Skip to content

CHANGELOG.md

Latest commit

 

History

History
1098 lines (636 loc) · 36.2 KB

CHANGELOG.md

File metadata and controls

1098 lines (636 loc) · 36.2 KB

CHANGELOG

v7.3.0 (2026-03-30)

Features

  • Add -S flag to skip *.pth evaluation during environment analysis (#1032, 55c15d7)

v7.2.2 (2026-02-19)

Documentation

v7.2.1 (2025-10-29)

Documentation

v7.2.0 (2025-10-16)

Documentation

  • Add Changelog to project urls (5f38d75)

Features

v7.1.0 (2025-09-02)

Documentation

Features

  • Support runtime-dependency cyclonedx-python-lib v11 (#938, 7818754)

v7.0.0 (2025-07-14)

BREAKING Changes

  • Finalize PEP639, auto-enable it, remove CLI switch environment --PEP-639 (#928, 6b81028)

  • Remove deprecated CLI switches --schema-version and --outfile, use --spec-version and --output-file instead (#892, 2be98e5)

v6.1.3 (2025-07-08)

Bug Fixes

  • License file detection according to PEP621 (#929, 28dcbf7)

v6.1.2 (2025-06-26)

Bug Fixes

  • Make pep621 license detections type-aware (#920, 0c9aeac)

Documentation

  • Formatting and reorder of code style instructions. (15ac2cd)

  • License file *.rst are NOT type text - they are binary (#911, 168f81d)

v6.1.1 (2025-05-12)

Bug Fixes

v6.1.0 (2025-05-12)

Documentation

  • Fix default value for --spec-version (2f2982b)

Features

v6.0.0 (2025-04-24)

Features

  • Add mimetype detection for rich text format (rtf) (#886, 9861a46)

  • Drop support for python <3.9 (#883, 9a5e6d8)

  • Spec-version defaults to CycloneDX 1.6 (#885, 880dd79)

v5.5.0 (2025-04-23)

Features

  • Support runtime-dependency packaging ^25 (#882, 4fa5a35)

v5.4.0 (2025-04-23)

Documentation

Features

  • Deprecate CLI switch --outfile; use new --output-file instead (#875, fb30ee0)

  • Deprecate CLI switch --schema-version; use new --spec-version instead (#871, bbae05f)

  • Support cyclonedx-python-lib ^10 (#880, 545dde0)

v5.3.0 (2025-02-26)

Features

  • Add support for cyclonedx-python-lib>=9.0<10 (#854, 45ae96e)

v5.2.0 (2025-02-20)

Documentation

Features

  • Subcommand environment got aliases env, venv (#850, aaed12a)

v5.1.2 (2025-01-21)

Bug Fixes

  • poetry: Properly handle multi-declaration (optional) dependencies (#842, 18c5f0e)

Documentation

v5.1.1 (2024-11-09)

Bug Fixes

  • Schema-invalid CycloneDX when running PEP639 analysis (#828, b2595cf)

Documentation

  • Fix headline structure in readme (74f07e1)

v5.1.0 (2024-10-23)

Features

v5.0.0 (2024-10-15)

Documentation

  • chaneglog: Omit chore/ci/refactor/style/test/build (#813, 6707959)

Features

BREAKING Changes

  • Emitted metadata tool name is cyclonedx-py, was cyclonedx-bom. * Emitted metadata tools are up to non-deprecated CycloneDX specification. * No longer emit deprecated or undocumented properties in namespace cdx:poetry (see previous release 4.6.0 for official replacements). - cdx:poetry:source:package:reference - cdx:poetry:package:source:resolved_reference - cdx:poetry:package:source:vcs:requested_revision - cdx:poetry:package:source:vcs:commit_id

The mentioned changes are considered "breaking" for processes that relied on the respective data structures. Migration paths are self-explanatory.

Dependencies

  • Requires cyclonedx-python-lib>=8.0.0,<9 now, was >=7.3.0,<8.0.0,!=7.3.1.

v4.6.1 (2024-09-30)

Bug Fixes

  • Help page for sub command "environment" on windows (#805, 9e8a5d7)

Documentation

v4.6.0 (2024-09-20)

Documentation

Features

  • Populate properties cdx:python:package:source:vcs:... (#790, b08e1bb)

v4.5.1 (2024-09-18)

Bug Fixes

Documentation

v4.5.0 (2024-06-10)

Documentation

  • Exclude dep bumps from changelog (#750, 3d02d6a)

  • Ossf best practice badge percentage (5717803)

Features

  • Environment - gather declared license information according to PEP639 (#755, e9cc805)

v4.4.3 (2024-04-26)

Bug Fixes

v4.4.2 (2024-04-21)

Bug Fixes

v4.4.1 (2024-04-21)

Bug Fixes

v4.4.0 (2024-04-21)

Features

v4.3.0 (2024-04-20)

Features

v4.2.0 (2024-04-18)

Features

v4.1.6 (2024-04-15)

Bug Fixes

v4.1.5 (2024-04-11)

Bug Fixes

  • Docs for default of CLI switch --mc-type (#710, a218b40)

v4.1.4 (2024-03-28)

Bug Fixes

  • Poetry analyzer crashed with certain optional package's version constraints (#703, 8ade6e1)

v4.1.3 (2024-03-15)

Bug Fixes

  • Declared license texts as such, not as license name (#694, ec7ab3e)

Documentation

  • Imprve environment use cases and examples (#690, 0d38c7b)

v4.1.2 (2024-03-01)

Build System

v4.1.1 (2024-02-03)

Bug Fixes

Documentation

  • Improve example for programmatic call of CLI (#670, 2ac3f21)

v4.1.0 (2024-02-02)

Features

  • Support poetry multi-constraint dependencies (#668, 50d2a4b)

v4.0.0 (2024-01-31)

Features

Changelog

See also the migration guide in the docs.

  • BC: Removed support for python < 3.8
  • BC: Removed deprecated shell script cyclonedx-bom; use cyclonedx-py instead
  • BC: Removed conda support. However, conda's Python environments are fully supported. See below.
  • BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
  • BC: Complete redesign of the CommandLineInterface(CLI):
    • Uses sub-commands for easy accessibility and divide in specific purposes and domains
    • Easy understandable flags, switches and options -- in accordance with the domains
    • Updated help pages, added usage examples
    • Dozens of new features and fixes, such as:
    • environment analyzer supports any Python (virtual) environment -- including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv
    • Poetry analyzer support groups, filtering, and such
    • Pipenv analyzer support categories, filtering, and such
    • requirements analyzer is feature complete and fixed - More details in the SBOM results (based on method)
    • PackageURLs may have more qualifiers (enabled per default, disable via --short-PURLs)
    • component properties according to official taxonomy - SBOM results may be validated (enabled per default, disable via --no-validate)
    • SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry) - SBOM results may have root-component populated (if pyproject provided)
    • SBOM results are more diff-friendly and not just one long line of text
    • Fixed possible issues with input data encoding
    • May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
    • Strip authentication secrets from (private) download/index URLs
    • Support CycloneDX 1.5
    • which is the default now - Upgraded documentation, examples, ...
    • Complete rewrite from scratch - Dependencies were bumped, dropped, added, ...
    • QA and test suites were massively enhanced

v3.11.7 (2023-11-03)

Bug Fixes

  • Toml-compatible fingers-crossed handling for failed input data decoding (#613, fb3d7bf)

v3.11.6 (2023-11-03)

Bug Fixes

  • Added a fingers-crossed handling for failed input data decoding (#612, be55902)

v3.11.5 (2023-10-20)

Bug Fixes

v3.11.4 (2023-10-19)

Bug Fixes

  • Input file encoding fallback (0bc7296)

v3.11.3 (2023-10-19)

Bug Fixes

Documentation

v3.11.2 (2023-07-12)

Bug Fixes

  • Referenced branch main, instead of master (#562, 830d15c)

v3.11.1 (2023-07-12)

Bug Fixes

v3.11.0 (2023-02-11)

Documentation

Features

  • Deprecated CLI command cyclonedx-bom prints deprecation warning on STDERR before execution (#489, 2009236)

v3.10.1 (2022-12-15)

Bug Fixes

  • Purl for PyPI packages from 'conda list' have the correct format now (#471, 1573064)

Documentation

  • Improve CONTRIBUTION instructions - sign-off step (#470, 578c0a8)

v3.10.0 (2022-12-13)

Features

  • Add support for poetry lock format v2.0 (#469, 0b1e07f)

v3.9.0 (2022-12-13)

Features

  • Parsers can outbut more debug messages (#466, 9eedb4f)

v3.8.0 (2022-12-12)

Features

  • Error- and debug-output is send to STDERR, instead of STDOUT (#465, f543b69)

v3.7.4 (2022-12-12)

Bug Fixes

v3.7.3 (2022-12-11)

Bug Fixes

  • Adjust dependency pip-requirements-parser to a working version (#450, 6101986)

v3.7.2 (2022-11-15)

Bug Fixes

  • Add a missing space in the help pages pathto -> path to (#443, bc5fe57)

Documentation

v3.7.1 (2022-11-10)

Bug Fixes

  • EnvironmentParser: Reduced crashes if no Classifiers are found (#441, 67f56e7)

v3.7.0 (2022-11-10)

Features

  • Pass purl-bom-ref to EnvironmentParser (#432, 7cfefeb)

v3.6.4 (2022-11-10)

Bug Fixes

  • EnvironmentParser: Remove code break when classifier parsing in py>=3.8 (#431, 4ab075e)

v3.6.3 (2022-09-19)

Bug Fixes

v3.6.2 (2022-09-19)

Bug Fixes

v3.6.1 (2022-09-19)

Bug Fixes

  • Properly declare licenses from environment (#417, 25f9e29)

v3.6.0 (2022-09-16)

Documentation

  • Describe cyclonedx-py rather than cyclonedx-bom (c04196e)

  • Fix minor typo in poetry usage docs (#407, 0abe230)

  • Minor updates to poetry usage details & contributing.md (#407, 0abe230)

Features

  • Enable dependency cyclonedx-python-lib@^3 (#418, 05cd51e)

v3.5.0 (2022-06-27)

v3.4.0 (2022-06-16)

v3.3.0 (2022-06-16)

v3.2.2 (2022-06-02)

Bug Fixes

  • Add actively used (transitive) dependencies (#363, 1f45ad9)

v3.2.1 (2022-04-05)

Bug Fixes

  • Cli default file for json format (8747620)

v3.2.0 (2022-04-05)

Bug Fixes

  • Fix style and remove unnecessary package (#333, 0ff6493)

Documentation

  • Describe methods to call the tool (2bac83a)

Features

v3.1.1 (2022-03-21)

Bug Fixes

  • conda-parser: Version recognition for strings (#332, 65246dd)

Documentation

v3.1.0 (2022-03-10)

Bug Fixes

  • Sort imports (fdec44b)

  • Try to fix the temp file issue on Windows machines (684d4f0)

Documentation

  • Update RequirementsFileParser docs to include nested file support (9e9021d)

Features

  • Add pip-requirements-parser and update virtualenv to latest version (73b2182)

  • Add support for hashes, local packages and private repositories (addc21a)

v3.0.0 (2022-02-21)

Features

  • Added marker and classifiers to denote this as typed (#313, f317353)

  • Bump to latest cyclonedx-python-lib (5902fbf)

BREAKING CHANGE: Default Schema Version has been replaced by notion of LATEST supported Schema Version

  • Update to latest RC of cyclonedx-python-lib (6c8b517)

  • Update to latest RC of cyclonedx-python-lib (bc8ee6b)

Breaking Changes

  • Default Schema Version has been replaced by notion of LATEST supported Schema Version

v2.0.3 (2022-02-03)

Bug Fixes

  • Docker image releae checkout ref w/o tags (#309, 5d8b1e1)

v2.0.2 (2022-02-03)

Bug Fixes

v2.0.1 (2022-01-24)

Bug Fixes

  • Bump dependencies to get latest cyclonedx-python-lib (87c3fe7)

v2.0.0 (2022-01-13)

Bug Fixes

Documentation

Features

  • Add support for CycloneDX 1.4 specification (#294, 7bb6d32)

  • Add support for output to CycloneDX 1.4 (draft) (#294, 7bb6d32)

  • Breaking CHANGE - relocated concrete parsers (#294, 7bb6d32)

  • Breaking CHANGE - relocated concrete parsers from cyclonedx-python-lib (#294, 7bb6d32)

v1.5.3 (2021-11-23)

v1.5.2 (2021-11-23)

Bug Fixes

  • Corrected docker image build process to not rely on dist folder which is cleaned up by python-semantic-release (6c65c11)

  • Revert to previous process for building Docker image as PyPi index update is too slow to pull straight away after publish (67bb738)

v1.5.1 (2021-11-23)

Bug Fixes

  • Re-enable build and publish of Docker Image (#263, 478360d)

  • Update Dockerfile to use Python 3.10 (#263, 478360d)

v1.5.0 (2021-11-17)

Features

v1.4.3 (2021-11-16)

Bug Fixes

  • Add static code analysis, better typing and bump cyclonedx-python-lib to 0.11 (d5d9f56)

v1.4.2 (2021-11-12)

Bug Fixes

  • If no input file is supplied and no input is provided on STDIN, we will now try to automatically locate (in the current working directory) a manifest with default name for the input type specified. This works for PIP (Pipfile.lock), Poetry (poetry.lock) and Requirements (requirements.txt) (93f9e59)

v1.4.1 (2021-10-26)

Bug Fixes

  • Corrected documentation after deprecation of -rf, -pf, --poetry-file, --requirements-file and --pip-file (4c4c8d8)

v1.4.0 (2021-10-21)

Bug Fixes

  • Encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.1) (fe5df36)

  • Encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.2) (da6772b)

Features

  • Add conda support (bump cyclonedx-python-lib to ^0.10.0) (cb24275)

v1.3.1 (2021-10-19)

Bug Fixes

  • Bump to cyclonedx-python-lib to resolve issue #244 (ebea3ef)

v1.3.0 (2021-10-19)

Features

  • Add license information in CycloneDX BOM when using Environment as the source (5d1f9a7)

v1.2.0 (2021-10-12)

Features

  • Update to latest stable cyclonedx-python-lib (6145bd5)

v1.1.0 (2021-10-04)

Features

  • Add support for generating SBOM from poetry.lock files (bb4ac0f)

v1.0.5 (2021-09-27)

Bug Fixes

  • Handle requirements.txt which contain dependencies without a version statement and warn that they cannot be included in the resulting CycloneDX BOM (e637e56)

v1.0.4 (2021-09-27)

Bug Fixes

  • Error message when requirements.txt file is non-existent updated (3bbc071)

v1.0.3 (2021-09-27)

Bug Fixes

  • Default to "requirements.txt" in current directory when "-r" flag is supplied but not "-rf" flag is supplied (bb7e30a)

Build System

  • Added flake8 as dev dependency (a8fed84)

  • Updated all dependencies (616b949)

v1.0.2 (2021-09-13)

Bug Fixes

v1.0.1 (2021-09-13)

Bug Fixes

  • ci: Corrected main to master branch. (7162cd9)

v0.4.3 (2020-12-06)

v0.4.2 (2020-10-08)

v0.4.1 (2020-09-09)

v0.4.0 (2020-09-03)

v0.3.5 (2019-12-04)

v0.3.4 (2019-12-04)

v0.3.3 (2019-11-13)

  • Initial Release