From 55f10fb5524dafa68112c0836806c27bdd74fcbe Mon Sep 17 00:00:00 2001
From: Paul Horton <10280392+madpah@users.noreply.github.com>
Date: Thu, 9 Dec 2021 11:43:58 +0000
Subject: [PATCH] feat: loosed dependency versions to make this library more
 consumable

* feat: lowering minimum dependency versions

Signed-off-by: Paul Horton <phorton@sonatype.com>

* feat: lowering minimum dependency versions

Signed-off-by: Paul Horton <phorton@sonatype.com>

* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library

Signed-off-by: Paul Horton <phorton@sonatype.com>

* feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library

Signed-off-by: Paul Horton <phorton@sonatype.com>

* feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement

Signed-off-by: Paul Horton <phorton@sonatype.com>
---
 cyclonedx/parser/environment.py |  3 +--
 pyproject.toml                  | 12 ++++++------
 requirements.lowest.txt         | 12 ++++++------
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/cyclonedx/parser/environment.py b/cyclonedx/parser/environment.py
index e14ac807..95363111 100644
--- a/cyclonedx/parser/environment.py
+++ b/cyclonedx/parser/environment.py
@@ -35,8 +35,7 @@
     from importlib.metadata import metadata
     from email.message import Message as _MetadataReturn
 else:
-    from importlib_metadata import metadata
-    from importlib_metadata._meta import PackageMetadata as _MetadataReturn
+    from importlib_metadata import metadata, PackageMetadata as _MetadataReturn
 
 from . import BaseParser
 from ..model.component import Component
diff --git a/pyproject.toml b/pyproject.toml
index 8932018a..71d3e00b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,14 +43,14 @@ keywords = [
 [tool.poetry.dependencies]
 # keep `requirements.lowest.txt` file in sync
 python = "^3.6"
-packageurl-python = "^0.9.4"
+packageurl-python = ">= 0.3.0, < 0.10"
 requirements_parser = "^0.2.0"
-setuptools = "^50.3.2"
-importlib-metadata = { version = "^4.8.1", python = "~3.6 | ~3.7" }
-toml = "^0.10.2"
+setuptools = ">=47.0.0, < 59.3"
+importlib-metadata = { version = ">= 3.4.0 < 4.9", python = "~3.6 | ~3.7" }
+toml = "^0.10.0"
 typing-extensions = { version = "^3.10.0", python = "~3.6 | ~3.7" }
-types-setuptools = "^57.4.2"
-types-toml = "^0.10.1"
+types-setuptools = ">= 57.0.0, < 57.5"
+types-toml = "^0.10.0"
 
 [tool.poetry.dev-dependencies]
 tox = "^3.24.3"
diff --git a/requirements.lowest.txt b/requirements.lowest.txt
index 49a25491..89a33b16 100644
--- a/requirements.lowest.txt
+++ b/requirements.lowest.txt
@@ -1,11 +1,11 @@
 # exactly pinned dependencies to the lowest version regardless of python_version
 # see pyptoject file for ranges
 
-packageurl-python == 0.9.4
+packageurl-python == 0.3.0
 requirements_parser == 0.2.0
-setuptools == 50.3.2
-importlib-metadata == 4.8.1 # ; python_version < '3.8'
-toml == 0.10.2
+setuptools == 47.0.0
+importlib-metadata == 3.4.0 # ; python_version < '3.8'
+toml == 0.10.0
 typing-extensions == 3.10.0 # ; python_version < '3.8'
-types-setuptools == 57.4.2
-types-toml == 0.10.1
+types-setuptools == 57.0.0
+types-toml == 0.10.0