chore: update minimum python version to 3.9

.github/workflows/container-local-test.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: '3.9.x'
 
       - name: Install Dependencies
         run: |

.github/workflows/container-publish-ghcr.yml

@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
 
 env:
   REGISTRY: ghcr.io
@@ -30,7 +30,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
 
       - name: Install Dependencies
         run: |
@@ -159,3 +159,4 @@ jobs:
 #        env:
 #          TAGS: ${{ steps.meta.outputs.tags }}
 #          COSIGN_EXPERIMENTAL: true
+

.github/workflows/lint.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: "3.8"
+          python-version: "3.9"
 
       - name: Install Dependencies
         run: |

.github/workflows/python-local-test.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.10.x"
+          python-version: "3.9.x"
 
       - name: Install Dependencies
         run: |

.github/workflows/python-publish-pypi.yml

@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
 
 jobs:
   deploy:
@@ -16,7 +16,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
 
       - name: Install dependencies
         run: |
@@ -49,7 +49,7 @@ jobs:
       - name: Publish Package - ${{ github.ref_name }}
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-#          skip-existing: true
+          #          skip-existing: true
           user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}
 
@@ -62,15 +62,15 @@ jobs:
 
   test:
     if: success()
-    needs: [ deploy ]
+    needs: [deploy]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
 
       - name: Install Remote Package
         uses: nick-fields/retry@v3
@@ -113,3 +113,4 @@ jobs:
             echo "Error: Scan test did not produce any results. Failing"
             exit 1
           fi
+

.github/workflows/python-publish-testpypi.yml

@@ -1,7 +1,7 @@
 name: Publish Python Package - TestPyPI
 # This workflow will upload a TestPyPI Python Package using Twine on demand (dispatch)
 
-on: [ workflow_dispatch ]
+on: [workflow_dispatch]
 
 permissions:
   contents: read
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
 
       - name: Install Dependencies
         run: |
@@ -56,7 +56,7 @@ jobs:
 
   test:
     if: success()
-    needs: [ deploy ]
+    needs: [deploy]
     runs-on: ubuntu-latest
 
     steps:
@@ -65,7 +65,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
 
       - name: Install Remote Package
         run: |
@@ -101,3 +101,4 @@ jobs:
             echo "Error: Scan test did not produce any results. Failing"
             exit 1
           fi
+

.github/workflows/version-tag.yml

@@ -18,12 +18,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: '0'
+          fetch-depth: "0"
           token: ${{ secrets.SC_GH_TAG_TOKEN }}
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.10.x'
+          python-version: "3.9.x"
       - name: Determine Tag
         id: taggerVersion
         run: |

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.29.0] - 2025-07-15
+### Changed
+- Updated minimum Python version to 3.9
+
 ## [1.28.3] - 2025-07-14
 ### Fixed
 - Fixed scanoss.json ingestion
@@ -604,3 +608,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.28.0]: https://github.com/scanoss/scanoss.py/compare/v1.27.1...v1.28.0
 [1.28.1]: https://github.com/scanoss/scanoss.py/compare/v1.28.0...v1.28.1
 [1.28.2]: https://github.com/scanoss/scanoss.py/compare/v1.28.1...v1.28.2
+[1.29.0]: https://github.com/scanoss/scanoss.py/compare/v1.28.2...v1.29.0
+

PACKAGE.md

@@ -138,7 +138,7 @@ if __name__ == "__main__":
 ```
 
 ## Requirements
-Python 3.7 or higher.
+Python 3.9 or higher.
 
 ## Source code
 The source for this package can be found [here](https://github.com/scanoss/scanoss.py).

README.md

@@ -24,7 +24,7 @@ To leverage the CLI from within a container, please look at [GHCR.md](GHCR.md).
 Before starting with development of this project, please read our [CONTRIBUTING](CONTRIBUTING.md) and [CODE OF CONDUCT](CODE_OF_CONDUCT.md).
 
 ### Requirements
-Python 3.7 or higher.
+Python 3.9 or higher.
 
 The dependencies can be found in the [requirements.txt](requirements.txt) and [requirements-dev.txt](requirements-dev.txt) files.
 

docs/source/index.rst

@@ -35,7 +35,7 @@ To install (from `pypi.org <https://pypi.org/project/scanoss/>`_), run: ``pip3 i
 Requirements
 ------------
 
-Python 3.7 or higher.
+Python 3.9 or higher.
 
 The dependencies can be found in the `requirements.txt <https://github.com/scanoss/scanoss.py/blob/main/requirements.txt>`_ and `requirements-dev.txt <https://github.com/scanoss/scanoss.py/blob/main/requirements-dev.txt>`_ files.
 

pyproject.toml

@@ -6,8 +6,8 @@ build-backend = "setuptools.build_meta"
 # Enable pycodestyle (E), pyflakes (F), isort (I), pylint (PL)
 select = ["E", "F", "I", "PL"]
 line-length = 120
-# Assume Python 3.7+
-target-version = "py37"
+# Assume Python 3.9+
+target-version = "py39"
 exclude = [
     "tests/*",
     "test_*.py",

setup.cfg

@@ -23,7 +23,7 @@ packages = find_namespace:
 package_dir =
     = src
 include_package_data = True
-python_requires = >=3.7
+python_requires = >=3.9
 install_requires =
     requests
     crc32c>=2.2

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.28.3'
+__version__ = '1.29.0'

src/scanoss/cyclonedx.py

@@ -48,10 +48,10 @@ def __init__(self, debug: bool = False, output_file: str = None):
         self.debug = debug
         self._spdx = SpdxLite(debug=debug)
 
-    def parse(self, data: json):  # noqa: PLR0912, PLR0915
+    def parse(self, data: dict):  # noqa: PLR0912, PLR0915
         """
         Parse the given input (raw/plain) JSON string and return CycloneDX summary
-        :param data: json - JSON object
+        :param data: dict - JSON object
         :return: CycloneDX dictionary, and vulnerability dictionary
         """
         if not data:
@@ -170,12 +170,12 @@ def produce_from_file(self, json_file: str, output_file: str = None) -> bool:
             success = self.produce_from_str(f.read(), output_file)
         return success
 
-    def produce_from_json(self, data: json, output_file: str = None) -> tuple[bool, json]:  # noqa: PLR0912
+    def produce_from_json(self, data: dict, output_file: str = None) -> tuple[bool, dict]:  # noqa: PLR0912
         """
         Produce the CycloneDX output from the raw scan results input data
 
         Args:
-            data (json): JSON object
+            data (dict): JSON object
             output_file (str, optional): Output file (optional). Defaults to None.
 
         Returns: