feat: Support for Python 3.11 (#349)

* feat: officially test and support Python 3.11

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* removed unused imports

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* bump `poetry` to `1.1.12` in CI

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI

Signed-off-by: Paul Horton <paul.horton@owasp.org>

* fix: removed `types-toml` from dependencies - not used

Signed-off-by: Paul Horton <paul.horton@owasp.org>

---------

Signed-off-by: Paul Horton <paul.horton@owasp.org>

Author: madpah

.github/workflows/deploy.yml

@@ -4,9 +4,9 @@ on:
   push:
     branches: [ 'main' ]
   workflow_dispatch:
-  
+
 env:
-  PYTHON_VERSION_DEFAULT: "3.10"
+  PYTHON_VERSION_DEFAULT: "3.11"
   POETRY_VERSION: "1.1.12"
 
 jobs:
@@ -22,14 +22,14 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          
+
       - name: Setup python
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v4
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
           architecture: 'x64'
-          
+
       - name: Install and configure Poetry
         # See https://github.com/marketplace/actions/install-poetry-action
         uses: snok/install-poetry@v1
@@ -38,17 +38,17 @@ jobs:
           virtualenvs-create: true
           virtualenvs-in-project: true
           installer-parallel: true
-          
+
       - name: Install dependencies
         run: poetry install --no-root
 
       - name: View poetry version
         run: poetry --version
-        
+
       - name: Python Semantic Release
         # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html
         # see https://github.com/relekang/python-semantic-release
-        uses: relekang/python-semantic-release@v7.31.2
+        uses: relekang/python-semantic-release@v7.33.2
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           repository_username: __token__

.github/workflows/poetry.yml

@@ -4,7 +4,7 @@ name: Python CI
 
 on:
   push:
-    branches: ["master", "main"]
+    branches: ["main"]
   pull_request:
     branches-ignore: ['dependabot/**']
   workflow_dispatch:
@@ -15,8 +15,8 @@ on:
 
 env:
   REPORTS_DIR: CI_reports
-  PYTHON_VERISON_DEFAULT: "3.10"
-  POETRY_VERSION: "1.1.11"
+  PYTHON_VERSION_DEFAULT: "3.11"
+  POETRY_VERSION: "1.1.12"
 
 jobs:
   coding-standards:
@@ -27,19 +27,23 @@ jobs:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/checkout@v3
+
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v4
         with:
-          python-version: ${{ env.PYTHON_VERISON_DEFAULT }}
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
           architecture: 'x64'
+
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v8
         with:
           poetry-version: ${{ env.POETRY_VERSION }}
+
       - name: Install dependencies
         run: poetry install --no-root
+
       - name: Run tox
         run: poetry run tox -e flake8 -s false
 
@@ -53,7 +57,7 @@ jobs:
         include:
           - # test with the locked dependencies
             os: ubuntu-latest
-            python-version: '3.10'
+            python-version: '3.11'
             toxenv-factor: 'locked'
           - # test with the lowest dependencies
             os: ubuntu-latest
@@ -63,19 +67,23 @@ jobs:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/checkout@v3
+
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
           architecture: 'x64'
+
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v8
         with:
           poetry-version: ${{ env.POETRY_VERSION }}
+
       - name: Install dependencies
         run: poetry install --no-root
+
       - name: Run tox
         run: poetry run tox -e mypy-${{ matrix.toxenv-factor }} -s false
 
@@ -90,7 +98,8 @@ jobs:
       matrix:
         os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
         python-version:
-          - "3.10" # highest supported
+          - "3.11" # highest supported
+          - "3.10"
           - "3.9"
           - "3.8"
           - "3.7" # lowest supported
@@ -105,35 +114,45 @@ jobs:
         run: |
           git config --global core.autocrlf false
           git config --global core.eol lf
+
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/checkout@v3
+
       - name: Create reports directory
         run: mkdir ${{ env.REPORTS_DIR }}
+
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
           architecture: 'x64'
+
       - name: Validate Python Environment
         run: echo "import sys; print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding()))" | python
+
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v8
         with:
           poetry-version: ${{ env.POETRY_VERSION }}
+
       - name: Install dependencies
         run: poetry install --no-root
+
       - name: Ensure build successful
         run: poetry build
+
       - name: Run tox
         run: poetry run tox -e py-${{ matrix.toxenv-factor }} -s false
+
       - name: Generate coverage reports
         run: >
           poetry run coverage report &&
           poetry run coverage xml -o ${{ env.REPORTS_DIR }}/coverage-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.toxenv-factor }}.xml &&
           poetry run coverage html -d ${{ env.REPORTS_DIR }}
+
       - name: Artifact reports
         if: ${{ ! cancelled() }}
         # see https://github.com/actions/upload-artifact

poetry.lock

@@ -34,6 +34,7 @@ classifiers = [
   'Programming Language :: Python :: 3.8',
   'Programming Language :: Python :: 3.9',
   'Programming Language :: Python :: 3.10',
+  'Programming Language :: Python :: 3.11',
   'Typing :: Typed',
 ]
 keywords = [
@@ -50,7 +51,6 @@ importlib-metadata = { version = ">= 3.4", python = "< 3.8" }
 packageurl-python = ">= 0.9"
 py-serializable = "^0.11.1"
 setuptools = ">= 47.0.0"
-toml = "^0.10.0"
 sortedcontainers = "^2.4.0"
 
 [tool.poetry.dev-dependencies]
@@ -68,8 +68,6 @@ jsonschema = ">= 4.4.0"
 lxml = ">=4.7.0"
 # `types-setuptools` need to stay in sync with version of `setuptools` - but 47 was not typed...
 types-setuptools = ">= 57.0.0"
-# `types-toml` need to stay in sync with version of `toml`
-types-toml = "^0.10.0"
 xmldiff = ">=2.4"
 
 [build-system]

pyproject.toml

@@ -6,5 +6,3 @@ py-serializable == 0.11.1
 importlib-metadata == 3.4.0 # ; python_version < '3.8'
 setuptools == 47.0.0
 types-setuptools == 57.0.0
-toml == 0.10.0
-types-toml == 0.10.0

requirements.lowest.txt

@@ -16,12 +16,10 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
-import unittest
 from os.path import dirname, join
 from unittest.mock import Mock, patch
 from uuid import UUID
 
-from cyclonedx.exception.model import UnknownComponentDependencyException
 from cyclonedx.model.bom import Bom
 from cyclonedx.output import get_instance
 from cyclonedx.schema import SchemaVersion
@@ -43,7 +41,6 @@
     get_bom_with_component_setuptools_with_release_notes,
     get_bom_with_component_setuptools_with_vulnerability,
     get_bom_with_component_toml_1,
-    get_bom_with_dependencies_invalid,
     get_bom_with_dependencies_valid,
     get_bom_with_external_references,
     get_bom_with_metadata_component_and_dependencies,
@@ -262,27 +259,6 @@ def test_bom_v1_4_component_with_vulnerability(self) -> None:
             fixture='bom_setuptools_with_vulnerabilities.xml'
         )
 
-    @unittest.skip('Required Vulnerability Extension Schema - dropping support')
-    def test_bom_v1_3_component_with_vulnerability(self) -> None:
-        self._validate_xml_bom(
-            bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_3,
-            fixture='bom_setuptools_with_vulnerabilities.xml'
-        )
-
-    @unittest.skip('Required Vulnerability Extension Schema - dropping support')
-    def test_bom_v1_2_component_with_vulnerability(self) -> None:
-        self._validate_xml_bom(
-            bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_2,
-            fixture='bom_setuptools_with_vulnerabilities.xml'
-        )
-
-    @unittest.skip('Required Vulnerability Extension Schema - dropping support')
-    def test_bom_v1_1_component_with_vulnerability(self) -> None:
-        self._validate_xml_bom(
-            bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_1,
-            fixture='bom_setuptools_with_vulnerabilities.xml'
-        )
-
     def test_bom_v1_0_component_with_vulnerability(self) -> None:
         self._validate_xml_bom(
             bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_0,
@@ -511,14 +487,6 @@ def test_bom_v1_2_dependencies_for_bom_component(self) -> None:
                 fixture='bom_dependencies_component.xml'
             )
 
-    @unittest.skip
-    def test_bom_v1_4_dependencies_invalid(self) -> None:
-        with self.assertRaises(UnknownComponentDependencyException):
-            self._validate_xml_bom(
-                bom=get_bom_with_dependencies_invalid(), schema_version=SchemaVersion.V1_4,
-                fixture='bom_dependencies.xml'
-            )
-
     def test_bom_v1_4_issue_275_components(self) -> None:
         with self.assertWarns(UserWarning):
             self._validate_xml_bom(

tests/test_output_xml.py

@@ -8,7 +8,7 @@ minversion = 3.10
 envlist =
     flake8
     mypy-{locked,lowest}
-    py{310,39,38,37}-{locked,lowest}
+    py{311,310,39,38,37}-{locked,lowest}
 isolated_build = True
 skip_missing_interpreters = True
 usedevelop = False