From f36531396d80d9a327851c8221cd1a2898fbbc6b Mon Sep 17 00:00:00 2001 From: Souta Kawahara Date: Fri, 27 Jun 2025 09:06:32 +0900 Subject: [PATCH 1/4] fix: Move class attribute warnings from constructor to setter Signed-off-by: Souta Kawahara --- cyclonedx/model/bom.py | 11 +++++------ cyclonedx/model/component.py | 12 ++++++------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py index ee649366..daf69aa5 100644 --- a/cyclonedx/model/bom.py +++ b/cyclonedx/model/bom.py @@ -87,13 +87,7 @@ def __init__( self.properties = properties or [] self.manufacturer = manufacturer self.lifecycles = lifecycles or [] - self.manufacture = manufacture - if manufacture: - warn( - '`bom.metadata.manufacture` is deprecated from CycloneDX v1.6 onwards. ' - 'Please use `bom.metadata.component.manufacturer` instead.', - DeprecationWarning) @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @@ -214,6 +208,11 @@ def manufacture(self, manufacture: Optional[OrganizationalEntity]) -> None: @todo Based on https://github.com/CycloneDX/specification/issues/346, we should set this data on `.component.manufacturer`. """ + if manufacture: + warn( + '`bom.metadata.manufacture` is deprecated from CycloneDX v1.6 onwards. ' + 'Please use `bom.metadata.component.manufacturer` instead.', + DeprecationWarning) self._manufacture = manufacture @property diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py index b0e24005..ff031e3e 100644 --- a/cyclonedx/model/component.py +++ b/cyclonedx/model/component.py @@ -1035,12 +1035,6 @@ def __init__( self.crypto_properties = crypto_properties self.tags = tags or [] - if modified: - warn('`.component.modified` is deprecated from CycloneDX v1.3 onwards. ' - 'Please use `@.pedigree` instead.', DeprecationWarning) - if author: - warn('`.component.author` is deprecated from CycloneDX v1.6 onwards. ' - 'Please use `@.authors` or `@.manufacturer` instead.', DeprecationWarning) @property @serializable.type_mapping(_ComponentTypeSerializationHelper) @@ -1175,6 +1169,9 @@ def author(self) -> Optional[str]: @author.setter def author(self, author: Optional[str]) -> None: + if author: + warn('`.component.author` is deprecated from CycloneDX v1.6 onwards. ' + 'Please use `@.authors` or `@.manufacturer` instead.', DeprecationWarning) self._author = author @property @@ -1450,6 +1447,9 @@ def modified(self) -> bool: @modified.setter def modified(self, modified: bool) -> None: + if modified: + warn('`.component.modified` is deprecated from CycloneDX v1.3 onwards. ' + 'Please use `@.pedigree` instead.', DeprecationWarning) self._modified = modified @property From e60c6316a2262a5ea1c5e303c7267448c81df489 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 3 Jul 2025 11:31:43 +0200 Subject: [PATCH 2/4] Update cyclonedx/model/bom.py Signed-off-by: Jan Kowalleck --- cyclonedx/model/bom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py index daf69aa5..6ca68963 100644 --- a/cyclonedx/model/bom.py +++ b/cyclonedx/model/bom.py @@ -208,7 +208,7 @@ def manufacture(self, manufacture: Optional[OrganizationalEntity]) -> None: @todo Based on https://github.com/CycloneDX/specification/issues/346, we should set this data on `.component.manufacturer`. """ - if manufacture: + if manufacture is not None: warn( '`bom.metadata.manufacture` is deprecated from CycloneDX v1.6 onwards. ' 'Please use `bom.metadata.component.manufacturer` instead.', From e2f9465fcd98bc8da3c1e1e6e3086cf0662b6879 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 3 Jul 2025 11:31:54 +0200 Subject: [PATCH 3/4] Update cyclonedx/model/component.py Signed-off-by: Jan Kowalleck --- cyclonedx/model/component.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py index ff031e3e..9e999f72 100644 --- a/cyclonedx/model/component.py +++ b/cyclonedx/model/component.py @@ -1169,7 +1169,7 @@ def author(self) -> Optional[str]: @author.setter def author(self, author: Optional[str]) -> None: - if author: + if author is not None: warn('`.component.author` is deprecated from CycloneDX v1.6 onwards. ' 'Please use `@.authors` or `@.manufacturer` instead.', DeprecationWarning) self._author = author From 5dee8feb512b7c8bee5ac1724dd3debadaf75548 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 3 Jul 2025 11:48:04 +0200 Subject: [PATCH 4/4] tidy Signed-off-by: Jan Kowalleck --- cyclonedx/model/bom.py | 1 + cyclonedx/model/component.py | 14 +++++++------- cyclonedx/model/tool.py | 9 +++++---- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py index 6ca68963..4d030169 100644 --- a/cyclonedx/model/bom.py +++ b/cyclonedx/model/bom.py @@ -87,6 +87,7 @@ def __init__( self.properties = properties or [] self.manufacturer = manufacturer self.lifecycles = lifecycles or [] + # deprecated properties below self.manufacture = manufacture @property diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py index 9e999f72..6737b39e 100644 --- a/cyclonedx/model/component.py +++ b/cyclonedx/model/component.py @@ -1010,11 +1010,9 @@ def __init__( self.supplier = supplier self.manufacturer = manufacturer self.authors = authors or [] - self.author = author self.publisher = publisher self.group = group self.name = name - self.version = version self.description = description self.scope = scope self.hashes = hashes or [] @@ -1025,7 +1023,6 @@ def __init__( self.omnibor_ids = omnibor_ids or [] self.swhids = swhids or [] self.swid = swid - self.modified = modified self.pedigree = pedigree self.external_references = external_references or [] self.properties = properties or [] @@ -1034,7 +1031,10 @@ def __init__( self.release_notes = release_notes self.crypto_properties = crypto_properties self.tags = tags or [] - + # spec-deprecated properties below + self.author = author + self.modified = modified + self.version = version @property @serializable.type_mapping(_ComponentTypeSerializationHelper) @@ -1170,7 +1170,7 @@ def author(self) -> Optional[str]: @author.setter def author(self, author: Optional[str]) -> None: if author is not None: - warn('`.component.author` is deprecated from CycloneDX v1.6 onwards. ' + warn('`@.author` is deprecated from CycloneDX v1.6 onwards. ' 'Please use `@.authors` or `@.manufacturer` instead.', DeprecationWarning) self._author = author @@ -1252,7 +1252,7 @@ def version(self) -> Optional[str]: @version.setter def version(self, version: Optional[str]) -> None: if version and len(version) > 1024: - warn('`.component.version`has a maximum length of 1024 from CycloneDX v1.6 onwards.', UserWarning) + warn('`@.version`has a maximum length of 1024 from CycloneDX v1.6 onwards.', UserWarning) self._version = version @property @@ -1448,7 +1448,7 @@ def modified(self) -> bool: @modified.setter def modified(self, modified: bool) -> None: if modified: - warn('`.component.modified` is deprecated from CycloneDX v1.3 onwards. ' + warn('`@.modified` is deprecated from CycloneDX v1.3 onwards. ' 'Please use `@.pedigree` instead.', DeprecationWarning) self._modified = modified diff --git a/cyclonedx/model/tool.py b/cyclonedx/model/tool.py index 6b56057f..904cd78b 100644 --- a/cyclonedx/model/tool.py +++ b/cyclonedx/model/tool.py @@ -203,12 +203,9 @@ def __init__( # Deprecated since v1.5 tools: Optional[Iterable[Tool]] = None ) -> None: - if tools: - warn('`@.tools` is deprecated from CycloneDX v1.5 onwards. ' - 'Please use `@.components` and `@.services` instead.', - DeprecationWarning) self.components = components or () self.services = services or () + # spec-deprecated properties below self.tools = tools or () @property @@ -241,6 +238,10 @@ def tools(self) -> 'SortedSet[Tool]': @tools.setter def tools(self, tools: Iterable[Tool]) -> None: + if tools: + warn('`@.tools` is deprecated from CycloneDX v1.5 onwards. ' + 'Please use `@.components` and `@.services` instead.', + DeprecationWarning) self._tools = SortedSet(tools) def __len__(self) -> int: