✨ Core v1.7 Enablement

- Add spec version selection end-to-end with a new --spec-version flag (default 1.7).
- Update JSON and XML outputs to honor the selected spec version.
- Update fixtures, help text, tests, and docs.

Files:
- lib/bom_helpers.rb:
  - Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace helper.
build_bom now accepts spec_version and routes to:
    - build_json_bom(gems, spec_version) sets specVersion to the provided version.
    - build_bom_xml(gems, spec_version) sets xmlns to http://cyclonedx.org/schema/bom/<version>.</version>
- lib/bom_builder.rb:
  - Added --spec-version with validation; default is 1.7.
  - Pass @spec_version into build_bom(@Gems, @bom_output_format, @spec_version).

Signed-off-by: Peter H. Boling <[email protected]>

Author: pboling

lib/cyclonedx/bom_builder.rb

@@ -142,17 +142,15 @@ def self.setup(path)
       end
 
       # Normalize to an absolute project path to avoid relative path issues later
-      @project_path = File.expand_path(@options[:path]) if @options[:path]
+      @project_path = File.expand_path(@options[:path])
       @provided_path = @options[:path]
 
-      if @project_path
-        begin
-          @logger.info("Changing directory to Ruby project directory located at #{@provided_path}")
-          Dir.chdir @project_path
-        rescue StandardError => e
-          @logger.error("Unable to change directory to Ruby project directory located at #{@provided_path}. #{e.message}: #{Array(e.backtrace).join("\n")}")
-          abort
-        end
+      begin
+        @logger.info("Changing directory to Ruby project directory located at #{@provided_path}")
+        Dir.chdir @project_path
+      rescue StandardError => e
+        @logger.error("Unable to change directory to Ruby project directory located at #{@provided_path}. #{e.message}: #{Array(e.backtrace).join("\n")}")
+        abort
       end
 
       if @options[:bom_output_format].nil?
@@ -173,6 +171,15 @@ def self.setup(path)
         abort
       end
 
+      # Spec version selection
+      requested_spec = @options[:spec_version] || '1.7'
+      if SUPPORTED_SPEC_VERSIONS.include?(requested_spec)
+        @spec_version = requested_spec
+      else
+        @logger.error("Unrecognized CycloneDX spec version '#{requested_spec}'. Please choose one of #{SUPPORTED_SPEC_VERSIONS}")
+        abort
+      end
+
       @bom_file_path = if @options[:bom_file_path].nil?
                          "./bom.#{@bom_output_format}"
                        else
@@ -184,9 +191,9 @@ def self.setup(path)
       if @project_path
         begin
           # Use absolute path so it's correct regardless of current working directory
-          gemfile_path = File.join(@project_path, 'Gemfile.lock')
-          # Compute display path for logs: './Gemfile.lock' when provided path is '.', else '<provided>/Gemfile.lock'
-          display_gemfile_path = (@provided_path == '.' ? './Gemfile.lock' : File.join(@provided_path, 'Gemfile.lock'))
+        gemfile_path = File.join(@project_path, 'Gemfile.lock')
+        # Compute display path for logs: './Gemfile.lock' when provided path is '.', else '<provided>/Gemfile.lock'
+        display_gemfile_path = (@provided_path == '.' ? './Gemfile.lock' : File.join(@provided_path, 'Gemfile.lock'))
           @logger.info("Parsing specs from #{display_gemfile_path}...")
           gemfile_contents = File.read(gemfile_path)
           @specs = Bundler::LockfileParser.new(gemfile_contents).specs