From 83b54aa581f8bfe0e21733295e3f651f0dd9f21a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Aug 2024 15:46:32 +0200
Subject: [PATCH 1/8] chore(deps-dev): update mypy requirement from 1.11.0 to
1.11.1 (#655)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Updates the requirements on [mypy](https://github.com/python/mypy) to
permit the latest version.
Sourced from mypy's
changelog. We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type
checker for Python. This release includes new features, performance
improvements and bug fixes. You can install it as follows: You can read the full documentation for this release on Read the Docs. Mypy now supports the new type parameter syntax introduced in Python
3.12 (PEP 695).
This feature is still experimental and must be enabled with the
This example demonstrates the new syntax: reveal_type(f(1)) # Revealed type is 'int' class C[T]:
def init(self, x: T) -> None:
self.x = x c = C('a')
reveal_type(c.x) # Revealed type is 'str' type A[T] = C[list[T]]
Changelog
Mypy Release Notes
Next release
Mypy 1.11
python3 -m pip install -U mypy
Support Python 3.12 Syntax for Generics (PEP 695)
--enable-incomplete-feature=NewGenericSyntax
flag, or with
enable_incomplete_feature = NewGenericSyntax
in the mypy
configuration file.
We plan to enable this by default in the next mypy feature release.# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...
Generic class
Type alias
This feature was contributed by Jukka Lehtosalo.
functools.partial
Mypy now type checks uses of functools.partial
.
Previously mypy would accept arbitrary arguments.
This example will now produce an error:
from functools import partial
</tr></table>
... (truncated)
570b90a
Bump version to 1.11b3a102e
Fix RawExpressionType.accept
crash with
--cache-fine-grained
(#17588)aec04c7
Fix PEP 604 isinstance caching (#17563)cb44e4d
Fix typing.TypeAliasType
being undefined on python <
3.12 (#17558)6cf9180
Fix types.GenericAlias lookup crash (#17543)64c1ebf
Bump version to 1.11.1+devSourced from tox's releases.
4.17.1
What's Changed
- Restore limited
<major>.<minor>
environment name support by@gaborbernat
in tox-dev/tox#3319- fix(tox_env.python): do not process absolute paths to interpreter as PythonSpec by
@paveldikov
in tox-dev/tox#3311New Contributors
@paveldikov
made their first contribution in tox-dev/tox#3311Full Changelog: https://github.com/tox-dev/tox/compare/4.17.0...4.17.1
Sourced from tox's changelog.
v4.17.1 (2024-08-07)
Bugfixes - 4.17.1
- Support for running ``-e <major>.<minor>`` has been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`) - ``base_python`` now accepts absolute paths to interpreter executable - by :user:`paveldikov`. (:issue:`3191`)
v4.17.0 (2024-08-05)
Features - 4.17.0
- Add
graalpy
prefix as a supported base python (:issue:3312
)- Add :ref:
on_platform
core configuration holding the tox platform and do not install package when exec an environment
- by :user:
gaborbernat
. (:issue:3315
)Bugfixes - 4.17.0
- Add table with default environment variables per OS (:issue:`2753`)
v4.16.0 (2024-07-02)
Bugfixes - 4.16.0
- Add
windir
to the default list of Windowspass_env
environment variables. - by :user:kurtmckee
(:issue:3302
)Improved Documentation - 4.16.0
- - Fix typo in configuration example and fix broken link to code style guide. - by :user:`srenfo` (:issue:`3297`)
v4.15.1 (2024-06-05)
Features - 4.15.1
- Fix ``skip_missing_interpreters`` option for ``package = wheel`` (:issue:`3269`) Bugfixes - 4.15.1
- Fix section substitution with setenv. (:issue:
3262
)- Allow
ConfigSet.add_config
to receive parameterized generics forof_type
. (:issue:3288
)v4.15.0 (2024-04-26)
Features - 4.15.0
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---- Add support for multiple appending override options (-x, --override) on command line - by :user:`amitschang`. (:issue:`3261`) </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/352a3dd778fa9ecb1ddb339c37536a79fef1c121"><code>352a3dd</code></a> release 4.17.1</li> <li><a href="https://github.com/tox-dev/tox/commit/fafce99fcb3d9943a10b219c16de299a82e8d491"><code>fafce99</code></a> fix(tox_env.python): do not process absolute paths to interpreter as PythonSp...</li> <li><a href="https://github.com/tox-dev/tox/commit/fdc9eb0355f3f58ca700147dc15e4c6894595bdf"><code>fdc9eb0</code></a> Restore limited <major>.<minor> environment name support (<a href="https://redirect.github.com/tox-dev/tox/issues/3319">#3319</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/2f7c60ec71d47f4099394af11999a840bc97c9a9"><code>2f7c60e</code></a> release 4.17.0</li> <li><a href="https://github.com/tox-dev/tox/commit/5425133459e9c0194c536eac332c06178ac0700e"><code>5425133</code></a> Add on platform constat to core (<a href="https://redirect.github.com/tox-dev/tox/issues/3315">#3315</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/2cf190ae5acc83488a9daef45e51cf964190e66d"><code>2cf190a</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3306">#3306</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/17435df3c962576f72a2548a5c00ec133e9161f9"><code>17435df</code></a> Add GraalPy and test both GraalPy and Jython env identifiers (<a href="https://redirect.github.com/tox-dev/tox/issues/3312">#3312</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/e6b9803d77c352aaf38e9d69c6d99d5d773b0617"><code>e6b9803</code></a> Table with list of default env vars per OS (<a href="https://redirect.github.com/tox-dev/tox/issues/3291">#3291</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/33f6c23a19e42b449ea8afbeff29060c997e2010"><code>33f6c23</code></a> Fix user guide system overview so nodes don't overlap. (<a href="https://redirect.github.com/tox-dev/tox/issues/3307">#3307</a>)</li> <li>See full diff in <a href="https://github.com/tox-dev/tox/compare/4.16.0...4.17.1">compare view</a></li> </ul> </details> <br />
Signed-off-by: dependabot[bot]Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot showignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 00344ba1..b7b1d302 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,7 @@ pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.11.1" -tox = "4.16.0" +tox = "4.17.1" xmldiff = "2.7.0" bandit = "1.7.9" From 9ba4cdeb1a723ae06d2f7a7ac7ba9786760bacc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:38:42 +0200 Subject: [PATCH 3/8] chore(deps-dev): update flake8 requirement from 7.1.0 to 7.1.1 (#661) Updates the requirements on [flake8](https://github.com/pycqa/flake8) to permit the latest version. Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---Signed-off-by: dependabot[bot]Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot showignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b7b1d302..cc436251 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -83,7 +83,7 @@ xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" coverage = "7.6.0" -flake8 = { version="7.1.0", python=">=3.8.1" } +flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.4.26", python=">=3.8.1" } flake8-isort = "6.1.1" From 99bcdd2646868f0ca1dacdd504ae560209b05a39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:49:13 +0200 Subject: [PATCH 4/8] chore(deps-dev): update coverage requirement from 7.6.0 to 7.6.1 (#660) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. Changelog
Sourced from coverage's changelog.
Version 7.6.1 — 2024-08-04
Fix: coverage used to fail when measuring code using :func:
runpy.run_path <python:runpy.run_path>
with a :class:Path <python:pathlib.Path>
argument. This is now fixed, thanks toAsk Hjorth Larsen <pull 1819_>
_.Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to
LiuYinCarl <pull 1828_>
_.Now we publish wheels for Python 3.13, both regular and free-threaded.
.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828
.. _changes_7-6-0:
Version 7.6.0 — 2024-07-11
Exclusion patterns can now be multi-line, thanks to
Daniel Diniz <pull 1807_>
. This enables many interesting exclusion use-cases, including those requested in issues118 <issue 118_>
(entire files),996 <issue 996_>
_ (multiple lines only when appearing together),1741 <issue 1741_>
_ (remainder of a function), and1803 <issue 1803_>
_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude
section of the docs for more details and examples.The JSON report now includes per-function and per-class coverage information. Thanks to
Daniel Diniz <pull 1809_>
_ for getting the work started. This closesissue 1793
_ andissue 1532
_.Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.
Python 3.13.0b3 is supported.
.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809
.. _changes_7-5-4:
Version 7.5.4 — 2024-06-22
... (truncated)
Commits
29f5898
docs: sample HTML for 7.6.19b829f1
docs: prep for 7.6.1ebbb6a2
build: wheels for 3.13rc13872525
chore: make upgrade7a27f40
test: fix a test on free-threading, use abiflags to get site-packages path co...2b53664
build: include gil/nogil in the version bannerda1682f
docs: changelog and contributor for #1828dc819ff
test: two tests for #18289aaa404
fix: properly handle backslash before multi-line string (#1828)9c50270
chore: make upgrade- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---Signed-off-by: dependabot[bot]Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot showignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index cc436251..43af8c31 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -82,7 +82,7 @@ xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" -coverage = "7.6.0" +coverage = "7.6.1" flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.4.26", python=">=3.8.1" } From c59036e06ddc97284f82efbbc168dc2d89d090d1 Mon Sep 17 00:00:00 2001 From: Michael Schlenker Date: Wed, 14 Aug 2024 15:32:16 +0200 Subject: [PATCH 5/8] feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) The code mistreated hashes for Blake2b and SHA3. Code for explicitly handling SHA1 & BLAKE3 was added, as those have no variants defined in the CycloneDX specification. fixes #652 --------- Signed-off-by: Michael Schlenker Co-authored-by: Michael Schlenker Co-authored-by: Jan Kowalleck --- cyclonedx/model/__init__.py | 29 +++++++++++++++++++++++++++-- tests/test_model.py | 17 +++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py index 4edb50e1..61ba9beb 100644 --- a/cyclonedx/model/__init__.py +++ b/cyclonedx/model/__init__.py @@ -418,6 +418,11 @@ def from_composite_str(composite_hash: str) -> 'HashType': Composite Hash string of the format `HASH_ALGORITHM`:`HASH_VALUE`. Example: `sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b`. + Valid case insensitive prefixes are: + `md5`, `sha1`, `sha256`, `sha384`, `sha512`, `blake2b256`, `blake2b384`, `blake2b512`, + `blake2256`, `blake2384`, `blake2512`, `sha3-256`, `sha3-384`, `sha3-512`, + `blake3`. + Raises: `UnknownHashTypeException` if the type of hash cannot be determined. @@ -432,17 +437,37 @@ def from_composite_str(composite_hash: str) -> 'HashType': alg=HashAlgorithm.MD5, content=parts[1].lower() ) + elif algorithm_prefix[0:4] == 'sha3': + return HashType( + alg=getattr(HashAlgorithm, f'SHA3_{algorithm_prefix[5:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix == 'sha1': + return HashType( + alg=HashAlgorithm.SHA_1, + content=parts[1].lower() + ) elif algorithm_prefix[0:3] == 'sha': + # This is actually SHA2... return HashType( alg=getattr(HashAlgorithm, f'SHA_{algorithm_prefix[3:]}'), content=parts[1].lower() ) + elif algorithm_prefix[0:7] == 'blake2b': + return HashType( + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[7:]}'), + content=parts[1].lower() + ) elif algorithm_prefix[0:6] == 'blake2': return HashType( - alg=getattr(HashAlgorithm, f'BLAKE2b_{algorithm_prefix[6:]}'), + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[6:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix[0:6] == 'blake3': + return HashType( + alg=HashAlgorithm.BLAKE3, content=parts[1].lower() ) - raise UnknownHashTypeException(f'Unable to determine hash type from {composite_hash!r}') def __init__( diff --git a/tests/test_model.py b/tests/test_model.py index 7b9ab794..76959f33 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -262,6 +262,23 @@ def test_hash_type_from_hashlib_alg_throws_on_unknown(self) -> None: HashAlgorithm.SHA_256, '806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b'), ('MD5', 'MD5:dc26cd71b80d6757139f38156a43c545', HashAlgorithm.MD5, 'dc26cd71b80d6757139f38156a43c545'), + ('sha3-256', 'sha3-256:f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101', + HashAlgorithm.SHA3_256, 'f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101'), + ('sha1', 'sha1:b82b9f695a3ae28053cb3776d2132ab625798055', + HashAlgorithm.SHA_1, 'b82b9f695a3ae28053cb3776d2132ab625798055'), + # Name format as used by 'openssl dgst and the Blake2 RFC' + ('blake2b512', + 'blake2b512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), + ('blake2512', + 'blake2512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), ) def test_hash_type_from_composite_str(self, composite: str, e_alg: HashAlgorithm, e_content: str) -> None: h = HashType.from_composite_str(composite) From 35368c58a8b21be771c6df5d4be66e98ce6bd22b Mon Sep 17 00:00:00 2001 From: semantic-release Date: Wed, 14 Aug 2024 13:35:10 +0000 Subject: [PATCH 6/8] chore(release): 7.6.0 Automatically generated by python-semantic-release Signed-off-by: semantic-release --- CHANGELOG.md | 19 +++++++++++++++++++ cyclonedx/__init__.py | 2 +- docs/conf.py | 2 +- pyproject.toml | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3722703..525b95e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,25 @@ +## v7.6.0 (2024-08-14) + +### Feature + +* feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) + +The code mistreated hashes for Blake2b and SHA3. +Code for explicitly handling SHA1 & BLAKE3 was added, as those have no +variants defined in the CycloneDX specification. + +fixes #652 + +--------- + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1)) + + ## v7.5.1 (2024-07-08) ### Fix diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index 26e82d7b..94522e30 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -20,4 +20,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "7.5.1" # noqa:Q000 +__version__ = "7.6.0" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index ebe26020..ffa0cd72 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '7.5.1' +release = '7.6.0' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 43af8c31..e780effa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "7.5.1" +version = "7.6.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ", From 61ce5b7ab5404125040654556888864fd6b1229c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 18 Aug 2024 14:55:45 +0200 Subject: [PATCH 7/8] chore(deps-dev): update tox requirement from 4.17.1 to 4.18.0 (#664) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. Release notes
Sourced from tox's releases.
4.18.0
What's Changed
- Fix #3278 - Boost temporary directories cleanup in tests by
@ziima
in tox-dev/tox#3323- Fix absolute base python paths conflicting by
@gaborbernat
in tox-dev/tox#3325- Fix #3318 - Suppress spinner in parallel runs in CI by
@ziima
in tox-dev/tox#3321Full Changelog: https://github.com/tox-dev/tox/compare/4.17.1...4.18.0
Changelog
Sourced from tox's changelog.
v4.18.0 (2024-08-13)
Features - 4.18.0
- Suppress spinner in parallel runs in CI - by :user:`ziima`. (:issue:`3318`)
Bugfixes - 4.18.0
- Boost temporary directories cleanup in tests - by :user:
ziima
. (:issue:3278
)- Fix absolute base python paths conflicting - by :user:
gaborbernat
. (:issue:3325
)v4.17.1 (2024-08-07)
Bugfixes - 4.17.1
- Support for running ``-e <major>.<minor>`` has been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`) - ``base_python`` now accepts absolute paths to interpreter executable - by :user:`paveldikov`. (:issue:`3191`)
v4.17.0 (2024-08-05)
Features - 4.17.0
- Add
graalpy
prefix as a supported base python (:issue:3312
)- Add :ref:
on_platform
core configuration holding the tox platform and do not install package when exec an environment
- by :user:
gaborbernat
. (:issue:3315
)Bugfixes - 4.17.0
- Add table with default environment variables per OS (:issue:`2753`)
v4.16.0 (2024-07-02)
Bugfixes - 4.16.0
- Add
windir
to the default list of Windowspass_env
environment variables. - by :user:kurtmckee
(:issue:3302
)Improved Documentation - 4.16.0
- - Fix typo in configuration example and fix broken link to code style guide. - by :user:`srenfo` (:issue:`3297`)
v4.15.1 (2024-06-05)
Features - 4.15.1
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---- Fix ``skip_missing_interpreters`` option for ``package = wheel`` (:issue:`3269`) </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/ea72694813a34573f75cbbe284792c4fa96c73c2"><code>ea72694</code></a> release 4.18.0</li> <li><a href="https://github.com/tox-dev/tox/commit/3b3628d451111ffc87f009a82eb65b53070377ec"><code>3b3628d</code></a> Fix <a href="https://redirect.github.com/tox-dev/tox/issues/3318">#3318</a> - Suppress spinner in parallel runs in CI (<a href="https://redirect.github.com/tox-dev/tox/issues/3321">#3321</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/1ee4a3335b1195c85b2fe0db120355dd50324f79"><code>1ee4a33</code></a> Fix absolute base python paths conflicting (<a href="https://redirect.github.com/tox-dev/tox/issues/3325">#3325</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/add99edff0ac34520d637d0ce60f8902b1a95b55"><code>add99ed</code></a> Fix <a href="https://redirect.github.com/tox-dev/tox/issues/3278">#3278</a> - Boost temporary directories cleanup in tests (<a href="https://redirect.github.com/tox-dev/tox/issues/3323">#3323</a>)</li> <li>See full diff in <a href="https://github.com/tox-dev/tox/compare/4.17.1...4.18.0">compare view</a></li> </ul> </details> <br />
Signed-off-by: dependabot[bot]Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot showignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index e780effa..87d2a456 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,7 @@ pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.11.1" -tox = "4.17.1" +tox = "4.18.0" xmldiff = "2.7.0" bandit = "1.7.9" From 9ba4b8e5d255c8dba51df214786328bfa700291c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 20 Aug 2024 09:37:23 +0200 Subject: [PATCH 8/8] feat!: 8.0.0 Signed-off-by: Jan Kowalleck