Merge branch 'master' into spdx-schema_pull-latest

Author: jkowalleck

.github/workflows/test_js.yml

@@ -29,9 +29,10 @@ jobs:
         uses: actions/checkout@v5
       - name: Setup Node.js
         # see https://github.com/actions/setup-node
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
+          package-manager-cache: false
       - name: Install Depenencies
         run: npm install
       - name: Run test 

README.md

@@ -1,17 +1,20 @@
-[![Build Docs](https://github.com/CycloneDX/specification/actions/workflows/build_docs.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/build_docs.yml)
-[![CT Java](https://github.com/CycloneDX/specification/actions/workflows/test_java.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_java.yml)
-[![CT JavaScript](https://github.com/CycloneDX/specification/actions/workflows/test_js.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_js.yml)
-[![CT PHP](https://github.com/CycloneDX/specification/actions/workflows/test_php.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_php.yml)
-[![CT ProtoBuf](https://github.com/CycloneDX/specification/actions/workflows/test_proto.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_proto.yml)  
+
+# CycloneDX Bill of Materials Specification (ECMA-424)
+
 [![License][license-image]][license-url]
+[![ECMA TC54](https://img.shields.io/badge/ECMA-TC54-FC7C00?labelColor=404040)](https://tc54.org) 
 [![Website](https://img.shields.io/badge/https://-cyclonedx.org-blue.svg)](https://cyclonedx.org/)
 [![Slack Invite](https://img.shields.io/badge/Slack-Join-blue?logo=slack&labelColor=393939)](https://cyclonedx.org/slack/invite)
 [![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://groups.io/g/CycloneDX)
-[![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/CycloneDX_Spec)
-[![ECMA TC54](https://img.shields.io/badge/ECMA-TC54-FC7C00?labelColor=404040)](https://tc54.org)
+[![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/CycloneDX_Spec)  
+[![Build Docs](https://github.com/CycloneDX/specification/actions/workflows/build_docs.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/build_docs.yml)
+[![CT Java](https://github.com/CycloneDX/specification/actions/workflows/test_java.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_java.yml)
+[![CT JavaScript](https://github.com/CycloneDX/specification/actions/workflows/test_js.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_js.yml)
+[![CT PHP](https://github.com/CycloneDX/specification/actions/workflows/test_php.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_php.yml)
+[![CT ProtoBuf](https://github.com/CycloneDX/specification/actions/workflows/test_proto.yml/badge.svg)](https://github.com/CycloneDX/specification/actions/workflows/test_proto.yml)    
 
+----
 
-# CycloneDX Bill of Materials Specification (ECMA-424)
 OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for 
 cyber risk reduction. CycloneDX is an [Ecma International](https://ecma-international.org/) standard published as 
 [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/). 
@@ -74,6 +77,7 @@ Alternatively, files that match the glob pattern below are also recognized:
 
 | Version           | Release Date    |
 |-------------------|-----------------|
+| CycloneDX 1.7     | 21 October 2025 |
 | CycloneDX 1.6     | 09 April 2024   |
 | CycloneDX 1.5     | 26 June 2023    |
 | CycloneDX 1.4     | 12 January 2022 |

docgen/json/gen.sh

@@ -2,6 +2,7 @@
 set -eu
 
 declare -a CDX_VERSIONS=(
+  '1.7'
   '1.6'
   '1.5'
   '1.4'

docgen/json/templates/cyclonedx/base.html

@@ -40,12 +40,14 @@
                     v${version} (JSON)
                 </a>
                 <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdown">
+                    <li><a class="dropdown-item" href="/docs/1.7/json/">v1.7 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/json/">v1.6 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/json/">v1.5 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/json/">v1.4 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.3/json/">v1.3 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.2/json/">v1.2 (JSON)</a></li>
                     <li><hr class="dropdown-divider"/></li>
+                    <li><a class="dropdown-item" href="/docs/1.7/xml/">v1.7 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/xml/">v1.6 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/xml/">v1.5 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/xml/">v1.4 (XML)</a></li>
@@ -54,6 +56,7 @@
                     <li><a class="dropdown-item" href="/docs/1.1/xml/">v1.1 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.0/xml/">v1.0 (XML)</a></li>
                     <li><hr class="dropdown-divider"/></li>
+                    <li><a class="dropdown-item" href="/docs/1.7/proto/">v1.7 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/proto/">v1.6 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/proto/">v1.5 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/proto/">v1.4 (Protobuf)</a></li>

docgen/proto/gen.sh

@@ -2,6 +2,7 @@
 set -eu
 
 declare -a CDX_VERSIONS=(
+  '1.7'
   '1.6'
   '1.5'
   '1.4'

docgen/proto/templates/html.tmpl

@@ -271,12 +271,14 @@ https://github.com/pseudomuto/protoc-gen-doc/blob/master/resources/html.tmpl
                     v${version} (Protobuf)
                 </a>
                 <ul class="dropdown-menu" aria-labelledby="navbarScrollingDropdown">
+                    <li><a class="dropdown-item" href="/docs/1.7/json/">v1.7 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/json/">v1.6 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/json/">v1.5 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/json/">v1.4 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.3/json/">v1.3 (JSON)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.2/json/">v1.2 (JSON)</a></li>
                     <li><hr class="dropdown-divider"/></li>
+                    <li><a class="dropdown-item" href="/docs/1.7/xml/">v1.7 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/xml/">v1.6 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/xml/">v1.5 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/xml/">v1.4 (XML)</a></li>
@@ -285,6 +287,7 @@ https://github.com/pseudomuto/protoc-gen-doc/blob/master/resources/html.tmpl
                     <li><a class="dropdown-item" href="/docs/1.1/xml/">v1.1 (XML)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.0/xml/">v1.0 (XML)</a></li>
                     <li><hr class="dropdown-divider"/></li>
+                    <li><a class="dropdown-item" href="/docs/1.7/proto/">v1.7 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.6/proto/">v1.6 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.5/proto/">v1.5 (Protobuf)</a></li>
                     <li><a class="dropdown-item" href="/docs/1.4/proto/">v1.4 (Protobuf)</a></li>

docgen/xml/gen.sh

@@ -2,6 +2,7 @@
 set -eu
 
 declare -a CDX_VERSIONS=(
+  '1.7'
   '1.6'
   '1.5'
   '1.4'

docgen/xml/xs3p.xsl

@@ -340,12 +340,14 @@
                         <li class="dropdown">
                            <a href="#" class="dropdown-toggle version-selector" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">v<xsl:value-of select="$cycloneDxVersion"/> (XML)<span class="caret"></span></a>
                            <ul class="dropdown-menu">
+                              <li><a class="dropdown-item" href="/docs/1.7/json/">v1.7 (JSON)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.6/json/">v1.6 (JSON)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.5/json/">v1.5 (JSON)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.4/json/">v1.4 (JSON)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.3/json/">v1.3 (JSON)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.2/json/">v1.2 (JSON)</a></li>
                               <li style="padding:0"><hr class="dropdown-divider"/></li>
+                              <li><a class="dropdown-item" href="/docs/1.7/xml/">v1.7 (XML)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.6/xml/">v1.6 (XML)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.5/xml/">v1.5 (XML)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.4/xml/">v1.4 (XML)</a></li>
@@ -354,6 +356,7 @@
                               <li><a class="dropdown-item" href="/docs/1.1/xml/">v1.1 (XML)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.0/xml/">v1.0 (XML)</a></li>
                               <li style="padding:0"><hr class="dropdown-divider"/></li>
+                              <li><a class="dropdown-item" href="/docs/1.7/proto/">v1.7 (Protobuf)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.6/proto/">v1.6 (Protobuf)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.5/proto/">v1.5 (Protobuf)</a></li>
                               <li><a class="dropdown-item" href="/docs/1.4/proto/">v1.4 (Protobuf)</a></li>

schema/bom-1.4.proto

@@ -662,7 +662,7 @@ message VulnerabilityAffectedVersions {
   oneof choice {
     // A single version of a component or service.
     string version = 1;
-    // A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst
+    // A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec
     string range = 2;
   }
   // The vulnerability status for the version or range of versions.

schema/bom-1.4.schema.json

@@ -1640,7 +1640,7 @@
                       "$ref": "#/definitions/version"
                     },
                     "range": {
-                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst",
+                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
                       "$ref": "#/definitions/range"
                     },
                     "status": {
@@ -1683,7 +1683,7 @@
       "maxLength": 1024
     },
     "range": {
-      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst",
+      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec",
       "type": "string",
       "minLength": 1,
       "maxLength": 1024