Upgrade SBOM tooling for Python 3.13+ support (#306)

* Upgrade SBOM tooling for Python 3.13+ support

- cyclonedx-bom 3.11.7 → 7.2.2 (3.x doesn't support Python 3.13)
- cyclonedx-cli v0.24.2 → v0.30.0 (CycloneDX v1.7 / SPDX 2.3)
- Update CLI invocation: `cyclonedx-py --e --format json` → `cyclonedx-py environment`
  (the `--e` flag became the `environment` subcommand; JSON is the default output format)

* Bump GitHub Actions to current versions

- actions/checkout v2 → v4
- actions/setup-python v2 → v5

Author: jeffreyparker

.github/actions/sbom-convert/action.yml

@@ -4,7 +4,7 @@ runs:
   steps:
     - name: Install CycloneDX
       run: |
-        wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
+        wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.30.0/cyclonedx-linux-x64
         chmod a+x cyclonedx-linux-x64
       shell: bash
     - name: Convert SBOM

.github/workflows/publish.yml

@@ -13,9 +13,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
     - name: Install dependencies
@@ -24,8 +24,8 @@ jobs:
         pip install setuptools wheel twine
     - name: Generate SBOM
       run: |
-        pip install cyclonedx-bom==3.11.7
-        cyclonedx-py --e --format json -o cyclonedx-sbom.json
+        pip install cyclonedx-bom==7.2.2
+        cyclonedx-py environment -o cyclonedx-sbom.json
     - name: Convert SBOM
       uses: duosecurity/duo_client_python/.github/actions/sbom-convert@master
     - name: Build and publish