From 6bcbe5b818863652679edab2d79db5cfdbf43988 Mon Sep 17 00:00:00 2001 From: Jeffrey Parker Date: Thu, 26 Feb 2026 11:21:29 -0500 Subject: [PATCH 1/2] Upgrade SBOM tooling for Python 3.13+ support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - cyclonedx-bom 3.11.7 → 7.2.2 (3.x doesn't support Python 3.13) - cyclonedx-cli v0.24.2 → v0.30.0 (CycloneDX v1.7 / SPDX 2.3) - Update CLI invocation: `cyclonedx-py --e --format json` → `cyclonedx-py environment` (the `--e` flag became the `environment` subcommand; JSON is the default output format) --- .github/actions/sbom-convert/action.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/sbom-convert/action.yml b/.github/actions/sbom-convert/action.yml index 4dcaa3a5..bbb22531 100644 --- a/.github/actions/sbom-convert/action.yml +++ b/.github/actions/sbom-convert/action.yml @@ -4,7 +4,7 @@ runs: steps: - name: Install CycloneDX run: | - wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64 + wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.30.0/cyclonedx-linux-x64 chmod a+x cyclonedx-linux-x64 shell: bash - name: Convert SBOM diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d5556f10..520f91da 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,8 +24,8 @@ jobs: pip install setuptools wheel twine - name: Generate SBOM run: | - pip install cyclonedx-bom==3.11.7 - cyclonedx-py --e --format json -o cyclonedx-sbom.json + pip install cyclonedx-bom==7.2.2 + cyclonedx-py environment -o cyclonedx-sbom.json - name: Convert SBOM uses: duosecurity/duo_client_python/.github/actions/sbom-convert@master - name: Build and publish From 8a09ab708f7e938e49633bc6151a7ad4cb3783af Mon Sep 17 00:00:00 2001 From: Jeffrey Parker Date: Thu, 26 Feb 2026 11:21:36 -0500 Subject: [PATCH 2/2] Bump GitHub Actions to current versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - actions/checkout v2 → v4 - actions/setup-python v2 → v5 --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 520f91da..b4fd47e1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: Install dependencies