🎨 modernize for 2025

pboling · pboling · commit 378f62ed84e7 · 2025-10-30T00:59:24.000-06:00
### Added

- `CHANGELOG.md` file to document notable changes in keep-a-changelog format
- `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods
- `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change)
- `Cyclonedx::BomComponent` class, replacing `BomComponent`
- `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`)
- `Cyclonedx::Ruby::Deprecation` module to help manage deprecations

### Changed

- Updated gemspec metadata for clarity and consistency
- Modernized Rakefile, dotfiles, and test setup
- `LICENSE` =&gt; `LICENSE.txt` to simplify parsing consistency on various platforms and tools
- `cucumber` v8 =&gt; v10
- `aruba` v2.1 =&gt; v2.2

### Deprecated

- `BomComponent` =&gt; `Cyclonedx::BomComponent`
- `Bombuilder` =&gt; `Cyclonedx::BomBuilder` (note the capitalization change)
- `Object.purl` =&gt; `Cyclonedx::BomHelpers.purl`
- `Object.random_urn_uuid` =&gt; `Cyclonedx::BomHelpers.random_urn_uuid`
- `Object.build_bom` =&gt; `Cyclonedx::BomHelpers.build_bom`
- `Object.build_json_bom` =&gt; `Cyclonedx::BomHelpers.build_json_bom`
- `Object.build_bom_xml` =&gt; `Cyclonedx::BomHelpers.build_bom_xml`
- `Object.get_gem` =&gt; `Cyclonedx::BomHelpers.get_gem`

### Fixed

- `Nokogiri::XML::Builder` context relies on `method_missing`
  - Globally defined `Object#purl` conflicted with `&lt;purl&gt;`.
  - Moved to `Cyclonedx::BomHelpers.purl` to avoid conflict in v2.0.0 (along with all other global methods)
  - Fixed existing usage via the built-in Nokogiri workaround of adding an underscore `purl_`
  - The XML tag is unchanged as `&lt;purl&gt;`

Signed-off-by: Peter H. Boling &lt;peter.boling@gmail.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -50,6 +50,12 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Fixed
 
+- `Nokogiri::XML::Builder` context relies on `method_missing`
+  - Globally defined `Object#purl` conflicted with `<purl>`.
+  - Moved to `Cyclonedx::BomHelpers.purl` to avoid conflict in v2.0.0 (along with all other global methods)
+  - Fixed existing usage via the built-in Nokogiri workaround of adding an underscore `purl_`
+  - The XML tag is unchanged as `<purl>`
+
 ### Security
 
 ## [1.1.0] - 2019-07-13
diff --git a/cyclonedx-ruby.gemspec b/cyclonedx-ruby.gemspec
@@ -25,9 +25,11 @@ Gem::Specification.new do |spec|
 
   # Specify which files are part of the released package.
   spec.files = Dir[
+    #
     # Executables and tasks
     "exe/*",
     "lib/**/*.rb",
+    "lib/licenses.json",
     # Signatures
     "sig/**/*.rbs",
   ]
diff --git a/exe/cyclonedx-ruby b/exe/cyclonedx-ruby
@@ -1,5 +1,10 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'bom_builder'
-Bombuilder.build(ARGV[0])
+if ENV.fetch("MIMIC_NEXT_MAJOR_VERSION", "false").casecmp?("true")
+  require 'cyclonedx/ruby'
+  Cyclonedx::BomBuilder.build(ARGV[0])
+else
+  require 'bom_builder'
+  Bombuilder.build(ARGV[0])
+end
diff --git a/lib/cyclonedx/bom_builder.rb b/lib/cyclonedx/bom_builder.rb
@@ -1,8 +1,9 @@
-
 module Cyclonedx
   class BomBuilder
     SUPPORTED_BOM_FORMATS = %w[xml json]
 
+    extend Cyclonedx::BomHelpers
+
     def self.build(path)
       original_working_directory = Dir.pwd
       setup(path)
@@ -71,7 +72,9 @@ def self.setup(path)
                       end
 
       @gems = []
-      licenses_file = File.read "#{__dir__}/licenses.json"
+      # Adjusted to point to lib/licenses.json relative to this file's directory (lib/cyclonedx)
+      licenses_path = File.expand_path('../licenses.json', __dir__)
+      licenses_file = File.read(licenses_path)
       @licenses_list = JSON.parse(licenses_file)
 
       if @options[:path].nil?
diff --git a/lib/cyclonedx/bom_helpers.rb b/lib/cyclonedx/bom_helpers.rb
@@ -26,7 +26,7 @@
 
 module Cyclonedx
   module BomHelpers
-    extend self
+    module_function
 
     def purl(name, version)
       "pkg:gem/#{name}@#{version}"
@@ -86,7 +86,11 @@ def build_bom_xml(gems)
                     end
                   end
                 end
-                xml.purl gem['purl']
+                # The globally scoped legacy `Object#purl` method breaks the Nokogiri builder context
+                # Fortunately Nokogiri has a built-in workaround, adding an underscore to the method name.
+                # The resulting XML tag is still `<purl>`.
+                # Globally scoped legacy `Object#purl` will be removed in v2.0.0, and this hack can be removed then.
+                xml.purl_ gem['purl']
               end
             end
           end
diff --git a/lib/cyclonedx/ruby.rb b/lib/cyclonedx/ruby.rb
@@ -14,9 +14,9 @@
 
 # This gem
 require_relative "ruby/version"
-require_relative "bom_builder"
-require_relative "bom_component"
 require_relative "bom_helpers"
+require_relative "bom_builder" # depends on bom_helpers
+require_relative "bom_component"
 
 module Cyclonedx
   module Ruby
diff --git a/lib/cyclonedx_deprecated.rb b/lib/cyclonedx_deprecated.rb
@@ -15,3 +15,6 @@
 deprecated_alias :instance, :build_json_bom, :build_json_bom, Cyclonedx::BomHelpers
 deprecated_alias :instance, :build_bom_xml, :build_bom_xml, Cyclonedx::BomHelpers
 deprecated_alias :instance, :get_gem, :get_gem, Cyclonedx::BomHelpers
+
+# Sanity
+raise "Deprecated methods broken" unless purl('activesupport', '7.0.1') == "pkg:gem/activesupport@7.0.1"
