diff --git a/HISTORY.md b/HISTORY.md
index 20734658..72cb42b1 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -4,10 +4,15 @@ All notable changes to this project will be documented in this file.
## unreleased
+## 4.1.1 - 2023-08-28
+
+* Dependencies
+ * Requires `cyclonedx/cyclonedx-library:^2.3||^3.0`, was `:^2.3` (via [#398])
* Style
* Applied latest PHP Coding Standards (via [#395])
[#395]: https://github.com/CycloneDX/cyclonedx-php-composer/pull/395
+[#398]: https://github.com/CycloneDX/cyclonedx-php-composer/pull/398
## 4.1.0 - 2023-07-04
diff --git a/composer.json b/composer.json
index f5fe6cca..d0d2bd37 100644
--- a/composer.json
+++ b/composer.json
@@ -39,7 +39,7 @@
"require": {
"php": "^8.1",
"composer-plugin-api": "^2.3",
- "cyclonedx/cyclonedx-library": "^2.3",
+ "cyclonedx/cyclonedx-library": "^2.3 || ^3.0",
"package-url/packageurl-php": "^1.0"
},
"require-dev": {
diff --git a/src/MakeBom/Command.php b/src/MakeBom/Command.php
index 598ac6d6..f4be9d50 100644
--- a/src/MakeBom/Command.php
+++ b/src/MakeBom/Command.php
@@ -28,7 +28,6 @@
use Composer\IO\IOInterface;
use CycloneDX\Core\Serialization;
use CycloneDX\Core\Spec\Format;
-use CycloneDX\Core\Spec\Spec;
use CycloneDX\Core\Spec\SpecFactory;
use CycloneDX\Core\Utils\BomUtility;
use CycloneDX\Core\Validation\Validator;
@@ -45,6 +44,8 @@
/**
* @internal
*
+ * @template TSpec
+ *
* @author jkowalleck
*/
class Command extends BaseCommand
@@ -87,7 +88,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$io->writeErrorRaw(__METHOD__.' Options: '.var_export($this->options, true), verbosity: IOInterface::DEBUG);
try {
- $spec = SpecFactory::makeForVersion($this->options->specVersion);
+ $spec = $this->makeSpec();
$bom = $this->generateBom($io, $spec);
$this->validateBom($bom, $spec, $io);
$this->writeBom($bom, $io);
@@ -113,9 +114,23 @@ protected function execute(InputInterface $input, OutputInterface $output): int
}
/**
+ * @throws Throwable on error
+ *
+ * @return TSpec
+ *
+ * @psalm-suppress InvalidReturnType,InvalidReturnStatement -- psalm has issues with template TSpec
+ */
+ private function makeSpec()
+ {
+ return SpecFactory::makeForVersion($this->options->specVersion);
+ }
+
+ /**
+ * @param TSpec $spec
+ *
* @throws Throwable on error
*/
- private function generateBom(IOInterface $io, Spec $spec): string
+ private function generateBom(IOInterface $io, $spec): string
{
$io->writeError('generate BOM...', verbosity: IOInterface::VERBOSE);
@@ -157,7 +172,11 @@ private function generateBom(IOInterface $io, Spec $spec): string
));
$io->writeError('serialize BOM...', verbosity: IOInterface::VERBOSE);
- /** @var Serialization\Serializer */
+ /**
+ * @var Serialization\Serializer $serializer
+ *
+ * @psalm-suppress MixedArgumentTypeCoercion -- psalm has issues wth template TSpec for $spec
+ */
$serializer = match ($this->options->outputFormat) {
Format::JSON => new Serialization\JsonSerializer(new Serialization\JSON\NormalizerFactory($spec)),
Format::XML => new Serialization\XmlSerializer(new Serialization\DOM\NormalizerFactory($spec)),
@@ -169,10 +188,12 @@ private function generateBom(IOInterface $io, Spec $spec): string
}
/**
+ * @param TSpec $spec
+ *
* @throws Errors\ValidationError on validation errors
* @throws Throwable on error
*/
- private function validateBom(string $bom, Spec $spec, IOInterface $io): void
+ private function validateBom(string $bom, $spec, IOInterface $io): void
{
if (false === $this->options->validate) {
$io->writeError('skipped BOM validation.', verbosity: IOInterface::VERBOSE);
@@ -180,7 +201,11 @@ private function validateBom(string $bom, Spec $spec, IOInterface $io): void
return;
}
$io->writeError('validate BOM...', verbosity: IOInterface::VERBOSE);
- /** @var Validator */
+ /**
+ * @var Validator $validator
+ *
+ * @psalm-suppress MixedArgumentTypeCoercion -- psalm has issues wth template TSpec for $spec
+ **/
$validator = match ($this->options->outputFormat) {
Format::JSON => new Validators\JsonStrictValidator($spec),
Format::XML => new Validators\XmlValidator($spec),