diff --git a/tools/sbom-diff-and-risk/examples/sample-policy-warn-report.sarif b/tools/sbom-diff-and-risk/examples/sample-policy-warn-report.sarif index ad993ea..60720ec 100644 --- a/tools/sbom-diff-and-risk/examples/sample-policy-warn-report.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-policy-warn-report.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "1.0.0", - "semanticVersion": "1.0.0", + "version": "1.1.0.dev0", + "semanticVersion": "1.1.0.dev0", "rules": [ { "id": "sdr.new_package", diff --git a/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif b/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif index 0e1b4ee..5f04371 100644 --- a/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "1.0.0", - "semanticVersion": "1.0.0", + "version": "1.1.0.dev0", + "semanticVersion": "1.1.0.dev0", "rules": [ { "id": "sdr.policy_violation.provenance_required", diff --git a/tools/sbom-diff-and-risk/examples/sample-sarif.sarif b/tools/sbom-diff-and-risk/examples/sample-sarif.sarif index 5497c36..c8ad93f 100644 --- a/tools/sbom-diff-and-risk/examples/sample-sarif.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-sarif.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "1.0.0", - "semanticVersion": "1.0.0", + "version": "1.1.0.dev0", + "semanticVersion": "1.1.0.dev0", "rules": [ { "id": "sdr.major_upgrade", diff --git a/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif b/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif index afe83cb..761976c 100644 --- a/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "1.0.0", - "semanticVersion": "1.0.0", + "version": "1.1.0.dev0", + "semanticVersion": "1.1.0.dev0", "rules": [ { "id": "sdr.policy_violation.scorecard_below_threshold", diff --git a/tools/sbom-diff-and-risk/pyproject.toml b/tools/sbom-diff-and-risk/pyproject.toml index 6f43231..9638e3c 100644 --- a/tools/sbom-diff-and-risk/pyproject.toml +++ b/tools/sbom-diff-and-risk/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "sbom-diff-and-risk" -version = "1.0.0" +version = "1.1.0.dev0" description = "Deterministic SBOM diff CLI with heuristic risk reporting." readme = { file = "PYPI_DESCRIPTION.md", content-type = "text/markdown" } requires-python = ">=3.11" diff --git a/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py b/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py index 8606a37..9576422 100644 --- a/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py +++ b/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py @@ -2,4 +2,4 @@ __all__ = ["__version__"] -__version__ = "1.0.0" +__version__ = "1.1.0.dev0" diff --git a/tools/sbom-diff-and-risk/tests/test_release_workflow.py b/tools/sbom-diff-and-risk/tests/test_release_workflow.py index f0acc54..121eae4 100644 --- a/tools/sbom-diff-and-risk/tests/test_release_workflow.py +++ b/tools/sbom-diff-and-risk/tests/test_release_workflow.py @@ -54,14 +54,14 @@ def test_release_workflow_normalizes_build_timestamps_before_checksums() -> None assert epoch_index < build_index < normalize_index < checksum_index -def test_v1_release_metadata_and_public_status_are_aligned() -> None: +def test_main_development_metadata_and_v1_stable_status_are_aligned() -> None: project = tomllib.loads(PYPROJECT.read_text(encoding="utf-8"))["project"] package_init = PACKAGE_INIT.read_text(encoding="utf-8") root_readme = ROOT_README.read_text(encoding="utf-8") tool_readme = TOOL_README.read_text(encoding="utf-8") - assert project["version"] == "1.0.0" - assert '__version__ = "1.0.0"' in package_init + assert project["version"] == "1.1.0.dev0" + assert '__version__ = "1.1.0.dev0"' in package_init assert "Current stable flagship release: `sbom-diff-and-risk` `v1.0.0`" in root_readme assert "`v1.0.0` is the stable Policy Evidence GitHub release" in tool_readme assert "final candidate" not in root_readme @@ -79,12 +79,12 @@ def test_v1_release_notes_capture_rc_compatibility_boundary() -> None: assert "Production PyPI publishing remains deferred" in text -def test_v1_sarif_golden_fixtures_use_final_version() -> None: +def test_main_sarif_golden_fixtures_use_development_version() -> None: fixtures = sorted(EXAMPLES.glob("sample-*.sarif")) assert fixtures for fixture in fixtures: payload = json.loads(fixture.read_text(encoding="utf-8")) driver = payload["runs"][0]["tool"]["driver"] - assert driver["version"] == "1.0.0", fixture.name - assert driver["semanticVersion"] == "1.0.0", fixture.name + assert driver["version"] == "1.1.0.dev0", fixture.name + assert driver["semanticVersion"] == "1.1.0.dev0", fixture.name