Bump to version 11.1.0

spoorcc · spoorcc · commit 92d8775f932c · 2025-10-04T17:34:39.000+02:00
diff --git a/dfetch/reporting/sbom_reporter.py b/dfetch/reporting/sbom_reporter.py
@@ -15,10 +15,12 @@
         An fetched project generates an sbom
 """
 
-from cyclonedx.model import ExternalReference, ExternalReferenceType, Tool, XsUri
+from cyclonedx.builder.this import this_component as cdx_lib_component
+from cyclonedx.model import ExternalReference, ExternalReferenceType, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component, ComponentType
 from cyclonedx.model.license import LicenseExpression
+from cyclonedx.model.tool import Tool
 from cyclonedx.output import make_outputter
 from cyclonedx.schema import OutputFormat, SchemaVersion
 
@@ -37,7 +39,8 @@ class SbomReporter(Reporter):
     def __init__(self) -> None:
         """Start the report."""
         self._bom = Bom()
-        self._bom.metadata.tools.add(self.dfetch_tool)
+        self._bom.metadata.tools.tools.add(self.dfetch_tool)
+        self._bom.metadata.tools.components.add(cdx_lib_component())
 
     def add_project(
         self, project: ProjectEntry, license_name: str, version: str
diff --git a/features/report-sbom.feature b/features/report-sbom.feature
@@ -47,7 +47,7 @@ Feature: Create an CycloneDX sbom
                         {
                             "vendor": "CycloneDX",
                             "name": "cyclonedx-python-lib",
-                            "version": "7.1.0",
+                            "version": "11.1.0",
                             "externalReferences": [
                                 {
                                     "url": "https://pypi.org/project/cyclonedx-python-lib/",
diff --git a/features/steps/generic_steps.py b/features/steps/generic_steps.py
@@ -23,7 +23,7 @@
 git_hash = re.compile(r"(\s?)[a-f0-9]{40}(\s?)")
 iso_timestamp = re.compile(r'"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}\+\d{2}:\d{2}')
 urn_uuid = re.compile(r"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}")
-bom_ref = re.compile(r"BomRef\.[0-9]{16}\.[0-9]{16}")
+bom_ref = re.compile(r"BomRef\.[0-9]+\.[0-9]+")
 svn_error = re.compile(r"svn: E\d{6}: .+")
 
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -48,7 +48,7 @@ dependencies = [
     "sarif-om==1.0.4",
     "semver==3.0.4",
     "patch-ng==1.18.1",
-    "cyclonedx-python-lib==7.1.0",
+    "cyclonedx-python-lib==11.1.0",
     "infer-license==0.1.0; python_version <= '3.10.0'",
     "infer-license==0.2.0; python_version > '3.10.0'",
     'setuptools; python_version >= "3.12"',                  # contains 'pkg_resources' for infer-license

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ Feature: Create an CycloneDX sbom`
`47`	`47`	`{`
`48`	`48`	`"vendor": "CycloneDX",`
`49`	`49`	`"name": "cyclonedx-python-lib",`
`50`		`- "version": "7.1.0",`
	`50`	`+ "version": "11.1.0",`
`51`	`51`	`"externalReferences": [`
`52`	`52`	`{`
`53`	`53`	`"url": "https://pypi.org/project/cyclonedx-python-lib/",`