Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: v5.0.0 #440

Merged
merged 45 commits into from
Oct 24, 2023
Merged

feat!: v5.0.0 #440

merged 45 commits into from
Oct 24, 2023

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Sep 19, 2023

BREAKING CHANGES

  • Dropped support for python<3.8 (#436 via #441; enable #433)
  • Reworked license related models, collections, and factories (#365 via #466)
  • Behavior
    • Method model.bom.Bom.validate() will throw exception.LicenseExpressionAlongWithOthersException, if detecting invalid license constellation (#453 via #452)
    • Fixed tuple comparison when unequal lengths (via #461)
  • API
    • Enum schema.SchemaVersion is no longer string-like (#442 via #447)
    • Enum schema.OutputVersion is no longer string-like (#442 via #447)
    • Abstract class output.BaseOutput requires implementation of new method output_format (#446 via #447)
    • Abstract method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
    • Abstract method output.BaseOutput.output_as_string() accepts arbitrary kwargs (via #458, #462)
    • Removed class factory.license.LicenseChoiceFactory (via #466)
      The old functionality was integrated into factory.license.LicenseFactory.
    • Method factory.license.LicenseFactory.make_from_string()'s parameter name_or_spdx was renamed to value (via #466)
    • Method factory.license.LicenseFactory.make_from_string()'s return value can also be a LicenseExpression (#365 via #466)
      The behavior imitates the old factory.license.LicenseChoiceFactory.make_from_string()
    • Renamed class module.License to module.license.DisjunctliveLicense (#365 via #466)
    • Removed class module.LicenseChoice (#365 via #466)
      Use dedicated classes module.license.DisjunctliveLicense and module.license.LicenseExpression instead
    • All occurrences of models.LicenseChoice were replaced by models.licenses.License (#365 via #466)
    • All occurrences of SortedSet[LicenseChoice] were specialized to models.license.LicenseRepository (#365 via #466)

Fixed

  • Serialization of multy-licenses (#365 via #466)
  • Detect unused "dependent" components in model.bom.validate() (via #464)

Changed

  • Updated latest supported list of supported SPDX license identifiers (via #433)
  • Shipped schema files are moved to a protected space (via #433)
    These files were never intended for public use.
  • XML output uses a default namespace, which makes results smaller. (#438 via #458)

Added

  • Support for Python 3.12 (via #460)
  • JSON- & XML-Validators (#432, #446 via #433, #448)
    The functionality might require additional dependencies, that can be installed with the extra "validation".
    See the docs in section "Installation" for details.
  • JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
  • Type hints, typings & overloads for better integration downstream (via #463)
  • API
    • New function output.make_outputter() (via #469)
      This replaces the deprecated function output.get_instance().
    • New sub-package validation (#432, #446 via #433, #448, #469, #468, #469)
    • New class exception.MissingOptionalDependencyException (#432 via #433)
    • New class exception.LicenseExpressionAlongWithOthersException (#453 via #452)
    • New dictionaries output.{json,xml}.BY_SCHEMA_VERSION (#446 via #447)
    • Existing implementations of class output.BaseOutput now have a new method output_format (#446 via #447)
    • Existing implementations of method output.BaseOutput.output_as_string() got new optional parameter indent (#437 via #458)
    • Existing implementations of method output.BaseOutput.output_to_file() got new optional parameter indent (#437 via #458)
    • New method factory.license.LicenseFactory.make_with_expression() (via #466)
    • New class model.license.DisjunctiveLicense (#365 via #466)
    • New class model.license.LicenseExpression (#365 via #466)
    • New class model.license.LicenseRepository (#365 via #466)
    • New class serialization.LicenseRepositoryHelper (#365 via #466)

Deprecated

  • Function output.get_instance() might be removed, use output.make_outputter() instead (via #469)

Tests

  • Added validation tests with official CycloneDX schema test data (#432 via #433)
  • Use proper snapshots, instead of pseudo comparison (#437 via #464)
  • Added regression test for bug #365 (via #466, #467)

Misc

  • Dependencies: bumped py-serializable@^0.15.0, was @^0.11.1 (via #458, #463, #464, #466)
  • Style: streamlined quotes and strings (via #472)
  • Chore: bumped internal dev- and QA-tools (#436 via #441, #472)
  • Chore: added more QA tools to prevent common security issues (via #473)

@jkowalleck jkowalleck added this to the 5.0.0 milestone Sep 19, 2023
@jkowalleck jkowalleck changed the title feat: 5.0.0 [WIP] feat: 5.0.0 Sep 19, 2023
@codacy-production
Copy link

codacy-production bot commented Sep 19, 2023

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.35% 94.28% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (50ce108) 2979 2769 92.95%
Head commit (14d1185) 3222 (+243) 3006 (+237) 93.30% (+0.35%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#440) 752 709 94.28%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

jkowalleck and others added 5 commits September 20, 2023 09:22
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck force-pushed the 5.0.0-dev branch 2 times, most recently from 6a6598e to 3de2493 Compare September 21, 2023 14:06
jkowalleck and others added 2 commits September 21, 2023 16:28
fixes #442
part of #446

BREAKING CHANGE

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck changed the title [WIP] feat: 5.0.0 [WIP] feat!: v5.0.0 Sep 23, 2023
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck and others added 6 commits September 23, 2023 07:06
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

If a LicenseExpression is set, then there must be no other license.

fixes #453


Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
add indention to outputters. this may come at a cost!


Breaking Changes
------------------
* abstract Method `output.BaseOutput.output_as_string()` got new optional kwarg `indent`
* abstract Method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs

Changed
----------
* XML output uses a default namespace, which makes results smaller.


Added
------------------
* All outputters' method `output_as_string()` got new optional kwarg `indent`
* All outputters' method `output_as_string()` accepts arbitrary kwargs
* All outputters' method `output_to_file()` got new optional kwarg `indent`
* All outputters' method `output_to_file()` accepts arbitrary kwargs

-----

- [x] implementation
- [x] tests (snapshot binary compare; structural equal compare) 

-----

enables CycloneDX/cyclonedx-python#424
fixes #437
fixes #438
supersedes #449

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck and others added 3 commits October 8, 2023 23:47
…are (#464)

part of #437
also fixed a bug: unused first level dependencies were not detected. now they are.

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
breaking changes
------------------
* Reworked license related models and collections
* API
  * Removed class `factory.license.LicenseChoiceFactory`  
    The old functionality was integrated into `factory.license.LicenseFactory`.
  * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value`
  * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression`
    The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()`
  * Renamed class `module.License` to `module.license.DisjunctliveLicense`
  * Removed class `module.LicenseChoice`
    Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead
  * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License`
  * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository`


fixes
------------------
* serialization of multy-licenses #365

added
------------------
* API
  * Method `factory.license.LicenseFactory.make_with_expression()`
  * Class `model.license.DisjunctiveLicense`
  * Class `model.license.LicenseExpression`
  * Class `model.license.LicenseRepository`
  * Class `serialization.LicenseRepositoryHelper`

tests
------------------
* added regression test for bug #365

misc
------------------
* raised dependency `py-serializable@^9.15`



----

fixes #365

~~BLOCKED by a feature request to serializer: <https://github.com/madpah/serializable/pull/32>~~


---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck linked an issue Oct 10, 2023 that may be closed by this pull request
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck marked this pull request as ready for review October 11, 2023 09:19
@jkowalleck jkowalleck requested a review from a team as a code owner October 11, 2023 09:19
@jkowalleck jkowalleck changed the title [WIP] feat!: v5.0.0 feat!: v5.0.0 Oct 11, 2023
jkowalleck and others added 18 commits October 11, 2023 11:57
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release

Signed-off-by: semantic-release <semantic-release>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- restructured validators, to enable possible non-schema-based validation. 
- optimized `validation.schema.get_instance()`
- optimized `output.get_instance()`

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- deprecate function `output.get_instance()`
- add function `outout.make_outputter()`
- rename function `validation.get_instance()` -> `validation.make_schemabased_validator()`
- rename function `validation.schema.get_instance()` -> `validation.make_schemabased_validator()`

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- raised some dev tools
- added more quality checkers and rules
- documented and applied additional code standards

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release

Signed-off-by: semantic-release <semantic-release>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck added documentation Improvements or additions to documentation dependencies labels Oct 21, 2023
@jkowalleck jkowalleck merged commit 26b151c into main Oct 24, 2023
41 of 42 checks passed
@jkowalleck jkowalleck deleted the 5.0.0-dev branch October 24, 2023 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment