{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":157659206,"defaultBranch":"main","name":"cyclonedx-python","ownerLogin":"CycloneDX","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2018-11-15T05:53:33.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/29029855?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1720233109.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"cf91281a41c0d80c948d72f027e043f11851290f","ref":"refs/heads/dependabot/pip/tox-4.16.0","pushedAt":"2024-07-06T02:31:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update tox requirement from 4.15.1 to 4.16.0\n\nUpdates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version.\n- [Release notes](https://github.com/tox-dev/tox/releases)\n- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)\n- [Commits](https://github.com/tox-dev/tox/compare/4.15.1...4.16.0)\n\n---\nupdated-dependencies:\n- dependency-name: tox\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update tox requirement from 4.15.1 to 4.16.0"}},{"before":"6aea4c89685bf1fd1072eb27b227b5a348e2c9ad","after":null,"ref":"refs/heads/dependabot/github_actions/python-semantic-release/python-semantic-release-9.8.3","pushedAt":"2024-07-06T02:26:00.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"7db2ae0e2df3c435665f28cb0ea4122c6aff413a","ref":"refs/heads/dependabot/github_actions/python-semantic-release/python-semantic-release-9.8.4","pushedAt":"2024-07-06T02:25:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump python-semantic-release/python-semantic-release\n\nBumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 9.1.1 to 9.8.4.\n- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)\n- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v9.1.1...v9.8.4)\n\n---\nupdated-dependencies:\n- dependency-name: python-semantic-release/python-semantic-release\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps): Bump python-semantic-release/python-semantic-release"}},{"before":"4271d85465f0519ccb29aafa8680fb3a92c0f92a","after":null,"ref":"refs/heads/dependabot/pip/mypy-1.10.1","pushedAt":"2024-06-29T09:47:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"840bd2d1b49f016eef089af92a5686b0e4e9515c","after":"d3e1d60b383121e4d4dd1a13c1eafcd99c565b37","ref":"refs/heads/main","pushedAt":"2024-06-29T09:46:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1 (#761)\n\nUpdates the requirements on [mypy](https://github.com/python/mypy) to\r\npermit the latest version.\r\n
\r\nChangelog\r\n

Sourced from mypy's\r\nchangelog.

\r\n
\r\n

Mypy 1.10.1

\r\n
    \r\n
  • Fix error reporting on cached run after uninstallation of third\r\nparty library (Shantanu, PR 17420)
    • \r\n
\r\n

Acknowledgements

\r\n

Thanks to all mypy contributors who contributed to this release:

\r\n
    \r\n
  • Alex Waygood
    • \r\n
  • Ali Hamdan
    • \r\n
  • Edward Paget
    • \r\n
  • Evgeniy Slobodkin
    • \r\n
  • Hashem
    • \r\n
  • hesam
    • \r\n
  • Hugo van Kemenade
    • \r\n
  • Ihor
    • \r\n
  • James Braza
    • \r\n
  • Jelle Zijlstra
    • \r\n
  • jhance
    • \r\n
  • Jukka Lehtosalo
    • \r\n
  • Loïc Simon
    • \r\n
  • Marc Mueller
    • \r\n
  • Matthieu Devlin
    • \r\n
  • Michael R. Crusoe
    • \r\n
  • Nikita Sobolev
    • \r\n
  • Oskari Lehto
    • \r\n
  • Riccardo Di Maio
    • \r\n
  • Richard Si
    • \r\n
  • roberfi
    • \r\n
  • Roman Solomatin
    • \r\n
  • Sam Xifaras
    • \r\n
  • Shantanu
    • \r\n
  • Spencer Brown
    • \r\n
  • Srinivas Lade
    • \r\n
  • Tamir Duberstein
    • \r\n
  • youkaichao
    • \r\n
\r\n

I’d also like to thank my employer, Dropbox, for supporting mypy\r\ndevelopment.

\r\n

Mypy 1.9

\r\n

We’ve just uploaded mypy 1.9 to the Python Package Index (PyPI). Mypy is a static type\r\nchecker for Python. This release includes new features, performance\r\nimprovements and bug fixes. You can install it as follows:

\r\n
python3 -m pip install -U mypy\r\n
\r\n

You can read the full documentation for this release on Read the Docs.

\r\n

Breaking Changes

\r\n

Because the version of typeshed we use in mypy 1.9 doesn't support\r\n3.7, neither does mypy 1.9. (Jared Hance, PR 16883)

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • c28b525\r\n[1.10 backport] Fix error reporting on cached run after uninstallation\r\nof thi...
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1 (#761)"}},{"before":"9b9c2b7eb02cef8a2c2a82577d460b1a9e4df149","after":"4271d85465f0519ccb29aafa8680fb3a92c0f92a","ref":"refs/heads/dependabot/pip/mypy-1.10.1","pushedAt":"2024-06-29T09:44:48.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1\n\nUpdates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version.\n- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/python/mypy/compare/v1.10.0...v1.10.1)\n\n---\nupdated-dependencies:\n- dependency-name: mypy\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1"}},{"before":"8cd2e6be6cddde0bde75ef41b6594e02d11a765c","after":null,"ref":"refs/heads/dependabot/pip/coverage-7.5.4","pushedAt":"2024-06-29T09:44:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"255e053ad85eb2e5a5adc990d3a56ed122487bda","after":"840bd2d1b49f016eef089af92a5686b0e4e9515c","ref":"refs/heads/main","pushedAt":"2024-06-29T09:43:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4 (#760)\n\nUpdates the requirements on\r\n[coverage](https://github.com/nedbat/coveragepy) to permit the latest\r\nversion.\r\n
\r\nChangelog\r\n

Sourced from coverage's\r\nchangelog.

\r\n
\r\n

Version 7.5.4 — 2024-06-22

\r\n
    \r\n
  • \r\n

    If you attempt to combine statement coverage data with branch\r\ncoverage data,\r\ncoverage.py used to fail with the message "Can't combine arc data\r\nwith line\r\ndata" or its reverse, "Can't combine line data with arc\r\ndata." These\r\nmessages used internal terminology, making it hard for people to\r\nunderstand\r\nthe problem. They are now changed to mention "branch coverage\r\ndata" and\r\n"statement coverage data."

    \r\n
    • \r\n
  • \r\n

    Fixed a minor branch coverage problem with wildcard match/case cases\r\nusing\r\nnames or guard clauses.

    \r\n
    • \r\n
  • \r\n

    Started testing on 3.13 free-threading (nogil) builds of Python. I'm\r\nnot\r\nclaiming full support yet. Closes issue 1799_.

    \r\n
    • \r\n
\r\n

.. _issue 1799: nedbat/coveragepy#1799

\r\n

.. _changes_7-5-3:

\r\n

Version 7.5.3 — 2024-05-28

\r\n
    \r\n
  • \r\n

    Performance improvements for combining data files, especially when\r\nmeasuring\r\nline coverage. A few different quadratic behaviors were eliminated. In\r\none\r\nextreme case of combining 700+ data files, the time dropped from more\r\nthan\r\nthree hours to seven minutes. Thanks for Kraken Tech for funding the\r\nfix.

    \r\n
    • \r\n
  • \r\n

    Performance improvements for generating HTML reports, with a side\r\nbenefit of\r\nreducing memory use, closing issue 1791_. Thanks to Daniel\r\nDiniz for\r\nhelping to diagnose the problem.

    \r\n
    • \r\n
\r\n

.. _issue 1791: nedbat/coveragepy#1791

\r\n

.. _changes_7-5-2:

\r\n

Version 7.5.2 — 2024-05-24

\r\n
    \r\n
  • \r\n

    Fix: nested matches of exclude patterns could exclude too much code,\r\nas\r\nreported in issue 1779_. This is now fixed.

    \r\n
    • \r\n
  • \r\n

    Changed: previously, coverage.py would consider a module docstring to\r\nbe an\r\nexecutable statement if it appeared after line 1 in the file, but not\r\nexecutable if it was the first line. Now module docstrings are never\r\ncounted\r\nas executable statements. This can change coverage.py's count of the\r\nnumber\r\nof statements in a file, which can slightly change the coverage\r\npercentage\r\nreported.

    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 22c09c6\r\ndocs: sample HTML for 7.5.4
    • \r\n
  • 9e16381\r\ndocs: prep for 7.5.4
    • \r\n
  • fba9b9e\r\ndocs: link issue 1799 from the changelog
    • \r\n
  • f124de8\r\nbuild: no longer download kits to upload them
    • \r\n
  • 9516cf6\r\nbuild: hash-pin all actions
    • \r\n
  • c6e0985\r\nbuild: finish up the publish action
    • \r\n
  • 4a49458\r\nbuild: get the latest dist run id for publishing
    • \r\n
  • fb15efa\r\nbuild: pin hashes for publishing actions
    • \r\n
  • c20af95\r\nbuild: use the correct item: github.event.action
    • \r\n
  • ccbab15\r\nbuild: dump all the github actions data
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4 (#760)"}},{"before":"81aaefa2746752a54da7df0c160cec132ee01c8c","after":null,"ref":"refs/heads/dependabot/pip/autopep8-2.3.1","pushedAt":"2024-06-29T09:43:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"c76de2922513b21d211fa319aad28a6c1467aad7","after":"255e053ad85eb2e5a5adc990d3a56ed122487bda","ref":"refs/heads/main","pushedAt":"2024-06-29T09:43:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1 (#759)\n\nUpdates the requirements on\r\n[autopep8](https://github.com/hhatto/autopep8) to permit the latest\r\nversion.\r\n
\r\nRelease notes\r\n

Sourced from autopep8's\r\nreleases.

\r\n
\r\n

v2.3.1

\r\n

What's Changed

\r\n

Bug Fix

\r\n
    \r\n
  • skip e501 fixed method for f-string line without aggressive option\r\nby @​hhatto in hhatto/autopep8#754
    • \r\n
  • Fix argument parser errors are printed without a trailing newline by\r\n@​hhatto in hhatto/autopep8#758
    • \r\n
\r\n

Enhancement

\r\n
    \r\n
  • Refactor unit test by @​hhatto in hhatto/autopep8#756
    • \r\n
  • Remove coveralls by @​hhatto in hhatto/autopep8#757
    • \r\n
  • codecov with 3.11 and 3.12 by @​hhatto in hhatto/autopep8#755
    • \r\n
\r\n

Full Changelog: https://github.com/hhatto/autopep8/compare/v2.3.0...v2.3.1

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 8530500\r\nversion 2.3.1
    • \r\n
  • 597b512\r\nMerge pull request #758\r\nfrom hhatto/fix-issue-713
    • \r\n
  • 02592cc\r\nassert for arg error usage print
    • \r\n
  • 5805a66\r\nchange: print usage and msg with new line
    • \r\n
  • c55f3e0\r\nMerge pull request #757\r\nfrom hhatto/remove-coveralls
    • \r\n
  • 87debd2\r\nadd codecov setting file
    • \r\n
  • be71168\r\nfix link, use codecov
    • \r\n
  • 432d07e\r\nremove
    • \r\n
  • 64763b7\r\nremove coverall file
    • \r\n
  • 406f9ac\r\nMerge pull request #756\r\nfrom hhatto/refactor-unit-test
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1 (#759)"}},{"before":null,"after":"9b9c2b7eb02cef8a2c2a82577d460b1a9e4df149","ref":"refs/heads/dependabot/pip/mypy-1.10.1","pushedAt":"2024-06-29T02:49:06.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1\n\nUpdates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version.\n- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/python/mypy/compare/v1.10.0...v1.10.1)\n\n---\nupdated-dependencies:\n- dependency-name: mypy\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update mypy requirement from 1.10.0 to 1.10.1"}},{"before":null,"after":"8cd2e6be6cddde0bde75ef41b6594e02d11a765c","ref":"refs/heads/dependabot/pip/coverage-7.5.4","pushedAt":"2024-06-29T02:48:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4\n\nUpdates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version.\n- [Release notes](https://github.com/nedbat/coveragepy/releases)\n- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)\n- [Commits](https://github.com/nedbat/coveragepy/compare/7.5.3...7.5.4)\n\n---\nupdated-dependencies:\n- dependency-name: coverage\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update coverage requirement from 7.5.3 to 7.5.4"}},{"before":null,"after":"81aaefa2746752a54da7df0c160cec132ee01c8c","ref":"refs/heads/dependabot/pip/autopep8-2.3.1","pushedAt":"2024-06-29T02:48:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1\n\nUpdates the requirements on [autopep8](https://github.com/hhatto/autopep8) to permit the latest version.\n- [Release notes](https://github.com/hhatto/autopep8/releases)\n- [Commits](https://github.com/hhatto/autopep8/compare/v2.2.0...v2.3.1)\n\n---\nupdated-dependencies:\n- dependency-name: autopep8\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update autopep8 requirement from 2.2.0 to 2.3.1"}},{"before":"7124a27baf12a436ceb96482f9ba91a1dbdf7520","after":null,"ref":"refs/heads/dependabot/pip/flake8-7.1.0","pushedAt":"2024-06-22T07:28:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"e685bf7cb67e9f13a19dc9565a34e365099d8882","after":"c76de2922513b21d211fa319aad28a6c1467aad7","ref":"refs/heads/main","pushedAt":"2024-06-22T07:28:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0 (#758)\n\nUpdates the requirements on [flake8](https://github.com/pycqa/flake8) to\r\npermit the latest version.\r\n
\r\nCommits\r\n
    \r\n
  • 65a38c4\r\nRelease 7.1.0
    • \r\n
  • 34c97e0\r\nMerge pull request #1939\r\nfrom PyCQA/new-pycodestyle
    • \r\n
  • defd315\r\nlatest pycodestyle
    • \r\n
  • 408d4d6\r\nMerge pull request #1930\r\nfrom mzagol/patch-1
    • \r\n
  • 866ad72\r\nAdd --extend-exclude to the TOC
    • \r\n
  • 33e5083\r\nMerge pull request #1923\r\nfrom Viicos/entry-points-docs
    • \r\n
  • 6659b21\r\nFix toctree ordering in index
    • \r\n
  • ba0f566\r\nUse explicit external references
    • \r\n
  • 350f254\r\nUse explicit external references
    • \r\n
  • 49f52a8\r\nUpdate documentation regarding entry points
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0 (#758)"}},{"before":null,"after":"7124a27baf12a436ceb96482f9ba91a1dbdf7520","ref":"refs/heads/dependabot/pip/flake8-7.1.0","pushedAt":"2024-06-22T02:28:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0\n\nUpdates the requirements on [flake8](https://github.com/pycqa/flake8) to permit the latest version.\n- [Commits](https://github.com/pycqa/flake8/compare/7.0.0...7.1.0)\n\n---\nupdated-dependencies:\n- dependency-name: flake8\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update flake8 requirement from 7.0.0 to 7.1.0"}},{"before":"ee8a20f87531cc7ca42a74284a99dadfa0717a38","after":null,"ref":"refs/heads/dependabot/github_actions/python-semantic-release/python-semantic-release-9.8.1","pushedAt":"2024-06-22T02:04:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"6aea4c89685bf1fd1072eb27b227b5a348e2c9ad","ref":"refs/heads/dependabot/github_actions/python-semantic-release/python-semantic-release-9.8.3","pushedAt":"2024-06-22T02:04:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump python-semantic-release/python-semantic-release\n\nBumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 9.1.1 to 9.8.3.\n- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)\n- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/v9.1.1...v9.8.3)\n\n---\nupdated-dependencies:\n- dependency-name: python-semantic-release/python-semantic-release\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps): Bump python-semantic-release/python-semantic-release"}},{"before":"854b30d89a9165abc87e14fe37b2cef521fee92b","after":null,"ref":"refs/heads/dependabot/pip/bandit-1.7.9","pushedAt":"2024-06-15T08:20:21.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"6cb2cbc987a1c01b8fadfae0cedddf213dd08e2a","after":"e685bf7cb67e9f13a19dc9565a34e365099d8882","ref":"refs/heads/main","pushedAt":"2024-06-15T08:20:13.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9 (#756)\n\nUpdates the requirements on [bandit](https://github.com/PyCQA/bandit) to\r\npermit the latest version.\r\n
\r\nRelease notes\r\n

Sourced from bandit's\r\nreleases.

\r\n
\r\n

1.7.9

\r\n

What's Changed

\r\n
    \r\n
  • Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in PyCQA/bandit#1117
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1119
    • \r\n
  • New logo for Bandit based on raccoon by @​ericwb in PyCQA/bandit#1121
    • \r\n
  • Start testing on Python 3.13 by @​ericwb in PyCQA/bandit#1122
    • \r\n
  • Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in PyCQA/bandit#1123
    • \r\n
  • Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in PyCQA/bandit#1124
    • \r\n
  • Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in PyCQA/bandit#1125
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1126
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1127
    • \r\n
  • Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in PyCQA/bandit#1130
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1131
    • \r\n
  • Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in PyCQA/bandit#1132
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1133
    • \r\n
  • Updates banner logo so it renders well in dark mode by @​ericwb in PyCQA/bandit#1134
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1135
    • \r\n
  • Add a sponsor section to README by @​ericwb in PyCQA/bandit#1137
    • \r\n
  • Ensure sarif extra is included as part of doc build by @​ericwb in PyCQA/bandit#1139
    • \r\n
  • Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in PyCQA/bandit#1142
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1143
    • \r\n
  • [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci\r\nin PyCQA/bandit#1145
    • \r\n
  • Guard against empty call argument list by @​ericwb in PyCQA/bandit#1146
    • \r\n
  • Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in PyCQA/bandit#1144
    • \r\n
  • Support configfile in .bandit file by @​bersbersbers\r\nin PyCQA/bandit#1052
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​pre-commit-ci\r\nmade their first contribution in PyCQA/bandit#1119
    • \r\n
  • @​bersbersbers\r\nmade their first contribution in PyCQA/bandit#1052
    • \r\n
\r\n

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 691f465\r\nSupport configfile in .bandit file (#1052)
    • \r\n
  • f1a397e\r\nBump docker/build-push-action from 5.3.0 to 5.4.0 (#1144)
    • \r\n
  • 049eba0\r\nGuard against empty call argument list (#1146)
    • \r\n
  • ad56c78\r\n[pre-commit.ci] pre-commit autoupdate (#1145)
    • \r\n
  • 2dd4cb5\r\n[pre-commit.ci] pre-commit autoupdate (#1143)
    • \r\n
  • 313cae7\r\nBump docker/login-action from 3.1.0 to 3.2.0 (#1142)
    • \r\n
  • 3fa1e25\r\nEnsure sarif extra is included as part of doc build (#1139)
    • \r\n
  • 8b659fb\r\nAdd a sponsor section to README (#1137)
    • \r\n
  • 30cada5\r\n[pre-commit.ci] pre-commit autoupdate (#1135)
    • \r\n
  • dbb4161\r\nUpdates banner logo so it renders well in dark mode (#1134)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9 (#756)"}},{"before":null,"after":"854b30d89a9165abc87e14fe37b2cef521fee92b","ref":"refs/heads/dependabot/pip/bandit-1.7.9","pushedAt":"2024-06-15T02:54:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9\n\nUpdates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version.\n- [Release notes](https://github.com/PyCQA/bandit/releases)\n- [Commits](https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9)\n\n---\nupdated-dependencies:\n- dependency-name: bandit\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps-dev): Update bandit requirement from 1.7.8 to 1.7.9"}},{"before":"e9cc8058bb299e98a6f645426a2626bcfa3f06eb","after":"6cb2cbc987a1c01b8fadfae0cedddf213dd08e2a","ref":"refs/heads/main","pushedAt":"2024-06-10T22:09:26.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore(release): 4.5.0\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release ","shortMessageHtmlLink":"chore(release): 4.5.0"}},{"before":"1cd1ef6822c0da8f669f5c36808a844be5944e9d","after":null,"ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T22:04:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"}},{"before":"cba521ee01aeb7bd3309518b4f46ba71d74abac9","after":"e9cc8058bb299e98a6f645426a2626bcfa3f06eb","ref":"refs/heads/main","pushedAt":"2024-06-10T22:04:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"feat: environment - gather declared license information according to PEP639 (#755)\n\nFrom python environments, gather additional declared license information\r\naccording to [PEP 639](https://peps.python.org/pep-0639) (improving\r\nlicense clarity with better package metadata).\r\n\r\nNew CLI switches for `cyclonedx environment`: \r\n* `--PEP-639`: Enable license gathering according to PEP 639 (improving\r\nlicense clarity with better package metadata).\r\n The behavior may change during the draft development of the PEP.\r\n* `--gather-license-texts`: Enable license text gathering.\r\n\r\nIn current state of implementation, `--gather-license-texts` has effect\r\nonly if `--PEP-639` is also given.\r\n\r\n\r\n\r\n---------\r\n\r\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"feat: environment - gather declared license information according to …"}},{"before":"b24d05312be39bae4d6a2522c7e564b7812afbc2","after":"1cd1ef6822c0da8f669f5c36808a844be5944e9d","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T11:14:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"tidy\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"tidy"}},{"before":"aae816de957d1d2de34e8694df49cb382058655e","after":"b24d05312be39bae4d6a2522c7e564b7812afbc2","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T11:08:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"tests\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"tests"}},{"before":"23411c54183d6ac6409be3ddbe754252ca3b9203","after":"aae816de957d1d2de34e8694df49cb382058655e","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T10:56:26.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"docs\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"docs"}},{"before":"b47bcf5785ed1946621ae65ce3c8341a97721b43","after":"23411c54183d6ac6409be3ddbe754252ca3b9203","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T10:46:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"refactor\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"refactor"}},{"before":"e33f6876febfa40af61c22a1c39d59d77ed9184b","after":"b47bcf5785ed1946621ae65ce3c8341a97721b43","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T10:30:29.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"tests\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"tests"}},{"before":"ce4a50333b94f014ca0636688d8a53a887d821b7","after":"e33f6876febfa40af61c22a1c39d59d77ed9184b","ref":"refs/heads/feat/env-license-texts","pushedAt":"2024-06-10T00:11:03.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"jkowalleck","name":"Jan Kowalleck","path":"/jkowalleck","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2765863?s=80&v=4"},"commit":{"message":"refactor\n\nSigned-off-by: Jan Kowalleck ","shortMessageHtmlLink":"refactor"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEeDnTAAA","startCursor":null,"endCursor":null}},"title":"Activity · CycloneDX/cyclonedx-python"}