v4.0.0
v4.0.0 (2024-01-31)
Changelog
See also the migration guide in the docs: https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html
- BC: Removed support for python < 3.8
- BC: Removed deprecated shell script
cyclonedx-bom; usecyclonedx-pyinstead - BC: Removed conda support. However, conda's Python environments are fully supported. See below.
- BC: Removed public API. You may use the CLI instead, see chapter "usage" in the docs.
- BC: Complete redesign of the CommandLineInterface(CLI):
- Uses sub-commands for easy accessibility and divide in specific purposes and domains
- Easy understandable flags, switches and options -- in accordance with the domains
- Updated help pages, added usage examples
- Dozens of new features and fixes, such as:
- environment analyzer supports any Python (virtual) environment --
including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv - Poetry analyzer support groups, filtering, and such
- Pipenv analyzer support categories, filtering, and such
- requirements analyzer is feature complete and fixed
- More details in the SBOM results (based on method)
- PackageURLs may have more qualifiers (enabled per default, disable via
--short-PURLs) - component properties according to official taxonomy
- SBOM results may be validated (enabled per default, disable via
--no-validate) - SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry)
- SBOM results may have root-component populated (if
pyprojectprovided) - SBOM results are more
diff-friendly and not just one long line of text - Fixed possible issues with input data encoding
- May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches)
- Strip authentication secrets from (private) download/index URLs
- Support CycloneDX 1.5 - which is the default now
- environment analyzer supports any Python (virtual) environment --
- Upgraded documentation, examples, ...
- Complete rewrite from scratch
- Dependencies were bumped, dropped, added, ...
- QA and test suites were massively enhanced
What's Changed
- chore(deps): Bump actions/setup-python from 4 to 5 by @dependabot in #620
- feat!: v4.0.0 by @jkowalleck , @madpah , @t-graf , @andife in #605
Full Changelog: v3.11.7...v4.0.0
What's Changed since v4.0.0-RC6
- Added more documentation here and there
- Added a migration guide to the docs : https://cyclonedx-bom-tool.readthedocs.io/en/v4.0.0/upgrading.html
Full Changelog since v4.0.0-RC6: v4.0.0-rc.6...v4.0.0
Contributors
jkowalleck, madpah, and 3 other contributors