- use SW360 support for
update_project_releases(..., add=True)instead of our own code. This allows to pass a dict with release details (e.g. project mainline state or relation).
delete_projectnow works properly. Before it could have happened the you get aJSONDecodeError. All delete methods have been checked and made more resilient.- dependency updates.
- Update
get_all_releasesto includeisNewClearingWithSourceAvailableparameter:- This parameter allows filtering releases that are in the new clearing state and have the source available. This feature is yet to be released in the new version of SW360.
get_components_by_type()andget_components_by_name()support now paging.- dependency updates.
- more REST API endpoints implemented:
get_recent_releasesget_recent_componentsget_all_moderation_requestsget_moderation_requests_by_stateget_moderation_request
- packages REST API calls implemented.
- unit test
test_login_failed_invalid_urldisabled because it delays all tests. - have unit tests for packages.
- have more test coverage.
- update requests 2.31.0 => 2.32.2 to fix CVE-2024-35195.
- update transient dependencies.
- when using CaPyCLI in a CI pipeline, connection problems to the SW360 server (5xx) cause the pipeline to fail. We have now add an improved session handling to all api requests.
- dependency updates due to security vulnerabilities in
idna.
- fix for
update_project: ensure that there is no key error. - dependency updates.
- have type hints.
- drop support for Python 3.7.
- dependency update (urllib3 (1.26.18 -> 2.0.7), etc.).
- dependency updates to fix security vulnerabilities.
get_projectsfixed - paging work now as expected.get_projectsnow also supports a sort order.get_all_releasesnow also support paging. IMPORTANT: Due to compatibility reasonsget_all_releaseswithoutpageparameter returns a list of releases. But when thepageparameter is used, a dict will be returned that also contains information about paging.get_all_componentsnow supportsallDetailsandsort. IMPORTANT: Due to compatibility reasonsget_all_componentswithoutpageparameter returns a list of components. But when thepageparameter is used, a dict will be returned that also contains information about paging.
- fix: download_xxx_attachment now raises an SW360Error for failed downloads instead of silently creating a file containing the JSON answer
- dependency updates to fix requests CVE-2023-32681.
- be REUSE compliant.
- get rid of json_params_matcher deprecation warning.
- dependency updates to mitigate potential security vulnerabilities.
- markdown style checks introduced.
- logging introduced, especially to show a warning when adding an attachment
returns is not 201 (created) but 202 (accepted).
- new method
update_project_release_relationship. - original get_health_status() endpoint URL has been restored by the SW360 team.
- fix: better check assumptions on returned data, see #5.
update_projecthas a new parameteradd_subprojectsto only add the new sub-projects and not to overwrite all existing sub-projects.
- New method
duplicate_projectto create a copy of an existing project.
- New Features:
get_projects_by_tagadded.get_releases_by_nameadded.get_all_vendorsadded.
- We have covered nearly all of the possible REST API calls.
The library is successfully being used by multiple projects.
Time to release version 1.0.0.
- New Features:
- support to retrieve information about clearing requests (
get_clearing_request,
get_clearing_request_for_project).
- support to retrieve information about clearing requests (
- relicensed to MIT.
- Breaking API changes:
- create_new_{component,release,project} now have parameters for required attributes
- drop support for dump_rest_call() and dump_rest_call_to_file().
- upload_attachment() has been renamed to upload_release_attachment(). This is to have
the same naming scheme for the new methods upload_component_attachment() and
upload_project_attachment().
- New Features:
- support of the group parameter for the /projects endpoint.
- SW360 REST API now support project fields 'Project state' and 'Phase-out since'.
- get_health_status() added.
- get_project_vulnerabilities() added.
- SW360Error has new property
details.
- Improvements:
- Debug option to suppress session handling.
- unit tests added.
- published on GitHub.
- rename parameters for methods get_{release,component}_by_external_id
to align with documentation and with get_projects_by_external_id
- id_type->ext_id_name
- id_value->ext_id_value
- rename methods to plural form as they all return list of objects:
- get_release_by_external_id -> get_releases_by_external_id
- get_component_by_external_id -> get_components_by_external_id
- switch to poetry build tool. This has no effect on end users of this library, but simplifies development.
- remove requirement for colorama, relax other required versions
- new methods:
- update_{project,component,release}_external_id()
- close_api()
- The login_api() method doesn't require
tokenparameter any more. - slightly fix signatures of get_attachment_infos_*() methods to clarify they provide information about all attachments of a given resource/hash.
- change get_attachment() method to retrieve data of single attachment
- update_project_releases(): rename
projectparameter toreleases, new parameteraddto add releases
- improved error handling
- new methods
- get_users_of_project
- get_users_of_component
- get_users_of_release
- upload_attachment() has been tested with different file types and different attachment types.
- fix in get_component_by_url().
- support for OAuth2 tokens.
- new methods
- get_projects_by_external_id()
- get_component_by_external_id
- get_all_vulnerabilities()
- get_vulnerability()
- get_all_licenses()
- get_license()
- download_license_info()
- get_project_releases()
- first version available a separate project on code.siemens.com.
- first version available on BT-Artifactory.