-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support for deserialization from JSON and XML #290
Conversation
Hi @madpah, first, thanks for your work on this python library, it really helped us in our first steps towards SBOM generation of some of the assets created in the AlmaLinux Build System, which is used to build the packages of the AlmaLinux OS distribution. As you can see here, I gave a try to this branch and although it already meets our expectations, and following @stevespringett's advice, I would like to mention that the bom-refs are missing after reusing an already existing SBOM. Is it maybe already in your radar and that you'll be fixing soon? Thanks and keep up the good work! |
@madpah Hey! 'sup? what's the plan on this? Fancy some help? |
Signed-off-by: Hakan Dilek <[email protected]>
Signed-off-by: Hakan Dilek <[email protected]>
If help is wanted, help could be provided ;) |
@keshav-space We would likely use this for aboutcode-org/scancode.io#583 ;) |
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
… `py-serializable` Signed-off-by: Paul Horton <[email protected]>
…nit tests passing :-) Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
…275_components` passed? Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
@javihernandez - thanks for your patience. If you are able to retest this branch again now - I believe we have the Dependency work complete now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reviewed 9 / 136 files
- 📝 marked breaking changes and enhancements that need to be documented in the changelog
- ❓ had some questions that prevent me from approval
- ❌ had some things that require changes and fixes that prevent me from approval
… Plugin Signed-off-by: Paul Horton <[email protected]>
…y XML elements Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
…` making our models look odd Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Some notes on some parameters regarding shadowing.
Overall, I do not see any issues with your changes,
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Highlights of this release include: * Support for De-serialization from JSON and XML to this Pythonic Model * Deprecation of Python 3.6 support * Support for Python 3.11 * Support for `BomLink` * Support VEX without needing `Component` in the same `Bom` * Support for `services` having `dependencies` BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. Signed-off-by: Paul Horton <[email protected]> * feat: support VEX without Components in the same BOM BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component Signed-off-by: Paul Horton <[email protected]> * feat: support VEX without Components in the same BOM BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component Signed-off-by: Paul Horton <[email protected]> feat: allow `version` of BOM to be defined feat: allow `serial_number` of BOM to be prescribed feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx Signed-off-by: Paul Horton <[email protected]> * chore: fix release workflow * chore: editorconfig Signed-off-by: Jan Kowalleck <[email protected]> * feat: support for deserialization from JSON and XML (#290) BREAKING CHANGE: * feat: drop Python 3.6 support Signed-off-by: Hakan Dilek <[email protected]> Signed-off-by: Paul Horton <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> * fix: update `serializable` to include XML safety changes Signed-off-by: Paul Horton <[email protected]> * feat: Support for Python 3.11 (#349) * feat: officially test and support Python 3.11 Signed-off-by: Paul Horton <[email protected]> * removed unused imports Signed-off-by: Paul Horton <[email protected]> * bump `poetry` to `1.1.12` in CI Signed-off-by: Paul Horton <[email protected]> * fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI Signed-off-by: Paul Horton <[email protected]> * fix: removed `types-toml` from dependencies - not used Signed-off-by: Paul Horton <[email protected]> --------- Signed-off-by: Paul Horton <[email protected]> * fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now Signed-off-by: Paul Horton <[email protected]> * chore: bump dev dependencies fix: removed `setuptools` as dependency Signed-off-by: Paul Horton <[email protected]> * tests: compoennt versions optional (#350) * chore: exclude `venv*` from QA; add typing to QA Signed-off-by: Jan Kowalleck <[email protected]> * tests: component versions are optional Signed-off-by: Jan Kowalleck <[email protected]> --------- Signed-off-by: Jan Kowalleck <[email protected]> * doc: doc updates for new deserialization feature Signed-off-by: Paul Horton <[email protected]> * doc: doc updates for contribution Signed-off-by: Paul Horton <[email protected]> --------- Signed-off-by: Paul Horton <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: Hakan Dilek <[email protected]> Co-authored-by: Jan Kowalleck <[email protected]> Co-authored-by: Hakan Dilek <[email protected]> Co-authored-by: Hakan Dilek <[email protected]>
BREAKING CHANGE:
This development implements a (currently in Pre-Alpha) library developed specifically to address serialization and deserialization to/from JSON/XML and Pythonic Classes that utilise the
@property
decorator. See #185.Included in this PR:
py-serializable
to a stable stateAlso in this PR are the following PR's/Features:
Current known limitations:
>= 3.7
(see above)< 1.4
is now NOT supported - prior to1.4
- we have dropped support for the Vulnerabilities Schema Extension in this PR