scanoss · matiasdaloia · Jul 10, 2025 · Jul 10, 2025 · Jul 10, 2025 · Jul 10, 2025
diff --git a/.github/workflows/container-local-test.yml b/.github/workflows/container-local-test.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Dependencies
         run: |

diff --git a/.github/workflows/container-publish-ghcr.yml b/.github/workflows/container-publish-ghcr.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Dependencies
         run: |

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -17,7 +17,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: "3.8"
+          python-version: "3.9"
 
       - name: Install Dependencies
         run: |

diff --git a/.github/workflows/python-local-test.yml b/.github/workflows/python-local-test.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10.x"
+          python-version: "3.9.x"
 
       - name: Install Dependencies
         run: |

diff --git a/.github/workflows/python-publish-pypi.yml b/.github/workflows/python-publish-pypi.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install dependencies
         run: |
@@ -70,7 +70,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Remote Package
         uses: nick-fields/retry@v3

diff --git a/.github/workflows/python-publish-testpypi.yml b/.github/workflows/python-publish-testpypi.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Dependencies
         run: |
@@ -65,7 +65,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Remote Package
         run: |

diff --git a/.github/workflows/version-tag.yml b/.github/workflows/version-tag.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
       - name: Determine Tag
         id: taggerVersion
         run: |

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.29.0] - 2025-07-10
+### Added
+- Add `licenses` sub-command to `component` command
+- Add support for ingesting CDX to all decoration commands
+- Add CDX input validation
+
 ## [1.28.1] - 2025-07-10
 ### Added
 - Fix purls parsing on `crypto` subcommand
@@ -593,3 +599,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.27.1]: https://github.com/scanoss/scanoss.py/compare/v1.27.0...v1.27.1
 [1.28.0]: https://github.com/scanoss/scanoss.py/compare/v1.27.1...v1.28.0
 [1.28.1]: https://github.com/scanoss/scanoss.py/compare/v1.28.0...v1.28.1
+[1.29.0]: https://github.com/scanoss/scanoss.py/compare/v1.28.1...v1.29.0
diff --git a/requirements.txt b/requirements.txt
@@ -2,8 +2,9 @@ requests
 crc32c>=2.2
 binaryornot
 progress
-grpcio>1.42.0
+grpcio>=1.70.0
 protobuf>3.19.1
+protoc-gen-openapiv2
 pypac
 urllib3
 pyOpenSSL
@@ -12,4 +13,5 @@ importlib_resources
 packageurl-python
 pathspec
 jsonschema
-crc
+crc
+cyclonedx-python-lib[validation]
diff --git a/setup.cfg b/setup.cfg
@@ -29,8 +29,9 @@ install_requires =
     crc32c>=2.2
     binaryornot
     progress
-    grpcio>1.42.0
+    grpcio>=1.70.0
     protobuf>3.19.1
+    protoc-gen-openapiv2
     pypac
     pyOpenSSL
     google-api-core
@@ -39,6 +40,7 @@ install_requires =
     pathspec
     jsonschema
     crc
+    cyclonedx-python-lib[validation]
 
 
 [options.extras_require]

diff --git a/src/protoc_gen_swagger/options/annotations_pb2.py b/src/protoc_gen_swagger/options/annotations_pb2.py
diff --git a/src/protoc_gen_swagger/options/annotations_pb2.pyi b/src/protoc_gen_swagger/options/annotations_pb2.pyi
@@ -0,0 +1,48 @@
+"""
+@generated by mypy-protobuf.  Do not edit manually!
+isort:skip_file
+"""
+
+import builtins
+import google.protobuf.descriptor
+import google.protobuf.descriptor_pb2
+import google.protobuf.internal.extension_dict
+import protoc_gen_swagger.options.openapiv2_pb2
+
+DESCRIPTOR: google.protobuf.descriptor.FileDescriptor
+
+OPENAPIV2_SWAGGER_FIELD_NUMBER: builtins.int
+OPENAPIV2_OPERATION_FIELD_NUMBER: builtins.int
+OPENAPIV2_SCHEMA_FIELD_NUMBER: builtins.int
+OPENAPIV2_TAG_FIELD_NUMBER: builtins.int
+OPENAPIV2_FIELD_FIELD_NUMBER: builtins.int
+openapiv2_swagger: google.protobuf.internal.extension_dict._ExtensionFieldDescriptor[google.protobuf.descriptor_pb2.FileOptions, protoc_gen_swagger.options.openapiv2_pb2.Swagger]
+"""ID assigned by [email protected] for grpc-gateway project.
+
+All IDs are the same, as assigned. It is okay that they are the same, as they extend
+different descriptor messages.
+"""
+openapiv2_operation: google.protobuf.internal.extension_dict._ExtensionFieldDescriptor[google.protobuf.descriptor_pb2.MethodOptions, protoc_gen_swagger.options.openapiv2_pb2.Operation]
+"""ID assigned by [email protected] for grpc-gateway project.
+
+All IDs are the same, as assigned. It is okay that they are the same, as they extend
+different descriptor messages.
+"""
+openapiv2_schema: google.protobuf.internal.extension_dict._ExtensionFieldDescriptor[google.protobuf.descriptor_pb2.MessageOptions, protoc_gen_swagger.options.openapiv2_pb2.Schema]
+"""ID assigned by [email protected] for grpc-gateway project.
+
+All IDs are the same, as assigned. It is okay that they are the same, as they extend
+different descriptor messages.
+"""
+openapiv2_tag: google.protobuf.internal.extension_dict._ExtensionFieldDescriptor[google.protobuf.descriptor_pb2.ServiceOptions, protoc_gen_swagger.options.openapiv2_pb2.Tag]
+"""ID assigned by [email protected] for grpc-gateway project.
+
+All IDs are the same, as assigned. It is okay that they are the same, as they extend
+different descriptor messages.
+"""
+openapiv2_field: google.protobuf.internal.extension_dict._ExtensionFieldDescriptor[google.protobuf.descriptor_pb2.FieldOptions, protoc_gen_swagger.options.openapiv2_pb2.JSONSchema]
+"""ID assigned by [email protected] for grpc-gateway project.
+
+All IDs are the same, as assigned. It is okay that they are the same, as they extend
+different descriptor messages.
+"""
diff --git a/src/protoc_gen_swagger/options/annotations_pb2_grpc.py b/src/protoc_gen_swagger/options/annotations_pb2_grpc.py
@@ -1,4 +1,24 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 """Client and server classes corresponding to protobuf-defined services."""
 import grpc
+import warnings
 
+
+GRPC_GENERATED_VERSION = '1.73.1'
+GRPC_VERSION = grpc.__version__
+_version_not_supported = False
+
+try:
+    from grpc._utilities import first_version_is_lower
+    _version_not_supported = first_version_is_lower(GRPC_VERSION, GRPC_GENERATED_VERSION)
+except ImportError:
+    _version_not_supported = True
+
+if _version_not_supported:
+    raise RuntimeError(
+        f'The grpc package installed is at version {GRPC_VERSION},'
+        + f' but the generated code in protoc_gen_swagger/options/annotations_pb2_grpc.py depends on'
+        + f' grpcio>={GRPC_GENERATED_VERSION}.'
+        + f' Please upgrade your grpc module to grpcio>={GRPC_GENERATED_VERSION}'
+        + f' or downgrade your generated code using grpcio-tools<={GRPC_VERSION}.'
+    )