From 2f2982b35c5d4a520b75fe51b85796b8163335e0 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Apr 2025 17:37:00 +0200 Subject: [PATCH 1/4] docs: fix default value for `--spec-version ` Signed-off-by: Jan Kowalleck --- docs/usage.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/usage.rst b/docs/usage.rst index 85710a04..516a3520 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -86,7 +86,7 @@ The full documentation can be issued by running with ``environment --help``: --sv , --spec-version Which version of CycloneDX to use. {choices: 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0} - (default: 1.5) + (default: 1.6) --output-reproducible Whether to go the extra mile and make the output reproducible. This might result in loss of time- and random-based-values. @@ -260,7 +260,7 @@ The full documentation can be issued by running with ``pipenv --help``: --sv , --spec-version Which version of CycloneDX to use. {choices: 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0} - (default: 1.5) + (default: 1.6) --output-reproducible Whether to go the extra mile and make the output reproducible. This might result in loss of time- and random-based-values. @@ -338,7 +338,7 @@ The full documentation can be issued by running with ``poetry --help``: --sv , --spec-version Which version of CycloneDX to use. {choices: 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0} - (default: 1.5) + (default: 1.6) --output-reproducible Whether to go the extra mile and make the output reproducible. This might result in loss of time- and random-based-values. @@ -412,7 +412,7 @@ The full documentation can be issued by running with ``requirements --help``: --sv , --spec-version Which version of CycloneDX to use. {choices: 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0} - (default: 1.5) + (default: 1.6) --output-reproducible Whether to go the extra mile and make the output reproducible. This might result in loss of time- and random-based-values. From 9967a988e680277fb53c305c6a9c37b46b1d6f61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 11:10:04 +0200 Subject: [PATCH 2/4] chore(deps-dev): Update flake8-logging requirement from 1.6.0 to 1.7.0 (#888) Updates the requirements on [flake8-logging](https://github.com/adamchainz/flake8-logging) to permit the latest version.
Changelog

Sourced from flake8-logging's changelog.

1.7.0 (2024-10-27)

  • Drop Python 3.8 support.

  • Support Python 3.13.

1.6.0 (2024-03-20)

  • Add rule LOG015 that detects use of the root logger through calls like logging.info().

    Thanks to John Litborn in PR [#96](https://github.com/adamchainz/flake8-logging/issues/96) <https://github.com/adamchainz/flake8-logging/pull/96>__.

1.5.0 (2024-01-23)

  • Extend LOG003 disallowed extra keys to include message.

    Thanks to Bartek Ogryczak in PR [#77](https://github.com/adamchainz/flake8-logging/issues/77) <https://github.com/adamchainz/flake8-logging/pull/77>__.

1.4.0 (2023-10-10)

  • Add rule LOG013 that detects mismatches between named %-style formatting placeholders and keys in dict argument.

  • Add rule LOG014 that detects exc_info=True outside of exception handlers.

1.3.1 (2023-09-17)

  • Fix LOG012 false positive with unpacked arguments like *args.

  • Fix LOG012 false positive with %% in formatting strings.

1.3.0 (2023-09-17)

  • Add rule LOG012 that detects mismatches between %-style formatting placeholders and arguments.

1.2.0 (2023-09-04)

  • Add rule LOG009 that detects use of the undocumented WARN constant.

  • Add rule LOG010 that detects passing calls to exception() passing a handled exception as the first argument.

  • Add rule LOG011 that detects pre-formatted log messages.

1.1.0 (2023-08-25)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b27883e0..96fb8507 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -87,7 +87,7 @@ flake8-isort = "6.1.2" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" pep8-naming = "0.14.1" -flake8-logging = "1.6.0" +flake8-logging = "1.7.0" isort = "6.0.1" autopep8 = "2.3.2" mypy = "1.15.0" From 0e6d8454d39861ae9051c63c42d6fb6e12c0fca6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 May 2025 15:01:13 +0200 Subject: [PATCH 3/4] chore(deps-dev): Update pep8-naming requirement from 0.14.1 to 0.15.0 (#891) Updates the requirements on [pep8-naming](https://github.com/PyCQA/pep8-naming) to permit the latest version.
Release notes

Sourced from pep8-naming's releases.

0.15.0

  • Add support for Python 3.13.
  • Drop support for Python 3.8.
  • N808 checks type variable names use the CapWords convention and have an appropriate suffix.
Changelog

Sourced from pep8-naming's changelog.

0.15.0 - 2025-04-29

  • Add support for Python 3.13.
  • Drop support for Python 3.8.
  • N808 checks type variable names use the CapWords convention and have an appropriate suffix.

0.14.1 - 2024-05-17

  • Require Python 3.8 or later.

0.14.0 - 2024-05-16

  • Drop support for Python 3.7.
  • Add support for Python 3.12.
  • Ignore methods decorated by @typing.override.
  • Perform case-sensitive ignore-names globbing on all platforms.

0.13.3 - 2022-12-19

  • Formally require flake8 5.0.0 or later.
  • Add support for Python 3.11.

0.13.2 - 2022-08-19

  • Formally require Python 3.7 or later using python_requires.

0.13.1 - 2022-07-15

  • Fix warnings related to deprecated options syntax.

0.13.0 - 2022-06-22

  • Python 3.7 or later is now required.

  • setUpModule and tearDownModule are now exempted by default.

0.12.1 - 2021-08-06

  • Fix potential stack exhaustion in the N818 check.

0.12.0 - 2021-07-06

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 96fb8507..f18ad6df 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -86,7 +86,7 @@ flake8-copyright-validator = "^0.0.1" flake8-isort = "6.1.2" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" -pep8-naming = "0.14.1" +pep8-naming = "0.15.0" flake8-logging = "1.7.0" isort = "6.0.1" autopep8 = "2.3.2" From e33f80e9501852f6a7d75fa7632af752c277f7e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 May 2025 15:03:18 +0200 Subject: [PATCH 4/4] chore(deps-dev): Update uv requirement from 0.6.14 to 0.7.2 (#890) Updates the requirements on [uv](https://github.com/astral-sh/uv) to permit the latest version.
Release notes

Sourced from uv's releases.

0.7.2

Release Notes

Enhancements

  • Improve trace log for retryable errors (#13228)
  • Use "error" instead of "warning" for self-update message (#13229)
  • Error when uv version is used with project-specific flags but no project is found (#13203)

Bug fixes

  • Fix incorrect virtual environment invalidation for pre-release Python versions (#13234)
  • Fix patching of clang in managed Python sysconfig (#13237)
  • Respect --project in uv version (#13230)

Install uv 0.7.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/uv/releases/download/0.7.2/uv-installer.sh
| sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm
https://github.com/astral-sh/uv/releases/download/0.7.2/uv-installer.ps1
| iex"

Download uv 0.7.2

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum
Changelog

Sourced from uv's changelog.

0.7.2

Enhancements

  • Improve trace log for retryable errors (#13228)
  • Use "error" instead of "warning" for self-update message (#13229)
  • Error when uv version is used with project-specific flags but no project is found (#13203)

Bug fixes

  • Fix incorrect virtual environment invalidation for pre-release Python versions (#13234)
  • Fix patching of clang in managed Python sysconfig (#13237)
  • Respect --project in uv version (#13230)

0.7.1

Enhancement

  • Add support for BLAKE2b-256 (#13204)

Bugfix

  • Revert fix handling of authentication when encountering redirects (#13215)

0.7.0

This release contains various changes that improve correctness and user experience, but could break some workflows; many changes have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking changes

  • Update uv version to display and update project versions (#12349)

    Previously, uv version displayed uv's version. Now, uv version will display or update the project's version. This interface was heavily requested and, after much consideration, we decided that transitioning the top-level command was the best option.

    Here's a brief example:

    $ uv init example
Initialized project `example` at `./example`
$ cd example
$ uv version
example 0.1.0
$ uv version --bump major
example 0.1.0 => 1.0.0
$ uv version --short
1.0.0

    If used outside of a project, uv will fallback to showing its own version still:

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f18ad6df..0d7489df 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -105,7 +105,7 @@ pip = ">=23.0" pipenv = ">=2023.11.5" poetry = "^1.7" pdm = "^2.11" -uv = "0.6.14" # keep pinned to exact version, until a v1.0.0 is released +uv = "0.7.2" # keep pinned to exact version, until a v1.0.0 is released