Capycli

* `project show` now also displays the component clearing state.
* `bom filter` allows to include additional filter lists. This simplifies filtering
for large number of BOM entries and many items to get filtered.
* `bom create*` will now ignore rejected attachments in SW360.
So if an invalid attachment is rejected in SW360, it will upload the fixed sources.
* `project update` will not overwrite links to other projects any more
* A couple of crashes have been fixed in `bom map`, `bom filter` and `project create`.
* several fixes for purl cache handling.

* **License changed to MIT!**
* `bom map` handles now also multiple package-urls per release correctly.
* new command `project update` which will *add* new releases instead of replacing existing links.
* `project prerequisites` now checks if all BOM entries are in SW360 project.
* BOM mapping documented.
* `bom CheckItemStatus` updated:
* the new default is that only the releases in the BOM are shown. Only when the flag `-all` is specified,
all versions of the component are checked.
* new option `-cx` to support the CycloneDX SBOM format.
* Have improved help support.
* New command `bom findsources` to find source code for existing BOMs.
* `bom filter` supports removal of entries by `RepositoryId`. This is sometimes required
when a (CycloneDX) BOM contains several items with the same name.
* `getdependencies javascript` creates a BOM item with the name `Homepage`. This is not the
intended name, it has to be `ProjectSite`. The code for dependency detection and component
creation has been updated. For compatibility both names are support, but `Homepage`
is marked as deprecated.
* `bom findsources` is more fail save and allows to specify GitHub credentials.

* New parameter `-package-source` to specify a custom package manager.
The parameter is very helpful if your are in an environment where you cannot access
the internet, for example when running CI/CD on code.siemens.com.
Package metadata can get retrieved for example from BT-Artifactory:
* NPM: https://devops.bt.siemens.com/artifactory/api/npm/npm-all/
* Fix: NOT_README_OSS tags are now properly handled during Readme_OSS generation.
* The granularity check reset all release information which are not correct anymore after merging
them by granularity check.
* When downloading files in `bom createcomponents`, filenames are now updated according to
HTTP `content-disposition`.
* `bom diff` can now write lists of different and of identical BOM items.
* `bom map` has some improvements in package-url handling.
* `getdependencies javascript` has an improved method to determine source files.
* `getdependencies MavenList` has improved parsing of Maven output.
* `project create` can now use all data in projectinfo.json that conforms with the REST API
specification. It is now for example also possible to add attachment during project creation.
* New option -cx to support the CycloneDX SBOM format for the commands
* `bom diff`
* Unit tests for `bom diff` added.
* Improved help support:
* When `-h` is specified for a main command, a help on all respective subcommands.
Available for `bom`, `moverview`, `mapping`, `project`, `getdependencies`.
* When `-h` is specified for a sub-command, then a specific help for this sub-command is shown.
Available for `show bom`, `bom filter`, `bom diff`, `bom merge`, `bom check`, `bom granularity`,
`bom fromsbom`, `bom map`, `bom createcomponents`, `bom downloadsources`,
`mapping toxlsx`, `mapping tohtml`, `moverview toxlsx`, `moverview tohtml`,
`getdependencies python`, `getdependencies javascript`, `getdependencies nuget`,
`getdependencies mavenpom`, `getdependencies mavenlist`.

Pre-release 1.5.0b1 (2021-12-03)

* `bom filter` now supports trailing wildcards.
* Improved CycloneDX handling (schema 1.3) for commands `bom fromsbom` and `bom tosbom`.
* New option -cx to support the CycloneDX SBOM format for the commands
* `bom show`
* `bom filter`
* `bom map`
* `bom check`
* `bom createcomponents`
* `project create`
* `bom granularity`

* Fix wrong project id assignment in `project show`.

* `bom create` supports additional BOM fields `SourceFileType` and `SourceFileComment`
* `bom create` now supports updating of existing releases - source URL and
external ID will be added if not set already. Source file will be uploaded if
the existing release has no source attachments - otherwise `capycli` will
warn if existing upload doesn't match BOM. So `bom create` can be interrupted
and resumed at any time or just ran to verify existing releases.
* `getdependencies javascript` now creates package-urls and no longer npm-ids.
* `getdependencies nuget` now creates package-urls and no longer nuget-ids.

* `bom create` with `--dbx` option will reuse existing SW360 releases with
"similar" Debian versions. It will ignore epoch prefix ("2:") and ".debian"
suffix, so BOM entry "2:5.2.1-1.debian" will match SW360 release "5.2.1-1".
* `bom create` only downloads missing sources if --download is specified
* `bom create` now respects filename given in "SourceFile" also when "SourceFileUrl" is given
* `getdependencies python` now uses the common -source option to specify the folder for
downloading sources instead of the special --download_sources option
* `getdependencies mavenlist` allows now to specify a Maven dependency file using the -i option.
This file is then converted to a BOM.