Merge branch 'main' into bugfix_dependency_warning_617

Author: weichslgartner

.github/workflows/python.yml

@@ -4,14 +4,14 @@ name: Python CI
 
 on:
   push:
-    branches: ["main"]
+    branches: ["main", "next"]
+    tags: [ 'v*' ]
   pull_request:
-    branches-ignore: ['dependabot/**']
   workflow_dispatch:
   schedule:
-    # schedule weekly tests, since some dependencies are not intended to be pinned
-    # this means: at 23:42 on Fridays
-    - cron: '42 23 * * 5'
+    # schedule daily tests, since some dependencies are not intended to be pinned
+    # this means: at 23:42 every day
+    - cron: '42 23 * * *'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/release.yml

@@ -1,8 +1,6 @@
 name: Release
 
 on:
-  push:
-    branches: [ 'main', 'master' ]
   workflow_dispatch:
     inputs:
       release_force:

CHANGELOG.md

@@ -2,6 +2,34 @@
 
 
 
+## v8.3.0 (2024-10-26)
+
+### Documentation
+
+* docs: revisit examples readme (#725)
+
+Signed-off-by: Jan Kowalleck <[email protected]> ([`e9020f0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e9020f0b709a5245d1749d2811b8568f892869bb))
+
+### Feature
+
+* feat: add basic support for Definitions  (#701)
+
+
+
+---------
+
+Signed-off-by: Hakan Dilek <[email protected]> ([`a1573e5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a1573e5af12bb54c7328c73971dc2c2f8d820c0a))
+
+
+## v8.2.1 (2024-10-24)
+
+### Fix
+
+* fix: encode quotation mark in URL (#724)
+
+Signed-off-by: Jan Kowalleck <[email protected]> ([`a7c7c97`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a7c7c97c37ee1c7988c028aa779f74893f858c7b))
+
+
 ## v8.2.0 (2024-10-22)
 
 ### Feature

cyclonedx/__init__.py

@@ -22,4 +22,4 @@
 
 # !! version is managed by semantic_release
 # do not use typing here, or else `semantic_release` might have issues finding the variable
-__version__ = "8.2.0"  # noqa:Q000
+__version__ = "8.3.0"  # noqa:Q000

cyclonedx/_internal/__init__.py

@@ -20,3 +20,6 @@
 !!! ALL SYMBOLS IN HERE ARE INTERNAL.
 Everything might change without any notice.
 """
+
+# THIS FILE IS INTENDED TO BE EMPTY.
+# Put symbols in own modules/packages, not in this file!

cyclonedx/_internal/bom_ref.py

@@ -0,0 +1,51 @@
+# This file is part of CycloneDX Python Library
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
+
+"""
+!!! ALL SYMBOLS IN HERE ARE INTERNAL.
+Everything might change without any notice.
+"""
+
+from typing import Literal, Optional, Union, overload
+
+from ..model.bom_ref import BomRef
+
+
+@overload
+def bom_ref_from_str(bom_ref: BomRef, optional: bool = ...) -> BomRef:
+    ...  # pragma: no cover
+
+
+@overload
+def bom_ref_from_str(bom_ref: Optional[str], optional: Literal[False] = False) -> BomRef:
+    ...  # pragma: no cover
+
+
+@overload
+def bom_ref_from_str(bom_ref: Optional[str], optional: Literal[True] = ...) -> Optional[BomRef]:
+    ...  # pragma: no cover
+
+
+def bom_ref_from_str(bom_ref: Optional[Union[str, BomRef]], optional: bool = False) -> Optional[BomRef]:
+    if isinstance(bom_ref, BomRef):
+        return bom_ref
+    if bom_ref:
+        return BomRef(value=str(bom_ref))
+    return None \
+        if optional \
+        else BomRef()

cyclonedx/model/__init__.py

@@ -689,6 +689,8 @@ class XsUri(serializable.helpers.BaseHelper):
 
     __SPEC_REPLACEMENTS = (
         (' ', '%20'),
+        ('"', '%22'),
+        ("'", '%27'),
         ('[', '%5B'),
         (']', '%5D'),
         ('<', '%3C'),

cyclonedx/model/bom.py

@@ -41,6 +41,7 @@
 from .bom_ref import BomRef
 from .component import Component
 from .contact import OrganizationalContact, OrganizationalEntity
+from .definition import Definitions
 from .dependency import Dependable, Dependency
 from .license import License, LicenseExpression, LicenseRepository
 from .lifecycle import Lifecycle, LifecycleRepository, _LifecycleRepositoryHelper
@@ -327,6 +328,7 @@ def __init__(
         dependencies: Optional[Iterable[Dependency]] = None,
         vulnerabilities: Optional[Iterable[Vulnerability]] = None,
         properties: Optional[Iterable[Property]] = None,
+        definitions: Optional[Definitions] = None,
     ) -> None:
         """
         Create a new Bom that you can manually/programmatically add data to later.
@@ -343,6 +345,7 @@ def __init__(
         self.vulnerabilities = vulnerabilities or []  # type:ignore[assignment]
         self.dependencies = dependencies or []  # type:ignore[assignment]
         self.properties = properties or []  # type:ignore[assignment]
+        self.definitions = definitions or Definitions()
 
     @property
     @serializable.type_mapping(UrnUuidHelper)
@@ -552,6 +555,22 @@ def vulnerabilities(self, vulnerabilities: Iterable[Vulnerability]) -> None:
     # def formulation(self, ...) -> None:
     #     ...  # TODO Since CDX 1.5
 
+    @property
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.xml_sequence(110)
+    def definitions(self) -> Optional[Definitions]:
+        """
+        The repository for definitions
+
+        Returns:
+            `Definitions`
+        """
+        return self._definitions if len(self._definitions.standards) > 0 else None
+
+    @definitions.setter
+    def definitions(self, definitions: Definitions) -> None:
+        self._definitions = definitions
+
     def get_component_by_purl(self, purl: Optional['PackageURL']) -> Optional[Component]:
         """
         Get a Component already in the Bom by its PURL

cyclonedx/model/component.py

@@ -26,6 +26,7 @@
 from packageurl import PackageURL
 from sortedcontainers import SortedSet
 
+from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str
 from .._internal.compare import ComparablePackageURL as _ComparablePackageURL, ComparableTuple as _ComparableTuple
 from .._internal.hash import file_sha1sum as _file_sha1sum
 from ..exception.model import InvalidOmniBorIdException, InvalidSwhidException, NoPropertiesProvidedException
@@ -1097,10 +1098,7 @@ def __init__(
     ) -> None:
         self.type = type
         self.mime_type = mime_type
-        if isinstance(bom_ref, BomRef):
-            self._bom_ref = bom_ref
-        else:
-            self._bom_ref = BomRef(value=str(bom_ref) if bom_ref else None)
+        self._bom_ref = _bom_ref_from_str(bom_ref)
         self.supplier = supplier
         self.manufacturer = manufacturer
         self.authors = authors or []  # type:ignore[assignment]

cyclonedx/model/contact.py

@@ -21,6 +21,7 @@
 import serializable
 from sortedcontainers import SortedSet
 
+from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str
 from .._internal.compare import ComparableTuple as _ComparableTuple
 from ..exception.model import NoPropertiesProvidedException
 from ..schema.schema import SchemaVersion1Dot6
@@ -49,8 +50,7 @@ def __init__(
         postal_code: Optional[str] = None,
         street_address: Optional[str] = None,
     ) -> None:
-        self._bom_ref = bom_ref if isinstance(bom_ref, BomRef) else BomRef(
-            value=bom_ref) if bom_ref else None
+        self._bom_ref = _bom_ref_from_str(bom_ref, optional=True)
         self.country = country
         self.region = region
         self.locality = locality