From f8a4d08aeaf667983dfea699df354b835cc08e44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 08:30:50 +0000
Subject: [PATCH 1/2] chore(deps-dev): update cyclonedx-bom requirement

Updates the requirements on [cyclonedx-bom](https://github.com/CycloneDX/cyclonedx-python) to permit the latest version.
- [Release notes](https://github.com/CycloneDX/cyclonedx-python/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/CycloneDX/cyclonedx-python/compare/v3.11.0...v4.1.1)

---
updated-dependencies:
- dependency-name: cyclonedx-bom
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 1fa9848d..214d0da5 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -48,7 +48,7 @@ dev = [
     "pip-audit >=2.4.4,<3.0.0",
     "pylint >=3.0.0,<3.1.0",
     "perflint >=0.8.0,<1.0.0",
-    "cyclonedx-bom >=3.11.0,<4.0.0",
+    "cyclonedx-bom >=3.11.0,<5.0.0",
 ]
 docs = [
     "sphinx >=5.1.1,<8.0.0",

From 1062680cbf56315f8826f9cc8f30b1f34c63940e Mon Sep 17 00:00:00 2001
From: Jens Troeger <jens.troeger@light-speed.de>
Date: Fri, 5 Apr 2024 07:28:39 +1000
Subject: [PATCH 2/2] chore: fix deps and Makefile

---
 Makefile       | 2 +-
 pyproject.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index e5ca2180..2849dd94 100644
--- a/Makefile
+++ b/Makefile
@@ -107,7 +107,7 @@ upgrade-quiet:
 # Generate a Software Bill of Materials (SBOM).
 .PHONY: sbom
 sbom: requirements
-	cyclonedx-py --force --requirements --format json --output dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json
+	cyclonedx-py requirements --output-format json --outfile dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json
 
 # Generate a requirements.txt file containing version and integrity hashes for all
 # packages currently installed in the virtual environment. There's no easy way to
diff --git a/pyproject.toml b/pyproject.toml
index 214d0da5..4c8cc19d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -48,7 +48,7 @@ dev = [
     "pip-audit >=2.4.4,<3.0.0",
     "pylint >=3.0.0,<3.1.0",
     "perflint >=0.8.0,<1.0.0",
-    "cyclonedx-bom >=3.11.0,<5.0.0",
+    "cyclonedx-bom >=4.0.0,<5.0.0",
 ]
 docs = [
     "sphinx >=5.1.1,<8.0.0",