Lib4sbom

Updates in this release
New features
- feat: Access license text
- feat: Add lifecycle support for CycloneDX
- feat: Add spdx vulnerability support
- feat: Initial support for CycloneDX version 1.6
- feat: Update install script
Fixes
- fix: Same name lib ignored by SPDX
- fix: SourceInfo typo in SPDX JSON parser
- Merge pull request 34 from mastersans/i33
- Merge pull request 35 from rms-sth/fix-sourceInfo

Updates in this release
New features
- feat: Add debug support
- feat: Add evidence element to package
- feat: Add metadata property support
- feat: Add Security policy
- feat: Add set_cpe and set_purl methods
- feat: Extract SBOM URN
- feat: Add get_purl and get_cpe methods
- feat: Introduce support for software services generation and parsing
- feat: Linting
- feat: Linting of example scripts
- feat: Linting of test scripts
- feat: Return version of SBOM
- feat: Specify SPDX version via environment variable
- feat: Update vulnerability generation and parsing
- feat: Validate CPE vector string
Fixes
- doc: update readme for SPDX version environment variable
- fix: class SBOMPackage: add missing type declaration
- fix: Add justification validation
- fix: bom-ref optional for vulnerability
- fix: File comment missed in SPDX JSON parser
- fix: Handle CycloneDX legacy metadata tools interface
- fix: Handle missing serialnumber in CycloneDX document
- fix: License comments missing in CycloneDX
- fix: typo in checksum validation
- fix: typo in cyclonedx vulnerability generator
- fix: typo in external reference validation
- fix: typo in justification validation
- Merge pull request 30 from sah-cdo/dev/update_type_list_according_to_cyclonedx_1_5

New features
- feat: Improved CycloneDX copyright text generation
- feat: Simple example of CycloneDX to SPDX file converter
- feat: Simple example of SPDX to CycloneDX file converter
Fixes
- fix: Correct CSAF status values
- fix: Ensure all file operations are utf-8
- fix: Get_files returns dictionary instead of list (fixes 29)
- fix: Handle CPE2.2 in CycloneDX (fixes 28)
- fix: Handle option bom-ref in vulnerability
- fix: Improved robustness of parser (fixes 26)
- fix: License identifier validation
- fix: Retain more component information
- fix: Retrieve vulnerability state
- fix: SPDXid contained invalid characters
- fix: Validate checksum length

Updates in this release
New features
- feat: Add license type reporting
Fixes
- fix: linting
- fix: robustness of parser

Updates in this release

New features
- feat: introduce MLBOM processing
- feat: data driven SPDX licence version
Fixes
- fix: package id validation(fixes 25)
- test: add MLBOM samples
- test: additional test samples
- test: tidy up test samples
- doc: fix typos
- fix: XML parser for property (fixes 24)

Updates in this release

Fixes
- fix: handle unknown supplier type
- fix: handling of license expressions