Skip to content

RELEASE 2.0.0 #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 30 commits into from
Feb 21, 2022
Merged

RELEASE 2.0.0 #148

merged 30 commits into from
Feb 21, 2022

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Jan 27, 2022
edited
Loading

Lil hand up for @madpah , just sort of the way towards having Services implemented (but not all the way there).

This PR will contain a number of additional features:

Bugs squashed:

This WIP PR is being squashed into a new feature branch where work will continue.

Note: Work originally squashed from #145.

supersedes #154

@DarthHater @madpah @actions-user
WIP on bom.services
b45ff18 
* WIP but a lil hand up for @madpah

Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com>

* chore: added missing license header

Signed-off-by: Paul Horton <phorton@sonatype.com>

* No default values for required fields

* Add Services to BOM

* Typo fix

* aligned classes with standards, commented out Signature work for now, added first tests for Services

Signed-off-by: Paul Horton <phorton@sonatype.com>

* addressed standards

Signed-off-by: Paul Horton <phorton@sonatype.com>

* 1.2.0

Automatically generated by python-semantic-release

Signed-off-by: Paul Horton <phorton@sonatype.com>

* feat: `bom-ref` for Component and Vulnerability default to a UUID (#142)

* feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141

Signed-off-by: Paul Horton <phorton@sonatype.com>

* doc: updated documentation to reflect change

Signed-off-by: Paul Horton <phorton@sonatype.com>

* patched other tests to support UUID for bom-ref

Signed-off-by: Paul Horton <phorton@sonatype.com>

* better syntax

Signed-off-by: Paul Horton <phorton@sonatype.com>

* 1.3.0

Automatically generated by python-semantic-release

Signed-off-by: Paul Horton <phorton@sonatype.com>

* WIP but a lil hand up for @madpah

Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com>
Signed-off-by: Paul Horton <phorton@sonatype.com>

* chore: added missing license header

Signed-off-by: Paul Horton <phorton@sonatype.com>

* aligned classes with standards, commented out Signature work for now, added first tests for Services

Signed-off-by: Paul Horton <phorton@sonatype.com>

* removed signature from this branch

Signed-off-by: Paul Horton <phorton@sonatype.com>

* Add Services to BOM

* Typo fix

* addressed standards

Signed-off-by: Paul Horton <phorton@sonatype.com>

* resolved typing issues from merge

Signed-off-by: Paul Horton <phorton@sonatype.com>

* added a bunch more tests for JSON output

Signed-off-by: Paul Horton <phorton@sonatype.com>

Co-authored-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: github-actions <action@github.com>
@madpah madpah requested a review from a team as a code owner January 27, 2022 09:45
@madpah madpah added the enhancement New feature or request label Jan 27, 2022
@madpah madpah added this to the 1.1.0 milestone Jan 27, 2022
madpah added 6 commits January 27, 2022 11:58
@madpah
test: refactored fixtures for tests which has uncovered #150, #151 and
df43a9b 
…#152

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
fix: expression not supported in Component Licsnes for version 1.0
15b081b 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
fix: Components with no version (optional since 1.4) produce invalid …
70d25c8 
…BOM output in XML #150

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
fix: regression introduced by first fix for #150
c09e396 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
fix: further fix for #150
1f55f3e 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
removed unused imports
a35d540 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@jkowalleck
Copy link
Member

@madpah let me know if you need a second opinion or a code review

@madpah
feat: support services in XML BOMs
9edf6c9 
feat: support nested services in JSON and XML BOMs

Signed-off-by: Paul Horton <phorton@sonatype.com>
sonatype-lift[bot]
sonatype-lift bot reviewed Jan 31, 2022
View reviewed changes
madpah added 4 commits January 31, 2022 13:12
@madpah
attempt to resolve Lift finding
2090c08 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
fix: temporary fix for __hash__ of Component with properties #153
a51766d 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
test: refactor to work on PY < 3.10
0ce5de6 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
feat: Complete support for bom.components (#155)
32c0139 
* fix: implemented correct `__hash__` methods in models (#153)

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah madpah self-assigned this Feb 2, 2022
This was linked to issues Feb 2, 2022
__hash__ implementation in Component attempts to hash unhashable properties list if present #153
Closed
[FEATURE] Complete support for bom.components #155
Closed
[BUG] XML Schema Violation: externalReferences.hashes included in XML BOM schema versions 1.1 and 1.2 #152
Closed
[BUG] component.licenses not valid against schema in version 1.0 #151
Closed
[BUG] Regression from #67: Component with no Version produced invalid BOM in < 1.4 #150
Closed
[HYGIENE] Re-organise test fixtures #149
Closed
@madpah
feat: support for bom.externalReferences in JSON and XML #124
1b733d7 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah madpah requested a review from jkowalleck February 2, 2022 18:07
@madpah madpah mentioned this pull request Feb 2, 2022
Closed
madpah added 2 commits February 2, 2022 18:11
@madpah
chore: bump dependencies
6c280e7 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
doc: added page to docs to call out which parts of the specification …
41a4be0 
…this library supports

Signed-off-by: Paul Horton <phorton@sonatype.com>
jkowalleck
jkowalleck previously requested changes Feb 2, 2022
View reviewed changes
@madpah
removed unnecessary calls to hash() in __hash__() methods as poin…
0f1fd6d 
…ted out by @jkowalleck

Signed-off-by: Paul Horton <phorton@sonatype.com>
This was linked to issues Feb 3, 2022
[BREAKING] Adopt PEP-3102 #143
Closed
[BREAKING] All optional lists become non-optional sets #159
Closed
@madpah madpah changed the title NEXT FEATURE RELEASE RELEASE 2.0.0 Feb 3, 2022
@jkowalleck jkowalleck self-requested a review February 3, 2022 19:53
madpah added 2 commits February 8, 2022 08:42
@madpah
BREAKING CHANGE: update models to use Set rather than List (#160)
142b8bf 
* BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]`
BREAKING CHANGE: update final models to use `@property`
wip

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
feat: support complete model for bom.metadata (#162)
2938a6c 
* feat: support complete model for `bom.metadata`
fix: JSON comparison in unit tests was broken
chore: corrected some source license headers

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah madpah dismissed jkowalleck’s stale review February 8, 2022 14:06

All resolved, but review not closing?

sonatype-lift[bot]
sonatype-lift bot reviewed Feb 8, 2022
View reviewed changes
@madpah
BREAKING CHANGE: Updated default schema version to 1.4 from 1.3 (#164)
9b6ce4b 
Signed-off-by: Paul Horton <phorton@sonatype.com>
This was linked to issues Feb 8, 2022
[FEATURE] More complete support for bom.metadata #6
Closed
[BREAKING] Set default schema version to 1.4 #163
Closed
@madpah
fix: Component.bom_ref is not Optional in our model implementation …
5c954d1 
…(in the schema it is) - we generate a UUID if `bom_ref` is not supplied explicitly

Signed-off-by: Paul Horton <phorton@sonatype.com>
jkowalleck
jkowalleck reviewed Feb 16, 2022
View reviewed changes
@jkowalleck jkowalleck mentioned this pull request Feb 16, 2022
Closed
@madpah
feat: completed work on #155 (#172)
a926b34 
fix: resolved #169 (part of #155)
feat: as part of solving #155, #147 has been implemented

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
BREAKING CHANGE: replaced concept of default schema version with late…
020fcf0 
…st supported #171 (#173)

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
BREAKING CHANGE: added new model BomRef unlocking logic later to en…
d189f2c 
…sure uniquness and dependency references (#174)

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
Continuation of #170 - missed updating Vulnerability to use BomRef (#…
0d82c01 
…175)

* BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references

Signed-off-by: Paul Horton <phorton@sonatype.com>

* updated Vulnerability to also use new `BomRef` model

Signed-off-by: Paul Horton <phorton@sonatype.com>
@jkowalleck jkowalleck mentioned this pull request Feb 19, 2022
Closed
@jkowalleck jkowalleck added the bug Something isn't working label Feb 19, 2022
jkowalleck
jkowalleck previously requested changes Feb 19, 2022
View reviewed changes
@madpah
implemented __str__ for BomRef
670bde4 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah madpah dismissed jkowalleck’s stale review February 21, 2022 13:13

All points actioned.

@madpah
fix: license_url not serialised in XML output #179 (#180)
f014d7c 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
doc: added RTD badge to README
b20d9d1 
Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
feat: bump dependencies
da3f0ca 
BREAKING CHANGE: Adopt PEP-3102

BREAKING CHANGE: Optional Lists are now non-optional Sets

BREAKING CHANGE: Remove concept of DEFAULT schema version - replaced with LATEST schema version

BREAKING CHANGE: Added `BomRef` data type

Signed-off-by: Paul Horton <phorton@sonatype.com>
@madpah
Merge branch 'main' into feat/add-bom-services
9a32351
@madpah madpah merged commit 631e400 into main Feb 21, 2022
@madpah madpah deleted the feat/add-bom-services branch March 30, 2023 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck left review comments

+1 more reviewer

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@madpah madpah

Labels
breaking change bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
2.0.0
3 participants
@madpah @jkowalleck @DarthHater