Workflow

Cyclonedx-python-lib

Latest version: v9.1.0

Safety actively analyzes 723144 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 19

7.6.0

Feature

* feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (663)

The code mistreated hashes for Blake2b and SHA3.
Code for explicitly handling SHA1 & BLAKE3 was added, as those have no
variants defined in the CycloneDX specification.

fixes 652

---------

Signed-off-by: Michael Schlenker <michael.schlenkercontact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenkercontact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1))

7.5.1

Fix

* fix: XML serialize `normalizedString` and `token` properly (646)

fixes 638

---------

Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`b40f739`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b40f739206a44f7dbd94042fb5e1a37c047ea024))

7.5.0

Feature

* feat: add workaround property for v1.5 and v1.6 (642)

Property `workaround` was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.

This is my first contribution on this project so if I done something
wrong, just say me :smiley:

Signed-off-by: Louis Maillard <louis.maillardsavoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillardprotonmail.com>
Co-authored-by: Louis Maillard <louis.maillardsavoirfairelinux.com> ([`b5ebcf8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b5ebcf8104faf57030cbc5d8190c78524ab86431))

7.4.1

Documentation

* docs: exclude dep bumps from changelog (627)

fixes 616

---------

Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`60361f7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/60361f781a1b356f24a553e133e0f58a2ad37a7d))

Fix

* fix: `cyclonedx.model.Property.value` value is optional (631)

`cyclonedx.model.Property.value` value is optional, in accordance with
the spec.

fixes 630

---------

Signed-off-by: Michael Schlenker <michael.schlenkercontact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com>
Co-authored-by: Michael Schlenker <michael.schlenkercontact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`ad0f98b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ad0f98b433fd85ba14db6b6288f33d98bc79ee51))

7.4.0

Documentation

* docs: OSSP best practice percentage

Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`75f58dc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75f58dcd41c1495737bff69d354beeeff7660c15))

Feature

* feat: updated SPDX license list to `v3.24.0` (622)

Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`3f9770a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3f9770a95fbe48dfc0cb911a6526690017c2fb37))

7.3.4

Fix

* fix: allow suppliers with empty-string names (611)

fixes 600

---------

Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`b331aeb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b331aeb4b7261c7b1359c592b2dcda27bd35e369))

Page 4 of 19

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.