CycloneDX · jkowalleck · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025
@@ -44,6 +44,30 @@ env:
 permissions: {}
 
 jobs:
+  pyupgrade:
+    name: find Upgradable CodingFeatures
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e pyupgrade -s false
+
   coding-standards:
     name: Linting & Coding Standards
     runs-on: ubuntu-latest

@@ -17,13 +17,16 @@ poetry install
 
 ## Code style
 
+THis project loves latest python features.
 This project uses [PEP8] Style Guide for Python Code.  
-This project loves sorted imports.  
+This project loves sorted imports.
+
 Get it all applied via:
 
 ```shell
-poetry run isort .
-poetry run autopep8 -ir cyclonedx_py/ tests/
+poetry run -- tox r -e pyupgrade -- --exit-zero-even-if-changed
+poetry run -- tox r -e isort
+poetry run -- tox r -e autopep8
 ```
 
 This project prefers `f'strings'` over `'string'.format()`.  

@@ -186,10 +186,10 @@ def _shorten_purls(self, bom: 'Bom') -> bool:
             if component.purl is not None:
                 purl = component.purl
                 component.purl = type(purl)(
-                    type=purl.type,  # type:ignore[arg-type]
-                    namespace=purl.namespace,  # type:ignore[arg-type]
-                    name=purl.name,  # type:ignore[arg-type]
-                    version=purl.version  # type:ignore[arg-type]
+                    type=purl.type,
+                    namespace=purl.namespace,
+                    name=purl.name,
+                    version=purl.version
                     # omit qualifiers
                     # omit subdirectory
                 )

@@ -124,7 +124,7 @@ def __call__(self, *,  # type:ignore[override]
 
         lock_file = join(project_directory, 'Pipfile.lock')
         try:
-            lock = open(lock_file, 'rt', encoding='utf8', errors='replace')
+            lock = open(lock_file, encoding='utf8', errors='replace')
         except OSError as err:
             raise ValueError(f'Could not open lock file: {lock_file}') from err
         with lock:

@@ -171,11 +171,11 @@ def __call__(self, *,  # type:ignore[override]
         pyproject_file = join(project_directory, 'pyproject.toml')
         lock_file = join(project_directory, 'poetry.lock')
         try:
-            pyproject = open(pyproject_file, 'rt', encoding='utf8', errors='replace')
+            pyproject = open(pyproject_file, encoding='utf8', errors='replace')
         except OSError as err:
             raise ValueError(f'Could not open pyproject file: {pyproject_file}') from err
         try:
-            lock = open(lock_file, 'rt', encoding='utf8', errors='replace')
+            lock = open(lock_file, encoding='utf8', errors='replace')
         except OSError as err:
             pyproject.close()
             raise ValueError(f'Could not open lock file: {lock_file}') from err

@@ -43,7 +43,7 @@ def pyproject2component(data: dict[str, Any], *,
 
 def pyproject_load(pyproject_file: str) -> dict[str, Any]:
     try:
-        pyproject_fh = open(pyproject_file, 'rt', encoding='utf8', errors='replace')
+        pyproject_fh = open(pyproject_file, encoding='utf8', errors='replace')
     except OSError as err:
         raise ValueError(f'Could not open pyproject file: {pyproject_file}') from err
     with pyproject_fh:

@@ -94,6 +94,7 @@ mypy = "1.16.0"
 bandit = "1.8.3"
 tomli = { version = "^2.0.1", python = "<3.11" }
 tox = "4.26.0"
+pyupgrade = "3.20.0"
 
 # min version required to be able to install some dependencies
 # see https://github.com/MichaelKim0407/flake8-use-fstring/issues/33

@@ -20,7 +20,7 @@
 from os import getenv, path
 from pathlib import Path
 from re import sub as re_sub
-from typing import Any, Dict, Union
+from typing import Any, Union
 from unittest import TestCase
 from xml.sax.saxutils import escape as xml_escape, quoteattr as xml_quoteattr  # nosec:B406
 
@@ -62,12 +62,12 @@ def getSnapshotFile(snapshot_name: str) -> str:  # noqa: N802
 
     @classmethod
     def writeSnapshot(cls, snapshot_name: str, data: str) -> None:  # noqa: N802
-        with open(cls.getSnapshotFile(snapshot_name), 'wt', encoding='utf8', newline='\n') as sf:
+        with open(cls.getSnapshotFile(snapshot_name), 'w', encoding='utf8', newline='\n') as sf:
             sf.write(data)
 
     @classmethod
     def readSnapshot(cls, snapshot_name: str) -> str:  # noqa: N802
-        with open(cls.getSnapshotFile(snapshot_name), 'rt', encoding='utf8', newline='\n') as sf:
+        with open(cls.getSnapshotFile(snapshot_name), encoding='utf8', newline='\n') as sf:
             return sf.read()
 
     def assertEqualSnapshot(self: Union[TestCase, 'SnapshotMixin'],  # noqa: N802
@@ -227,7 +227,7 @@ def make_comparable(bom: str, of: OutputFormat) -> str:
 # endregion reproducible test results
 
 
-def load_pyproject() -> Dict[str, Any]:
+def load_pyproject() -> dict[str, Any]:
     if sys.version_info >= (3, 11):
         from tomllib import load as toml_load
     else:

@@ -46,3 +46,15 @@ commands =
 skip_install = True
 commands =
     poetry run bandit -c bandit.yml -v -r cyclonedx_py tests
+
+[testenv:pyupgrade]
+allowlist_externals = poetry, sh
+commands = sh -c "\
+           find cyclonedx_py tests -not -path '*/.venv/*' -type f -name '*.py' -print0 \
+           | xargs -0 poetry run pyupgrade --py39-plus {posargs} "
+
+[testenv:isort]
+commands = poetry run isort .
+
+[testenv:autopep8]
+commands = poetry run autopep8 --in-place -r cyclonedx typings tests tools examples