Capycli

* `bom map` is now more resilient about errors during the mapping of a single BOM item.
* `bom map` has a new parameter `mode`. If mode is not set, then there is the default mapping.
If `mode` = 1, then the resulting BOM contains only components where a full match was found.
If `mode` = 2, then the resulting BOM contains only components where no match was found.
* `getdependencies python` and `project prerequisites` now support CycloneDX SBOM.
* `bom filter` `add` command can now add properties to existing bom items.
* `bom downloadsources` handles quotes in filenames returned by content-disposition.
* `bom downloadsources` can now write an updated BOM including SHA1 hashes.
* In CycloneDX SBOMs, the URL to source files will now be stored and read to/from
`externalReferences` of type `distribution` (with special comment "source URL") in
addition to our custom `source-file-url` property.
* Fix command `project show` which cause an exception if some of the mandatory data is missing
* `--dbx` (Debian relaxed version handling) in `bom create...` improved: First, it will check
for exact matches now. When falling back to relaxed matching, Debian epoch strings are
ignored, while Debian revisions are always considered. Output BOM will have SW360 versions.
* `bom create*` will set package-urls for existing and new components
* Key error issue fixed in maven_pom.py.
* All commands show now the version number, i.e. something like `CaPyCli, 1.8.3`.

* Fix in CycloneDX reading of JavaScript or Java component that have a `group` property.
* New command `project ecc` to show the project export control details.
* Fix: when `bom granularity` reads a BOM in CycloneDX format, it now also writes the BOM in
CycloneDX format.

* Fixed bug in `getdependencies javascript` when not all meta information for a package could get retrieved.
* `bom downloadsources` now supports also option -cx to support the CycloneDX SBOM format.
* CycloneDX JSON BOMs are expected in UTF-8 encoding.
* `bom map` has now a much faster way to create/update the cache. Due to the new SW360 REST API
endpoint to get all releases with one call it now takes only 1.3 minutes.
* `project vulnerabilities` is working again. It seems that there was a breaking change in the REST API
answer.

* Fix bug in `bom findsources` when using CycloneDX bom files.
* Improved help support
* When no command has been specified, the global help will be shown.
* When no sub-command has been specified, the respective command help will be shown.
* `project vulnerabilities` uses only the information from SW360 to display security vulnerabilities
and can exit with exit code 1 when a not yet handled security vulnerability of a certain
minimum priority has been found.

* `project show` now also displays the component clearing state.
* `bom filter` allows to include additional filter lists. This simplifies filtering
for large number of BOM entries and many items to get filtered.
* `bom create*` will now ignore rejected attachments in SW360.
So if an invalid attachment is rejected in SW360, it will upload the fixed sources.
* `project update` will not overwrite links to other projects any more
* A couple of crashes have been fixed in `bom map`, `bom filter` and `project create`.
* several fixes for purl cache handling.

* **License changed to MIT!**
* `bom map` handles now also multiple package-urls per release correctly.
* new command `project update` which will *add* new releases instead of replacing existing links.
* `project prerequisites` now checks if all BOM entries are in SW360 project.
* BOM mapping documented.
* `bom CheckItemStatus` updated:
* the new default is that only the releases in the BOM are shown. Only when the flag `-all` is specified,
all versions of the component are checked.
* new option `-cx` to support the CycloneDX SBOM format.
* Have improved help support.
* New command `bom findsources` to find source code for existing BOMs.
* `bom filter` supports removal of entries by `RepositoryId`. This is sometimes required
when a (CycloneDX) BOM contains several items with the same name.
* `getdependencies javascript` creates a BOM item with the name `Homepage`. This is not the
intended name, it has to be `ProjectSite`. The code for dependency detection and component
creation has been updated. For compatibility both names are support, but `Homepage`
is marked as deprecated.
* `bom findsources` is more fail save and allows to specify GitHub credentials.