Merge branch 'main' into feature/url-map-heuristics

Author: jkowalleck

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,39 @@
+<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
+
+You can expedite processing of your PR by using this template to provide context
+and additional information. Before actually opening a PR please make sure that it
+does NOT fall into any of the following categories
+
+🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even
+∞ ban from interacting with the project depending on reoccurrence and severity.
+
+🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged
+if all other typos in the same file are also fixed with the same PR
+
+🚫 If you fail to provide any _Description_ below, your PR will be considered spam.
+If you do not check the _Affirmation_ box below, your PR will not be merged.
+
+🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will
+not be merged. If you used AI tools to assist you in writing code, but fail to
+provide the required disclosure, your PR will not be merged.
+
+🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
+
+### Description
+
+<!-- ✍️-->
+A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
+
+Resolves or fixes issue: <!-- ✍️ Add GitHub issue number in format `#0000` or `none` -->
+
+### AI Tool Disclosure
+
+- [ ] My contribution does not include any AI-generated content
+- [ ] My contribution includes AI-generated content, as disclosed below:
+  - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]`
+  - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]`
+  - Prompts: `[Summarize the key prompts or instructions given to the AI tools]`
+
+### Affirmation
+
+- [ ] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python/blob/main/CONTRIBUTING.md) guidelines

.github/workflows/docker.yml

@@ -32,7 +32,7 @@ concurrency:
 
 env:
   REPORTS_DIR: CI_reports
-  PYTHON_VERSION: "3.12"
+  PYTHON_VERSION: "3.14"
   POETRY_VERSION: "1.8.1"
 
 permissions: {}
@@ -48,7 +48,7 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: setup reports-dir
@@ -76,7 +76,7 @@ jobs:
           !failure() && !cancelled() &&
           steps.after-release.outputs.released
         # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.RUN_ARTIFACT_PYTHON_DIST }}
           path: ${{ env.DIST_SOURCE_DIR }}/
@@ -108,7 +108,7 @@ jobs:
       - name: Artifact reports
         if: ${{ ! cancelled() }}
         # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.REPORTS_ARTIFACT }}
           path: ${{ env.REPORTS_DIR }}

.github/workflows/python.yml

@@ -36,7 +36,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  PYTHON_VERSION_DEFAULT: "3.12"
+  PYTHON_VERSION_DEFAULT: "3.14"
   POETRY_VERSION: "1.8.1"
   REPORTS_DIR: CI_reports
   TESTS_REPORTS_ARTIFACT: tests-reports
@@ -52,7 +52,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -75,7 +75,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -98,7 +98,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -122,7 +122,7 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - python-version: '3.13'  # latest
+          - python-version: '3.14'  # latest
             os: ubuntu-latest
             toxenv-factors: '-current'
           - python-version: '3.9'   # lowest
@@ -131,7 +131,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -154,7 +154,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -187,7 +187,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -210,27 +210,21 @@ jobs:
           - macos-latest
           - windows-latest
         python-version:
-          - "3.13" # highest supported
+          - "3.14" # highest supported
+          - "3.13"
           - "3.12"
           - "3.11"
           - "3.10"
           - "3.9"  # lowest supported -- handled in include
         exclude:
-          - os: macos-latest
+          - os: macos-latest  # macos-latest is incompatible with some PY versions
             python-version: "3.10"
-          - os: macos-latest
+          - os: macos-latest  # macos-latest is incompatible with some PY versions
             python-version: "3.9"
-        include:
-          - os: macos-13
-            python-version: "3.10"
-            unittest-args: []
-          - os: macos-13
-            python-version: "3.9"
-            unittest-args: []
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Create reports directory
         run: mkdir ${{ env.REPORTS_DIR }}
       - name: Setup Python Environment
@@ -268,7 +262,7 @@ jobs:
       - name: Artifact reports
         if: ${{ ! cancelled() }}
         # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: '${{ env.TESTS_REPORTS_ARTIFACT }}_bnt_${{ matrix.os }}_py${{ matrix.python-version }}'
           path: ${{ env.REPORTS_DIR }}
@@ -282,7 +276,7 @@ jobs:
     steps:
       - name: fetch test artifacts
         # see https://github.com/actions/download-artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           pattern: '${{ env.TESTS_REPORTS_ARTIFACT }}_bnt_*'
           merge-multiple: true

.github/workflows/release.yml

@@ -60,7 +60,7 @@ env:
   REPORTS_DIR: CI_reports
   DIST_DIR: dist
   DIST_ARTIFACT: python-dist
-  PYTHON_VERSION_DEFAULT: "3.12"
+  PYTHON_VERSION_DEFAULT: "3.14"
   POETRY_VERSION: "1.8.1"
 
 permissions: {}
@@ -71,7 +71,7 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -94,7 +94,7 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v6
@@ -132,7 +132,7 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Setup python
@@ -184,7 +184,7 @@ jobs:
           !failure() && !cancelled() &&
           steps.release.outputs.released == 'true'
         # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.DIST_ARTIFACT }}
           path: ${{ env.DIST_DIR }}/
@@ -220,7 +220,7 @@ jobs:
           echo "GHCR_REPO=${GHCR_REPO@L}" >> "${GITHUB_ENV}"
       - name: Checkout code (${{ env.TAG }})
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ needs.release-PyPI.outputs.tag }}
       - name: setup dirs
@@ -229,7 +229,7 @@ jobs:
           mkdir "$DIST_DIR"
       - name: Fetch python dist artifact
         # see https://github.com/actions/download-artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.DIST_ARTIFACT }}
           path: ${{ env.DIST_DIR }}/
@@ -262,7 +262,7 @@ jobs:
       - name: Artifact reports
         if: ${{ ! cancelled() }}
         # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.ARTIFACT_DOCKER_SBOM }}
           path: ${{ env.REPORTS_DIR }}/*.bom.*

.readthedocs.yaml

@@ -6,9 +6,9 @@ version: 2
 
 # Set the version of Python and other tools you might need
 build:
-  os: ubuntu-22.04
+  os: ubuntu-lts-latest
   tools:
-    python: "3.9"
+    python: "3.14"
     # You can also specify other tool versions:
     # nodejs: "16"
     # rust: "1.55"

CHANGELOG.md

@@ -2,6 +2,27 @@
 
 <!-- version list -->
 
+## v7.2.1 (2025-10-29)
+
+### Documentation
+
+- Basic support for CycloneDX 1.7 ([#984](https://github.com/CycloneDX/cyclonedx-python/pull/984),
+  [`6477a3f`](https://github.com/CycloneDX/cyclonedx-python/commit/6477a3ff5634f7f11b2a711e68b442c6539d91b4))
+
+
+## v7.2.0 (2025-10-16)
+
+### Documentation
+
+- Add Changelog to project urls
+  ([`5f38d75`](https://github.com/CycloneDX/cyclonedx-python/commit/5f38d7545f736eb07029095171ab09c3e3cf77ab))
+
+### Features
+
+- Support Python 3.14 ([#982](https://github.com/CycloneDX/cyclonedx-python/pull/982),
+  [`ef36abe`](https://github.com/CycloneDX/cyclonedx-python/commit/ef36abe64ff68149e3cb055e4374bcde5b67f580))
+
+
 ## v7.1.0 (2025-09-02)
 
 ### Documentation

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13-slim
+FROM python:3.14-slim
 
 ARG VERSION
 

cyclonedx_py/__init__.py

@@ -17,7 +17,7 @@
 
 # !! version is managed by `semantic_release`
 # do not use typing here, or else `semantic_release` might have issues finding the variable
-__version__ = "7.1.0"  # noqa:Q000
+__version__ = "7.2.1"  # noqa:Q000
 
 # There is no stable/public API.
 # However, you might call the stable CLI instead, like so:

docs/conf.py

@@ -24,7 +24,7 @@
 
 # The full version, including alpha/beta/rc tags
 # !! version is managed by semantic_release
-release = "7.1.0"
+release = "7.2.1"
 
 # -- General configuration ---------------------------------------------------
 

docs/requirements.txt

@@ -1,3 +1,3 @@
 m2r2>=0.3.2
-sphinx>=7.2.6,<9
-sphinx-rtd-theme>=2.0.0,<3
+sphinx>=8,<9
+sphinx-rtd-theme>=3,<4