Merge branch 'master' into spdx-schema_pull-latest

Author: jkowalleck

.github/workflows/build_docs.yml

@@ -33,7 +33,7 @@ jobs:
       run: ./gen.sh
     - name: Archive Schema documentation
       # https://github.com/actions/upload-artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: XML-Schema-documentation
         path: docgen/xml/docs
@@ -57,7 +57,7 @@ jobs:
       run: ./gen.sh
     - name: Archive Schema documentation
       # https://github.com/actions/upload-artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: JSON-Schema-documentation
         path: docgen/json/docs
@@ -75,7 +75,7 @@ jobs:
       run: ./gen.sh
     - name: Archive Schema documentation
       # https://github.com/actions/upload-artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: PROTO-Schema-documentation
         path: docgen/proto/docs

.github/workflows/bundle_2.0_schemas.yml

@@ -0,0 +1,58 @@
+name: Bundle CycloneDX 2.0 JSON Schemas
+
+on:
+  push:
+    branches:
+      - 2.0-dev
+      - 2.0-dev-threatmodeling
+    paths:
+      - 'schema/2.0/**/*.schema.json'
+      - 'tools/src/main/js/bundle-schemas.js'
+  workflow_dispatch:  # Allows manual trigger
+
+jobs:
+  bundle-schemas:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write  # Required to push changes
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        working-directory: tools/src/main/js
+        run: npm install
+
+      - name: Bundle schemas
+        working-directory: tools/src/main/js
+        run: |
+          node bundle-schemas.js \
+            ../../../../schema/2.0/model \
+            ../../../../schema/2.0/cyclonedx-2.0.schema.json
+
+      - name: Check for changes and commit
+        run: |
+          BUNDLED_FILE="schema/2.0/cyclonedx-2.0-bundled.schema.json"
+          
+          # Add the file (works for both new and modified files)
+          git add "$BUNDLED_FILE"
+          
+          # Check if there are staged changes
+          if git diff --staged --quiet; then
+            echo "No changes to bundled schema"
+          else
+            echo "Committing bundled schema changes"
+            git config --local user.email "github-actions[bot]@users.noreply.github.com"
+            git config --local user.name "github-actions[bot]"
+            git commit -m "chore: update bundled schema [skip ci]"
+            git push
+          fi

.github/workflows/test_js.yml

@@ -31,9 +31,9 @@ jobs:
         # see https://github.com/actions/setup-node
         uses: actions/setup-node@v6
         with:
-          node-version: '20.x'
+          node-version: '24.x'
           package-manager-cache: false
-      - name: Install Depenencies
+      - name: Install Dependencies
         run: npm install
       - name: Run test 
         run: npm test

.github/workflows/test_php.yml

@@ -31,7 +31,7 @@ jobs:
         # see https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: "8.1"
+          php-version: "8.4"
           tools: composer:v2
       - name: Install Depenencies
         run: composer install

schema/bom-1.7.schema.json

@@ -1079,7 +1079,7 @@
             "ancestors": {
               "type": "array",
               "title": "Ancestors",
-              "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.",
+              "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains an ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.",
               "items": {"$ref": "#/definitions/component"}
             },
             "descendants": {

tools/src/test/proto/test.sh

@@ -10,7 +10,7 @@ TEST_RES_DIR='tools/src/test/resources'
 
 REMOTE="https://github.com/${GITHUB_REPOSITORY:-CycloneDX/specification}.git"
 
-BUF_IMAGE_VERSION='1.50.0'
+BUF_IMAGE_VERSION='1.58.0'
 BUF_IMAGE="bufbuild/buf:${BUF_IMAGE_VERSION}"
 
 LOG_FORMAT='text'  # set to 'json' to see details