +1 −2 tests/test_output.py
  43. +2 −1 tests/test_output_json.py
  44. +2 −1 tests/test_output_xml.py
  45. +1 −1 tests/test_schema__res.py
  46. +1 −2 tests/test_validation.py
  47. +1 −1 tests/test_validation_xml.py
  48. +2 −2 tox.ini
  49. +3 −14 typings/sortedcontainers.pyi
3 changes: 0 additions & 3 deletions .gitattributes

This file was deleted.

12 changes: 7 additions & 5 deletions .github/workflows/python.yml
Original file line number Diff line number Diff line change
@@ -86,7 +86,7 @@ jobs:
toxenv-factors: '-current'
- # test with the lowest dependencies
os: ubuntu-latest
python-version: '3.8'
python-version: '3.9'
toxenv-factors: '-lowest'
steps:
- name: Checkout
@@ -115,14 +115,16 @@ jobs:
strategy:
fail-fast: false
matrix:
os: ['ubuntu-latest', 'windows-latest', 'macos-13']
os:
- ubuntu-latest
- macos-13 # macos-latest might be incompatible to py310 - see https://github.com/CycloneDX/cyclonedx-python-lib/pull/599#issuecomment-2077462142
- windows-latest
python-version:
- "3.13" # highest supported
- "3.12"
- "3.11"
- "3.10"
- "3.9"
- "3.8" # lowest supported
- "3.9" # lowest supported
toxenv-factors:
- '-allExtras'
- '-noExtras'
@@ -216,7 +218,7 @@ jobs:
# see https://github.com/actions/setup-python
uses: actions/setup-python@v5
with:
python-version: '>=3.8 <=3.13' # supported version range
python-version: '>=3.9 <=3.13' # supported version range
- name: Validate Python Environment
shell: python
run: |
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -106,7 +106,7 @@ jobs:
id: release
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html
# see https://github.com/python-semantic-release/python-semantic-release
uses: python-semantic-release/python-semantic-release@v9.1.1
uses: python-semantic-release/python-semantic-release@v9.21.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
force: ${{ github.event.inputs.release_force }}
@@ -122,8 +122,8 @@ jobs:

- name: Publish package distributions to GitHub Releases
if: steps.release.outputs.released == 'true'
# see https://github.com/python-semantic-release/upload-to-gh-release
uses: python-semantic-release/upload-to-gh-release@main
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html#python-semantic-release-publish-action
uses: python-semantic-release/publish-action@v9
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.release.outputs.tag }}
Loading