Release 0.7.0: Support SPDX 2.3 (and other fixes)

New features and changes

• Dropped Python 2 support. Python >= 3.6 is now required.
• Added pyspdxtools_convertor and pyspdxtools_parser CLI scripts. See the readme for usage instructions.
• Updated the tools to support SPDX versions up to 2.3 and to conform with the specification. Apart from many bugfixes
  and new properties, some of the more significant changes include:
  • Support for multiple packages per document
  • Support for multiple checksums for packages and files
  • Support for files outside a package
• Removed example documents from production code. Added additional up-to-date examples to test files.
• Introduced pytest as the preferred test framework.
• Improved error message handling and display.
• Extended the contribution guidelines.
• Improved tag/value output structure.
• Added .editorconfig and pyproject.toml.
• Improved handling of JSON-specific properties documentDescribes and hasFiles.
• Added new LicenseListVersion tag.
• Fixed annotation handling for the JSON and Tag/Value formats.
• Free form text values in Tag/Value no longer require <text> tags if they don't span multiple lines.

Limitations

• Validation was updated to follow the 2.3 specification. Since there is currently no support for
  version-specific handling, some details may be handled incorrectly for documents using lower
  versions. The changes are mostly restricted to properties becoming optional and new property values becoming
  available, and should be of limited impact. See https://spdx.github.io/spdx-spec/v2.3/diffs-from-previous-editions/
  for a list of changes between the versions.
• RDF support for 2.3 is not completed, see #295

Breaking changes

There are some breaking changes compared to the 0.6.1 release. Some classes were renamed, some were moved, and files are now saved at document-level instead of package-level. See https://github.com/spdx/tools-python/wiki/How-to-migrate-from-0.6.1-to-0.7.0 for a migration guide.

Contributors

This release was made possible by the following contributors. Thank you very much!

• Meret Behrens @meretp
• Philippe Ombredanne @pombredanne
• Pierre Tardy @tardyp
• Nicolaus Weidner @nicoweidner
• Jeff Licquia @licquia
• Armin Tänzer @armintaenzertng
• Alberto Pianon @alpianon
• Rodney Richardson @RodneyRichardson
• Lon Hohberger @lhh
• Nathan Voss @njv299
• Gary O'Neall @goneall
• Jeffrey Otterson @jotterson
• KOLANICH @KOLANICH
• Yash Varshney @Yash-Varshney
• HARDIK @HARDIK-TSH1392
• Jose Quaresma @quaresmajose
• Santiago Torres @SantiagoTorres
• Shubham Kumar Jha @ShubhamKJha
• Steven Kalt @SKalt
• Cole Helbling @cole-h
• Daniel Holth @dholth
• John Vandenberg @jayvdb
• Kate Stewart @kestewart
• Alexios Zavras @zvr
• Maximilian Huber @maxhbr
• Kyle Altendorf @altendky
• alpianon @alpianon
• kbermude @kbermude
• mzfr @mzfr

v0.7.0-rc0

First release candidate for the v0.7.0 release.
Release notes are to be reviewed and revised, the following is auto-generated by Github and is included to give a rough idea:

What's Changed

• [WIP] Add --signoff to README.md git commit references by @altendky in #121
• Fixes the install error in Python 2.7 and CircleCI error with Python 3.4.8 by @ShubhamKJha in #141
• Validated the RDF file by @Yash-Varshney in #142
• CommunityBridge Project by Yash Varshney by @Yash-Varshney in #148
• Fix typo by @mzfr in #82
• Tie click version for Python 2.x. by @licquia in #162
• test_jsonyamlxml_parser: remove deprecated json.load encoding argument by @cole-h in #159
• Update CircleCI xcode version to a supported one. by @licquia in #164
• Drop Python 2.7 and 32-bit testing on Appveyor. by @licquia in #166
• Support multiple packages per SPDX document. by @licquia in #168
• Fix write_tv example by @SantiagoTorres in #133
• python3.9 is only present on 2019 images which is not the default by @tardyp in #175
• Pytest + py2.7 support removal + CI fixes by @tardyp in #179
• Factorise parsing and conversion by @tardyp in #174
• Added missing FileType values allowed by spec by @njv299 in #187
• introduce message handler by @tardyp in #173
• add spdxlite 2.2 SBOM parsing support by @tardyp in #188
• Removed check that packages have SHA1 checksum, per spec by @njv299 in #183
• Create release 0.7.0 by @pombredanne in #189
• Fix minor typo #190 by @pombredanne in #194
• Bump xcode from 9.4.1 to 10.3.0 by @RodneyRichardson in #203
• Update README.md by @kestewart in #208
• Corrected the documentation in README.md by @HARDIK-TSH1392 in #210
• Remove python 3.6 support, and add python 3.10. by @RodneyRichardson in #205
• Bump xcode to 13.0.0 for the Mac tests. by @licquia in #226
• [issue-152] fix cli convertor and add testcase by @meretp in #235
• [issue-230] fix provided example to be valid by @meretp in #237
• [issue-222] fix parsing of tv-files with multiple packages by @meretp in #236
• Rework contributing info by @armintaenzertng in #248
• [issue-238] group annotations, reviews and relationships under one headline by @meretp in #245
• Fix up a few filesAnalyzed issues by @lhh in #195
• New implementation of has_optional_field by @armintaenzertng in #252
• Added .editorconfig according to PEP 8 by @KOLANICH in #157
• writers[rdf]: add an option to pass create_doc write by @nicoweidner in #253
• [issue-184] validate against json-spec by @meretp in #254
• Fix spelling and some docstring improvements by @jayvdb in #260
• Moved the metadata into setup.cfg. by @KOLANICH in #156
• writers[rdf, jsonyamlxml]: Add external package reference by @nicoweidner in #266
• Assorted bug fixes by @meretp in #270
• Issue 269: Add missing 2.3 package properties by @armintaenzertng in #271
• Make 2.3 optional properties optional by @armintaenzertng in #276
• [issue-281] fix parsing of file attribution text and add test by @meretp in #283
• Recover properties lost during conversion by @armintaenzertng in #279
• serialize/ deserialize annotations by @meretp in #280
• [tv-parser] fix parsing of annotation type by @meretp in #282
• add byte range and line ranges to snippet by @meretp in #273
• [issue-272] make properties in tv-writer optional by @meretp in #286
• Add package properties to tv by @armintaenzertng in #284
• Rename snippet properties by @armintaenzertng in #289
• Refine contribution guidelines by @nicoweidner in #293
• [issue-291] extract License and its subclasses to a separate file by @meretp in #292
• [issue-301] add new relationship_types by @meretp in #304
• [issue-299] allow single line of text in free form text by @meretp in #300
• [issue-239] make packages in document optional by @meretp in #303
• [issue-181] add files at document-level by @meretp in #288
• [issue-312] fix typo in attribution text parsing by @armintaenzertng in #313
• [issue-239] make packages and files in cli parser and jsonyamlxml-writer optional by @meretp in #308
• Add support for multiple file types and fix file type casing by @armintaenzertng in #310
• fix example scripts by @meretp in #318
• [issue-261] delete duplicated files by @meretp in #317
• Add multiple checksums by @meretp in #311
• [issue-185] fix bug in checksum by @meretp in #322
• [issue-326] fix output for licenses that are SPDXNone or NoAssert-objects by @meretp in #327
• [issue-328] jsonyamlxml: fix parsing of file copyright text by @meretp in #329
• [issue-330] fix parsing of relationships with DocumentRef by @meretp in #331
• terminate parsing of relationship if one of the ids isn't a string by @meretp in #334
• [issue-324] Add examples from spdx-spec, various bugfixes by @nicoweidner in #332

New Contributors

• @altendky made their first contribution in #121
• @ShubhamKJha made their first contribution in #141
• @Yash-Varshney made their first contribution in #142
• @mzfr made their first contribution in #82
• @licquia made their first contribution in #162
• @cole-h made their first contribution in #159
• @SantiagoTorres made their first contribution in #133
• @tardyp made their first contribution in #175
• @njv299 made their first contribution in #187
• @RodneyRichardson made their first contribution in #203
• @kestewart made their first contribution in #208
• @HARDIK-TSH1392 made their first contribution in #210
• @meretp made their first contribution in #235
• @lhh made their first contribution in #195
• @KOLANICH made their first contribution in #157
• @jayvdb made their first contribution in #260

Full Changelog: v0.6.1...v0.7.0-rc0

v0.6.1

Version v0.6.1

v0.6.0

Version v0.6.0

Release v0.5.4: Minor new bug fixes and improvements

The main change with the previous releases is a bugfix for #27
Other changes are only internal (more tests) and cosmetics

v0.5.3

In this release:

• the lists in RDF and tag/value formats are now really sorted always sorted prior to writing (to ensure a consistent sorting)
• the order of some tag/value has changed for extracted licenses (the text comes last)
• several other minor bugs and cleanups were applied.

It is also available on Pypi https://pypi.python.org/pypi/spdx-tools/

v0.5.2

In this release:

• the write_document() method accepts a new validate flag to validate or not a doc before writing it
• the lists in RDF and tag/value formats are always sorted prior to writing (to ensure a consistent sorting)
• several other minor bugs and cleanups were applied.

It is also available on Pypi https://pypi.python.org/pypi/spdx-tools/