Merge branch 'main' into fix-markdown-readme

Author: armintaenzertng

.github/workflows/check_codestyle.yml

@@ -20,13 +20,7 @@ jobs:
     strategy:
       matrix:
         os: [ ubuntu-latest, macos-latest, windows-latest ]
-        python-version: [ "3.7", "3.8", "3.9", "3.10", "3.11" ]
-        exclude: # see https://github.com/actions/runner-images/issues/9770#issuecomment-2085623315
-          - python-version: "3.7"
-            os: macos-latest
-        include:
-          - python-version: "3.7"
-            os: macos-13
+        python-version: [ "3.14" ]
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/docs.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.11'
+          python-version: '3.14'
       - name: Install dependencies
         run: |
           sudo apt-get install graphviz-dev
@@ -28,7 +28,7 @@ jobs:
       - name: Generate docs
         run: pdoc spdx_tools -o docs/
       - name: Upload docs as artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@v3
         with:
           path: docs/
 

.github/workflows/install_and_test.yml

@@ -17,13 +17,7 @@ jobs:
     strategy:
       matrix:
         os: [ ubuntu-latest, macos-latest, windows-latest ]
-        python-version: [ "3.7", "3.8", "3.9", "3.10", "3.11" ]
-        exclude: # see https://github.com/actions/runner-images/issues/9770#issuecomment-2085623315
-          - python-version: "3.7"
-            os: macos-latest
-        include:
-          - python-version: "3.7"
-            os: macos-13
+        python-version: [ "3.10", "3.11", "3.12", "3.13", "3.14" ]
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/integration_test.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Python 3.11
+      - name: Set up Python 3.14
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.14
       - name: Installation
         run: |
           python -m pip install --upgrade pip

.github/workflows/prepare_release.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.7'
+          python-version: '3.14'
       - name: Set up dependencies
         run: |
           python -m pip install --upgrade pip

README.md

@@ -20,7 +20,10 @@ The main features of v0.8 are:
   stable at this point, as the spec is still evolving. SPDX3-related code is contained in a separate subpackage "spdx3"
   and its use is optional. We do not recommend using it in production code yet.
 
-## Information
+Note that v0.8 only supports **writing**, not **reading** SPDX 3.0 documents.
+See [#760](https://github.com/spdx/tools-python/issues/760) for details.
+
+# Information
 
 This library implements SPDX parsers, convertors, validators and handlers in Python.
 

pyproject.toml

@@ -16,22 +16,21 @@ classifiers = [
     "Intended Audience :: Developers",
     "Intended Audience :: System Administrators",
     "License :: OSI Approved :: Apache Software License",
-    "Programming Language :: Python :: 3.7",
     "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
 ]
 urls = { Homepage = "https://github.com/spdx/tools-python" }
-requires-python = ">=3.7"
+requires-python = ">=3.8"
 dependencies = ["click", "pyyaml", "xmltodict", "rdflib", "beartype", "uritools", "license_expression", "ply", "semantic_version"]
 dynamic = ["version"]
 
 [project.optional-dependencies]
 test = ["pytest", "pyshacl", "tzdata"]
 code_style = ["isort", "black", "flake8"]
 graph_generation = ["pygraphviz", "networkx"]
-development = ["black", "flake8", "isort", "networkx", "pytest"]
+development = ["black", "flake8", "isort", "networkx", "pytest", "pyshacl"]
 
 [project.scripts]
 pyspdxtools = "spdx_tools.spdx.clitools.pyspdxtools:main"

src/spdx_tools/common/typing/dataclass_with_properties.py

@@ -4,7 +4,7 @@
 from dataclasses import dataclass
 
 from beartype import beartype
-from beartype.roar import BeartypeCallHintException
+from beartype.roar import BeartypeCallHintParamViolation
 
 
 def dataclass_with_properties(cls):
@@ -30,7 +30,7 @@ def set_field(self, value: field_type):
     def set_field_with_error_conversion(self, value: field_type):
         try:
             set_field(self, value)
-        except BeartypeCallHintException as err:
+        except BeartypeCallHintParamViolation as err:
             error_message: str = f"SetterError {self.__class__.__name__}: {err}"
 
             # As setters are created dynamically, their argument name is always "value". We replace it by the

src/spdx_tools/spdx/parser/json/json_parser.py

@@ -3,14 +3,33 @@
 # SPDX-License-Identifier: Apache-2.0
 import json
 
-from beartype.typing import Dict
+from beartype.typing import Any, Dict
 
 from spdx_tools.spdx.model import Document
 from spdx_tools.spdx.parser.jsonlikedict.json_like_dict_parser import JsonLikeDictParser
 
+# chars we don't want to see in SBOMs
+CONTROL_CHARS_MAP = {
+    8: None,  # ASCII/UTF-8: backspace
+    12: None,  # ASCII/UTF-8: formfeed
+}
+
+
+def remove_control_chars_from_value(value: Any) -> Any:
+    if isinstance(value, str):
+        return value.translate(CONTROL_CHARS_MAP)
+    elif isinstance(value, list):
+        for i in range(len(value)):
+            value[i] = remove_control_chars_from_value(value[i])
+    return value
+
+
+def remove_json_control_chars_hook(pairs: list) -> dict:
+    return {k: remove_control_chars_from_value(v) for k, v in pairs}
+
 
 def parse_from_file(file_name: str, encoding: str = "utf-8") -> Document:
     with open(file_name, encoding=encoding) as file:
-        input_doc_as_dict: Dict = json.load(file)
+        input_doc_as_dict: Dict = json.load(file, object_pairs_hook=remove_json_control_chars_hook)
 
     return JsonLikeDictParser().parse(input_doc_as_dict)

src/spdx_tools/spdx/parser/jsonlikedict/snippet_parser.py

@@ -127,7 +127,7 @@ def validate_pointer_and_get_type(pointer: Dict) -> RangeType:
 
     @staticmethod
     def convert_range_from_str(
-        _range: Tuple[Union[int, str], Union[int, str]]
+        _range: Tuple[Union[int, str], Union[int, str]],
     ) -> Tuple[Union[int, str], Union[int, str]]:
         # XML does not support integers, so we have to convert from string (if possible)
         if not _range: