cyclonedx-py fails with poetry v1.3 due to new v2 lock format

[tewfik-ghariani]

Starting poetry v1.3, the lock file format has changed essentially in the part of specifying the files/hashes per package instead of a dedicated metadata.files

lock v1

lock v2

Refs: python-poetry/poetry#6393

As a result, the cyclonedx-py tool is no longer able to generate the bom file because it cannot parse the new format

$ cyclonedx-py --poetry -o target/bom.xml
Traceback (most recent call last):
  File "/usr/local/bin/cyclonedx-py", line 8, in <module>
    sys.exit(main())
  File "/usr/local/libexec/cyclonedx-bom/lib/python3.9/site-packages/cyclonedx_py/client.py", line 307, in main
    CycloneDxCmd(args).execute()
  File "/usr/local/libexec/cyclonedx-bom/lib/python3.9/site-packages/cyclonedx_py/client.py", line 147, in execute
    output = self.get_output()
  File "/usr/local/libexec/cyclonedx-bom/lib/python3.9/site-packages/cyclonedx_py/client.py", line 84, in get_output
    parser = self._get_input_parser()
  File "/usr/local/libexec/cyclonedx-bom/lib/python3.9/site-packages/cyclonedx_py/client.py", line [295](https://git.mam.dev/acdc/gocd/pipeline-templates/-/jobs/9232334#L295), in _get_input_parser
    return PoetryParser(poetry_lock_contents=input_data,
  File "/usr/local/libexec/cyclonedx-bom/lib/python3.9/site-packages/cyclonedx_py/parser/poetry.py", line 44, in __init__
    for file_metadata in poetry_lock['metadata']['files'][package['name']]:
KeyError: 'files'

[jkowalleck]

thanks for the report and the RP #468.
I will look into it ASAP.

[jkowalleck]

should be fixed via 3.10.0.

could you test and confirm, @tewfik-ghariani ?

[tewfik-ghariani]

@jkowalleck Works like a charm, thanks a lot! 🎉