build(deps): update cyclonedx-python-lib requirement from <1.0.0,>=0.…

…11.1 to >=0.11.1,<2.0.0 (#216) * build(deps): update cyclonedx-python-lib requirement Updates the requirements on [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) to permit the latest version. - [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md) - [Commits](CycloneDX/cyclonedx-python-lib@v0.11.1...v1.1.0) --- updated-dependencies: - dependency-name: cyclonedx-python-lib dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cyclonedx-python-lib, API changes * CHANGELOG: record changes * Update setup.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: William Woodruff <william@trailofbits.com> Co-authored-by: William Woodruff <william.woodruff@trailofbits.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
pypa · Jan 13, 2022 · 5c6a41c · 5c6a41c
1 parent b1363f1
commit 5c6a41c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,11 @@ All versions prior to 0.0.9 are untracked.
 
 ### Changed
 
+* Output formats: The SBOM output formats (`--format=cyclonedx-xml` and
+  `--format=cyclonedx-json`) now use CycloneDX
+  [Schema 1.4](https://cyclonedx.org/docs/1.4/xml/)
+  ([#216](https://github.com/trailofbits/pip-audit/pull/216))
+
 ### Fixed
 
 ### Removed

diff --git a/pip_audit/_format/cyclonedx.py b/pip_audit/_format/cyclonedx.py
@@ -33,8 +33,7 @@ def __init__(self, result: Dict[service.Dependency, List[service.VulnerabilityRe
                     Vulnerability(
                         id=vuln.id,
                         description=vuln.description,
-                        advisories=[f"Upgrade: {v}" for v in vuln.fix_versions],
-                        recommendations=["Upgrade"],
+                        recommendation="Upgrade",
                     )
                 )
 
@@ -75,6 +74,10 @@ def format(self, result: Dict[service.Dependency, List[service.VulnerabilityResu
         parser = _PipAuditResultParser(result)
         bom = Bom.from_parser(parser)
 
-        formatter = output.get_instance(bom=bom, output_format=self._inner_format.value)
+        formatter = output.get_instance(
+            bom=bom,
+            output_format=self._inner_format.value,
+            schema_version=output.SchemaVersion.V1_4,
+        )
 
         return formatter.output_as_string()
diff --git a/setup.py b/setup.py
@@ -36,7 +36,7 @@
         "resolvelib>=0.8.0",
         "html5lib>=1.1",
         "CacheControl[filecache]>=0.12.10",
-        "cyclonedx-python-lib>=0.11.1,<1.0.0",
+        "cyclonedx-python-lib>=1.0.0,<2.0.0",
     ],
     extras_require={
         "dev": [