docs

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/model/vulnerability.py

@@ -489,10 +489,19 @@ class VulnerabilityReference:
 
     .. note::
         Properties ``id`` and ``source`` are mandatory.
-        In v1.4 JSON scheme, both properties were mandatory: https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.schema.json#L1455-L1474
-        In v1.4 XML schema, both properties were optional: https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.xsd#L1788-L1797
-        In v1.5 XML schema, both were mandatory: https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.5.xsd#L3364-L3374
-        Decision: since CycloneDXCoreWorkingGroup chose JSON schema as the dominant schema, the one that serves as first spec implementation, and since XML schema was "fixed" to work same as JSON schema, we'd consider it canon/spec that both properties were always mandatory.
+
+        History:
+        * In v1.4 JSON scheme, both properties were mandatory
+          https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.schema.json#L1455-L1474
+        * In v1.4 XML schema, both properties were optional
+          https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.xsd#L1788-L1797
+        * In v1.5 XML schema, both were mandatory
+          https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.5.xsd#L3364-L3374
+
+        Decision:
+        Since CycloneDXCoreWorkingGroup chose JSON schema as the dominant schema, the one that serves as first spec
+        implementation, and since XML schema was "fixed" to work same as JSON schema, we'd consider it canon/spec that
+        both properties were always mandatory.
     """
 
     def __init__(