v11.6.0

v11.6.0 (2025-12-02)

Features

• Moved non‑standard implementations to Contrib area (#916, 15a9023)
  • Added
    • New sub-package contrib.
  • Changed
    • Moved non‑standard implementations to Contrib area.
  • Deprecated
    • Certain exports have been deprecated; downstream imports should be updated to the new locations.
      Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.
    • Some (trivial) non-standard functionality was deprecated:
      • model.bom.Bom.get_component_by_purl()
      • model.bom.Bom.get_urn_uuid()
      • model.bom.Bom.has_component()
      • model.bom.Bom.get_vulnerabilities_for_bom_ref()
      • model.bom.Bom.has_vulnerabilities()
      • model.bom.Bom.urn()
  • Refactored
    • The following symbols were moved.
      The symbols are still import-able through their old location.
      • OLD -> NEW
      • builder.this.this_component() -> contrib.this.builders.this_component()
      • builder.this.this_tool() -> contrib.this.builders.this_tool()
      • exception.factory.* -> contrib.license.exceptions.*
      • factory.license.LicenseFactory -> contrib.license.factories.LicenseFactory
      • model.HashType.from_hashlib_alg() -> contrib.hash.factories.HashTypeFactory.from_hashlib_alg()
      • model.HashType.from_composite_str() -> contrib.hash.factories.HashTypeFactory.from_composite_str()
      • model.component.Component.for_file() -> contrib.component.builders.ComponentBuilder.make_for_file()
      • model.vulnerability.VulnerabilitySeverity.get_from_cvss_scores() -> contrib.vulnerability.cvss.vs_from_cvss_scores()

---

What's Changed

• chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #915
• chore(deps-dev): update mypy requirement from 1.18.2 to 1.19.0 by @dependabot[bot] in #918
• docs: update 1.7 by @jkowalleck in #920
• feat: Moved non‑standard implementations to Contrib area by @jkowalleck in #916

Full Changelog: v11.5.0...v11.6.0

v11.5.0

v11.5.0 (2025-10-31)

Features

• Add support for DistributionConstraints in BOM metadata (#906, 70adb7c)

• Add support for properties in external references (#907, 73e7c1a)

---

What's Changed

• chore(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #904
• chore(deps): bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #905
• feat: add support for DistributionConstraints in BOM metadata by @Churro in #906
• feat: add support for properties in external references by @Churro in #907

Full Changelog: v11.4.0...v11.5.0

v11.4.0

v11.4.0 (2025-10-23)

Features

• Add support for CycloneDX 1.7 (basics) (#902, f35b9ee)

---

What's Changed

• feat: add support for CycloneDX 1.7 (basics) by @jkowalleck in #902

Full Changelog: v11.3.0...v11.4.0

v11.3.0

v11.3.0 (2025-10-22)

Bug Fixes

• Implement __lt__ for models still missing it (#899, bebda4f)

Features

• Deserialize single ComponentEvidence.identity (#900, 9425c67)

---

What's Changed

• ci: use py314 per default by @jkowalleck in #898
• feat: deserialize single ComponentEvidence.identity by @qkaiser in #900
• fix: implement __lt__ for models still missing it by @qkaiser in #899

New Contributors

• @qkaiser made their first contribution in #900

Full Changelog: v11.2.0...v11.3.0

v11.2.0

v11.2.0 (2025-10-15)

Documentation

• Add Changelog to project urls (d8a24b7)

Features

• Support Python 3.14 (#897, 267672b)

---

What's Changed

• chore(deps-dev): update mypy requirement from 1.17.1 to 1.18.1 by @dependabot[bot] in #889
• chore(deps-dev): update mypy requirement from 1.18.1 to 1.18.2 by @dependabot[bot] in #890
• chore(deps-dev): update coverage requirement from 7.10.6 to 7.10.7 by @dependabot[bot] in #891
• feat: support Python 3.14 by @jkowalleck in #897
• chore(deps-dev): update isort requirement from 6.0.1 to 6.1.0 by @dependabot[bot] in #894
• chore(deps-dev): update tox requirement from 4.30.2 to 4.30.3 by @dependabot[bot] in #893
• chore(deps-dev): update pyupgrade requirement from 3.20.0 to 3.21.0 by @dependabot[bot] in #896
• chore(deps-dev): update tomli requirement from 2.2.1 to 2.3.0 by @dependabot[bot] in #895

Full Changelog: v11.1.0...v11.2.0

v11.1.0

v11.1.0 (2025-09-09)

Documentation

• Shorten lines (5621705)

• Update CDX spec links (#858, ba0b5c0)

• Update linked CDX spec (#860, 0ecdaa8)

• Update linked XML spec (#857, ea627ec)

Features

• Add BomRefs for known models according to CycloneDX 1.5 (#859, 0898cf7)

• Updating SPDX license list to 3.27.0 (#885, 876a364)

---

What's Changed

• chore(deps-dev): update mypy requirement from 1.16.1 to 1.17.0 by @dependabot[bot] in #855
• docs: update linked XML spec by @jkowalleck in #857
• docs: update CDX spec links by @jkowalleck in #858
• docs: update linked CDX spec by @jkowalleck in #860
• feat: add BomRefs for known models according to CycloneDX 1.5 by @jkowalleck in #859
• chore(deps-dev): update coverage requirement from 7.9.2 to 7.10.1 by @dependabot[bot] in #865
• chore(deps-dev): update mypy requirement from 1.17.0 to 1.17.1 by @dependabot[bot] in #868
• chore(deps-dev): update tox requirement from 4.27.0 to 4.28.4 by @dependabot[bot] in #867
• chore(deps-dev): update deptry requirement from 0.23.0 to 0.23.1 by @dependabot[bot] in #866
• chore(deps-dev): update coverage requirement from 7.10.1 to 7.10.2 by @dependabot[bot] in #871
• chore(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #873
• chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #875
• test: fix slow tests and add timing reports by @jkowalleck in #880
• chore(deps-dev): update tox requirement from 4.28.4 to 4.29.0 by @dependabot[bot] in #879
• chore(deps-dev): update coverage requirement from 7.10.2 to 7.10.6 by @dependabot[bot] in #878
• chore(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #882
• chore(deps-dev): update tox requirement from 4.29.0 to 4.30.2 by @dependabot[bot] in #884
• feat: Updating SPDX license list to 3.27.0 by @jkowalleck in #885

Full Changelog: v11.0.0...v11.1.0

v11.0.0

v11.0.0 (2025-07-21)

BREAKING Changes

• Ignore unknown properties when deserializing (#853, 4842828)

---

What's Changed

• feat!: ignore unknown properties when deserializing by @jkowalleck in #853

Full Changelog: v10.5.0...v11.0.0

v10.5.0

v10.5.0 (2025-07-20)

Features

• Use only nonGPL dependencies (#854, 9c14ee6)

---

What's Changed

• chore: dependency tests in CI/CT by @jkowalleck in #848
• chore(deps-dev): update coverage requirement from 7.9.1 to 7.9.2 by @dependabot[bot] in #841
• chore(deps-dev): update bandit requirement from 1.8.5 to 1.8.6 by @dependabot[bot] in #849
• feat: use only nonGPL dependencies by @jkowalleck in #854

Full Changelog: v10.4.1...v10.5.0

v10.4.1

v10.4.1 (2025-07-08)

Bug Fixes

• Add runtime dependnecy typing_extensions>=4.6; python_version<"3.13" (#845, 95b560a)

• Added runtime dependnecy referencing>=0.28.4" (#846, 4d01e87)

---

What's Changed

• fix: add runtime dependnecy typing_extensions>=4.6; python_version<"3.13" by @jkowalleck in #845
• fix: added runtime dependnecy referencing>=0.28.4" by @jkowalleck in #846

Full Changelog: v10.4.0...v10.4.1

v10.4.0

v10.4.0 (2025-07-08)

Bug Fixes

• Issue DeprecationWarnings for deprecated properties properly (#838, 34a11aa)

• Removed meaningless pattern checks for CycloneDX 1.2 JSON schema (#843, 6e8083a)

Features

• Decorate deprecated symbols (#839, 33daaf1)

• Validators return specific error classes (#840, 23a0f72)

---

What's Changed

• fix: issue DeprecationWarnings for deprecated properties properly by @KAWAHARA-souta in #838
• feat: validators return specific error classes by @jkowalleck in #840
• feat: decorate deprecated symbols by @KAWAHARA-souta in #839
• fix: removed meaningless pattern checks for CycloneDX 1.2 JSON schema by @jkowalleck in #843

New Contributors

• @KAWAHARA-souta made their first contribution in #838

Full Changelog: v10.3.0...v10.4.0