profile
viewpoint
CycloneDX SBOM Standard CycloneDX OWASP https://cyclonedx.org/ CycloneDX is a lightweight Software Bill of Materials (SBOM) standard, purpose-built for cybersecurity use cases. CycloneDX is a OWASP Flagship Project.

CycloneDX/cyclonedx-maven-plugin 67

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

CycloneDX/cyclonedx-node-module 51

Creates CycloneDX Software Bill of Materials (SBOM) from Node.js projects

CycloneDX/cyclonedx-dotnet 45

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

CycloneDX/cyclonedx-python 44

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

CycloneDX/cyclonedx-gradle-plugin 27

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

CycloneDX/cyclonedx-cli 26

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

CycloneDX/cyclonedx-core-java 21

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

CycloneDX/cyclonedx-gomod 14

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

CycloneDX/cyclonedx-php-composer 12

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

CycloneDX/cyclonedx-go 10

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

issue openedCycloneDX/cyclonedx-python

Support multiple requirement files according to envionments

Hi all,

I have multiple requirement files in a folder. This is done because of different environments, e.g.: /requirements/base.txt /requirements/development.txt /requirements/production.txt

The base.txt has all dependencies which are needed in all environments. The other files (e.g. development.txt or production.txt) refer to the base.txt and add additional dependencies, e.g.

`# base requirements -r base.txt

#additional requirements pylint==2.2.0 `

Could you advance cyclonedx-python to scan multiple requirement files at once? Furthermore, cyclonedx-python fails if there is "-r base.txt" in a requirements file?

Traceback (most recent call last): File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/packaging/requirements.py", line 98, in init req = REQUIREMENT.parseString(requirement_string) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1654, in parseString raise exc File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1644, in parseString loc, tokens = self._parse( instring, 0 ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1402, in _parseNoCache loc,tokens = self.parseImpl( instring, preloc, doActions ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 3417, in parseImpl loc, exprtokens = e._parse( instring, loc, doActions ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1402, in _parseNoCache loc,tokens = self.parseImpl( instring, preloc, doActions ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 3739, in parseImpl return self.expr._parse( instring, loc, doActions, callPreParse=False ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1402, in _parseNoCache loc,tokens = self.parseImpl( instring, preloc, doActions ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 3400, in parseImpl loc, resultlist = self.exprs[0]._parse( instring, loc, doActions, callPreParse=False ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 1406, in _parseNoCache loc,tokens = self.parseImpl( instring, preloc, doActions ) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/pyparsing.py", line 2711, in parseImpl raise ParseException(instring, loc, self.errmsg, self) pkg_resources._vendor.pyparsing.ParseException: Expected W:(abcd...) (at char 0), (line:1, col:1)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/manusommer/.local/bin/cyclonedx-bom", line 8, in <module> sys.exit(main()) File "/home/manusommer/.local/lib/python3.8/site-packages/cyclonedx_py/client.py", line 211, in main CycloneDxCmd(args).execute() File "/home/manusommer/.local/lib/python3.8/site-packages/cyclonedx_py/client.py", line 88, in execute output = self.get_output() File "/home/manusommer/.local/lib/python3.8/site-packages/cyclonedx_py/client.py", line 52, in get_output parser = self._get_input_parser() File "/home/manusommer/.local/lib/python3.8/site-packages/cyclonedx_py/client.py", line 203, in _get_input_parser return RequirementsParser(requirements_content=input_data) File "/home/manusommer/.local/lib/python3.8/site-packages/cyclonedx/parser/requirements.py", line 32, in init for requirement in requirements: File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/init.py", line 3080, in parse_requirements yield Requirement(line) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/init.py", line 3090, in init super(Requirement, self).init(requirement_string) File "/home/manusommer/.local/lib/python3.8/site-packages/pkg_resources/_vendor/packaging/requirements.py", line 100, in init raise InvalidRequirement( pkg_resources.extern.packaging.requirements.InvalidRequirement: Parse error at "'-r base.'": Expected W:(abcd...)

The following command is an example to this issue: cyclonedx-bom -r -i base.txt -r -i development.txt --format json -o test.json

Thank you

created time in 24 minutes

pull request commentCycloneDX/specification

Made component version optional

+1 for me

stevespringett

comment created time in 34 minutes

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

issue commentCycloneDX/cyclonedx-dotnet

CycloneDX - Dependency Graph displays transitive dependencies with inaccurate version

I see the same issue that package dependency versions will be overwritten and causes duplications. I think this line will cause the error: https://github.com/CycloneDX/cyclonedx-dotnet/blob/master/CycloneDX/Program.cs#L268

VijayB2606

comment created time in an hour

fork ManjunathMS35/cyclonedx-node-module

Creates CycloneDX Software Bill of Materials (SBOM) from Node.js projects

https://cyclonedx.org/

fork in 4 hours

delete branch CycloneDX/cyclonedx-node-module

delete branch : dependabot/npm_and_yarn/jest-27.3.1

delete time in 5 hours

PR closed CycloneDX/cyclonedx-node-module

Bump jest from 27.2.2 to 27.3.1 dependencies javascript

Bumps jest from 27.2.2 to 27.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/jest/releases">jest's releases</a>.</em></p> <blockquote> <h2>v27.3.1</h2> <h2>Fixes</h2> <ul> <li><code>[expect]</code> Make <code>expect</code> extension properties <code>configurable</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11978">#11978</a>)</li> <li><code>[expect]</code> Fix <code>.any()</code> checks on primitive wrapper classes (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11976">#11976</a>)</li> </ul> <h2>Chore & Maintenance</h2> <ul> <li><code>[expect]</code> <code>BigInt</code> global is always defined, don't check for its existence at runtime (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11979">#11979</a>)</li> <li><code>[jest-config, jest-util]</code> Use <code>ci-info</code> instead of <code>is-ci</code> to detect CI environment (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11973">#11973</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/posva"><code>@​posva</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11974">facebook/jest#11974</a></li> <li><a href="https://github.com/blaky"><code>@​blaky</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11978">facebook/jest#11978</a></li> <li><a href="https://github.com/lobsterkatie"><code>@​lobsterkatie</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11976">facebook/jest#11976</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/jest/compare/v27.3.0...v27.3.1">https://github.com/facebook/jest/compare/v27.3.0...v27.3.1</a></p> <h2>27.3.0</h2> <h2>Features</h2> <ul> <li><code>[jest-config]</code> Add <code>testEnvironmentOptions.html</code> to apply to jsdom input (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11950">#11950</a>)</li> <li><code>[jest-resolver]</code> Support default export (<code>.</code>) in <code>exports</code> field <em>if</em> <code>main</code> is missing (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11919">#11919</a>)</li> </ul> <h2>Fixes</h2> <ul> <li><code>[expect]</code> Tweak and improve types (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11949">#11949</a>)</li> <li><code>[jest-runtime]</code> Ensure absolute paths can be resolved within test modules (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11943">#11943</a>)</li> <li><code>[jest-runtime]</code> Fix <code>instanceof</code> for <code>ModernFakeTimers</code> and <code>LegacyFakeTimers</code> methods (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11946">#11946</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/airhorns"><code>@​airhorns</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11943">facebook/jest#11943</a></li> <li><a href="https://github.com/mrienstra"><code>@​mrienstra</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11942">facebook/jest#11942</a></li> <li><a href="https://github.com/minijus"><code>@​minijus</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11946">facebook/jest#11946</a></li> <li><a href="https://github.com/MarvelSQ"><code>@​MarvelSQ</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11950">facebook/jest#11950</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/jest/compare/v27.2.5...v27.3.0">https://github.com/facebook/jest/compare/v27.2.5...v27.3.0</a></p> <h2>27.2.5</h2> <h3>Features</h3> <ul> <li><code>[jest-config]</code> Warn when multiple Jest configs are located (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11922">#11922</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Pass matcher context to asymmetric matchers (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11926">#11926</a> & <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11930">#11930</a>)</li> <li><code>[expect]</code> Improve TypeScript types (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11931">#11931</a>)</li> <li><code>[expect]</code> Improve typings of <code>toThrow()</code> and <code>toThrowError()</code> matchers (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11929">#11929</a>)</li> <li><code>[jest-cli]</code> Improve <code>--help</code> printout by removing defunct <code>--browser</code> option (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11914">#11914</a>)</li> <li><code>[jest-haste-map]</code> Use distinct cache paths for different values of <code>computeDependencies</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11916">#11916</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/facebook/jest/blob/main/CHANGELOG.md">jest's changelog</a>.</em></p> <blockquote> <h2>27.3.1</h2> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Make <code>expect</code> extension properties <code>configurable</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11978">#11978</a>)</li> <li><code>[expect]</code> Fix <code>.any()</code> checks on primitive wrapper classes (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11976">#11976</a>)</li> </ul> <h3>Chore & Maintenance</h3> <ul> <li><code>[expect]</code> <code>BigInt</code> global is always defined, don't check for its existence at runtime (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11979">#11979</a>)</li> <li><code>[jest-config, jest-util]</code> Use <code>ci-info</code> instead of <code>is-ci</code> to detect CI environment (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11973">#11973</a>)</li> </ul> <h2>27.3.0</h2> <h3>Features</h3> <ul> <li><code>[jest-config]</code> Add <code>testEnvironmentOptions.html</code> to apply to jsdom input (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11950">#11950</a>)</li> <li><code>[jest-resolver]</code> Support default export (<code>.</code>) in <code>exports</code> field <em>if</em> <code>main</code> is missing (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11919">#11919</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Tweak and improve types (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11949">#11949</a>)</li> <li><code>[jest-runtime]</code> Ensure absolute paths can be resolved within test modules (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11943">#11943</a>)</li> <li><code>[jest-runtime]</code> Fix <code>instanceof</code> for <code>ModernFakeTimers</code> and <code>LegacyFakeTimers</code> methods (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11946">#11946</a>)</li> </ul> <h2>27.2.5</h2> <h3>Features</h3> <ul> <li><code>[jest-config]</code> Warn when multiple Jest configs are located (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11922">#11922</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Pass matcher context to asymmetric matchers (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11926">#11926</a> & <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11930">#11930</a>)</li> <li><code>[expect]</code> Improve TypeScript types (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11931">#11931</a>)</li> <li><code>[expect]</code> Improve typings of <code>toThrow()</code> and <code>toThrowError()</code> matchers (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11929">#11929</a>)</li> <li><code>[jest-cli]</code> Improve <code>--help</code> printout by removing defunct <code>--browser</code> option (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11914">#11914</a>)</li> <li><code>[jest-haste-map]</code> Use distinct cache paths for different values of <code>computeDependencies</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11916">#11916</a>)</li> <li><code>[@jest/reporters]</code> Do not buffer <code>console.log</code>s when using verbose reporter (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11054">#11054</a>)</li> </ul> <h3>Chore & Maintenance</h3> <ul> <li><code>[expect]</code> Export default matchers (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11932">#11932</a>)</li> <li><code>[@jest/types]</code> Mark deprecated configuration options as <code>@deprecated</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11913">#11913</a>)</li> </ul> <h2>27.2.4</h2> <h3>Features</h3> <ul> <li><code>[expect]</code> Add equality checks for Array Buffers in <code>expect.ToStrictEqual()</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11805">#11805</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/jest/commit/4f3328f3227aa0668486f819b3353af5b6cc797b"><code>4f3328f</code></a> v27.3.1</li> <li><a href="https://github.com/facebook/jest/commit/75f51794b7b0c1b7ef0fd92840e03835dd34ad5b"><code>75f5179</code></a> chore: update changelog for release</li> <li><a href="https://github.com/facebook/jest/commit/9d286a65c469a3e10a2d379feebf821799a81ec3"><code>9d286a6</code></a> chore: <code>BigInt</code> is always defined, do not conditionally check for it (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11979">#11979</a>)</li> <li><a href="https://github.com/facebook/jest/commit/7092dfbeab4e9266a724b38f27219d61694d1c92"><code>7092dfb</code></a> [expect] Fix <code>.any()</code> checks on primitive wrapper classes (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11976">#11976</a>)</li> <li><a href="https://github.com/facebook/jest/commit/2e2b17a950b21dcd5c3d15ed4a83933c474d9885"><code>2e2b17a</code></a> fix: not to break on <code>expect</code> matcher extension overwrite (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11978">#11978</a>)</li> <li><a href="https://github.com/facebook/jest/commit/a1829e9385bef6b007088a012bc3ceb0fa7867a8"><code>a1829e9</code></a> docs: fix setTimeout example (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11974">#11974</a>)</li> <li><a href="https://github.com/facebook/jest/commit/e7edb75f8357090714213f252c5aaaa9b3c29f5f"><code>e7edb75</code></a> chore: remove <code>is-ci</code> in favor of <code>ci-info</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11973">#11973</a>)</li> <li><a href="https://github.com/facebook/jest/commit/9d737d7b7a1b380ec349c32adff88caca36a1cbc"><code>9d737d7</code></a> docs: make the text on <code>awesome-jest</code> bit more visible and focused (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11972">#11972</a>)</li> <li><a href="https://github.com/facebook/jest/commit/8c00cc1fe2d2be673482ebbc0b3b77fa34e3dd5d"><code>8c00cc1</code></a> chore: update lockfile after release</li> <li><a href="https://github.com/facebook/jest/commit/14b0c2c1d6f81b64adf8b827649ece80a4448cfc"><code>14b0c2c</code></a> v27.3.0</li> <li>Additional commits viewable in <a href="https://github.com/facebook/jest/compare/v27.2.2...v27.3.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+412 -404

1 comment

1 changed file

dependabot[bot]

pr closed time in 5 hours

pull request commentCycloneDX/cyclonedx-node-module

Bump jest from 27.2.2 to 27.3.1

Superseded by #200.

dependabot[bot]

comment created time in 5 hours

PR opened CycloneDX/cyclonedx-node-module

Bump jest from 27.2.2 to 27.4.0

Bumps jest from 27.2.2 to 27.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/jest/releases">jest's releases</a>.</em></p> <blockquote> <h2>v27.4.0</h2> <h3>Features</h3> <ul> <li><code>[expect]</code> Enhancing the <code>toHaveProperty</code> matcher to support array selection (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12092">#12092</a>)</li> <li><code>[jest-core]</code> Add support for <code>testResultsProcessor</code> written in ESM (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12006">#12006</a>)</li> <li><code>[jest-diff, pretty-format]</code> Add <code>compareKeys</code> option for custom sorting of object keys (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11992">#11992</a>)</li> <li><code>[jest-mock]</code> Add <code>ts-jest</code> mock util functions (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12089">#12089</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Allow again <code>expect.Matchers</code> generic with single value (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11986">#11986</a>)</li> <li><code>[jest-circus, jest-jasmine2]</code> Avoid false concurrent test failures due to unhandled promise rejections (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11987">#11987</a>)</li> <li><code>[jest-config]</code> Add missing <code>slash</code> dependency to <code>package.json</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12080">#12080</a>)</li> <li><code>[jest-core]</code> Incorrect detection of open ZLIB handles (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12022">#12022</a>)</li> <li><code>[jest-diff]</code> Break dependency cycle (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/10818">#10818</a>)</li> <li><code>[jest-environment-jsdom]</code> Add <code>@types/jsdom</code> dependency (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11999">#11999</a>)</li> <li><code>[jest-environment-jsdom]</code> Do not reset the global.document too early on teardown (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11871">#11871</a>)</li> <li><code>[jest-transform]</code> Improve error and warning messages (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11998">#11998</a>)</li> </ul> <h3>Chore & Maintenance</h3> <ul> <li><code>[docs]</code> CLI options alphabetized (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11586">#11586</a>)</li> <li><code>[jest-runner]</code> Add info regarding timers to forcedExit message(<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12083">#12083</a>)</li> <li><code>[]</code> Replaced <code>substr</code> method with <code>substring</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12066">#12066</a>)</li> <li><code>[]</code> Add <code>types</code> entry to all export maps (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12073">#12073</a>)</li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/alexander-kilyushin"><code>@​alexander-kilyushin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11988">facebook/jest#11988</a></li> <li><a href="https://github.com/Josh-Cena"><code>@​Josh-Cena</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11991">facebook/jest#11991</a></li> <li><a href="https://github.com/Ayc0"><code>@​Ayc0</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11999">facebook/jest#11999</a></li> <li><a href="https://github.com/D-Andreev"><code>@​D-Andreev</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11992">facebook/jest#11992</a></li> <li><a href="https://github.com/dcastil"><code>@​dcastil</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12001">facebook/jest#12001</a></li> <li><a href="https://github.com/oliversalzburg"><code>@​oliversalzburg</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12022">facebook/jest#12022</a></li> <li><a href="https://github.com/Biki-das"><code>@​Biki-das</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12017">facebook/jest#12017</a></li> <li><a href="https://github.com/dalvarezmartinez1"><code>@​dalvarezmartinez1</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11871">facebook/jest#11871</a></li> <li><a href="https://github.com/raymondnumbergenerator"><code>@​raymondnumbergenerator</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/10818">facebook/jest#10818</a></li> <li><a href="https://github.com/k-rajat19"><code>@​k-rajat19</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12066">facebook/jest#12066</a></li> <li><a href="https://github.com/silverwind"><code>@​silverwind</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12083">facebook/jest#12083</a></li> <li><a href="https://github.com/Schweinepriester"><code>@​Schweinepriester</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12063">facebook/jest#12063</a></li> <li><a href="https://github.com/bdefore"><code>@​bdefore</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11586">facebook/jest#11586</a></li> <li><a href="https://github.com/weswigham"><code>@​weswigham</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12073">facebook/jest#12073</a></li> <li><a href="https://github.com/iifawzi"><code>@​iifawzi</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12092">facebook/jest#12092</a></li> <li><a href="https://github.com/tamlyn"><code>@​tamlyn</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/11641">facebook/jest#11641</a></li> <li><a href="https://github.com/kherock"><code>@​kherock</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12069">facebook/jest#12069</a></li> <li><a href="https://github.com/fishmandev"><code>@​fishmandev</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/facebook/jest/pull/12034">facebook/jest#12034</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/jest/compare/v27.3.1...v27.4.0">https://github.com/facebook/jest/compare/v27.3.1...v27.4.0</a></p> <h2>v27.3.1</h2> <h2>Fixes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/facebook/jest/blob/main/CHANGELOG.md">jest's changelog</a>.</em></p> <blockquote> <h2>27.4.0</h2> <h3>Features</h3> <ul> <li><code>[expect]</code> Enhancing the <code>toHaveProperty</code> matcher to support array selection (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12092">#12092</a>)</li> <li><code>[jest-core]</code> Add support for <code>testResultsProcessor</code> written in ESM (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12006">#12006</a>)</li> <li><code>[jest-diff, pretty-format]</code> Add <code>compareKeys</code> option for custom sorting of object keys (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11992">#11992</a>)</li> <li><code>[jest-mock]</code> Add <code>ts-jest</code> mock util functions (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12089">#12089</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Allow again <code>expect.Matchers</code> generic with single value (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11986">#11986</a>)</li> <li><code>[jest-circus, jest-jasmine2]</code> Avoid false concurrent test failures due to unhandled promise rejections (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11987">#11987</a>)</li> <li><code>[jest-config]</code> Add missing <code>slash</code> dependency to <code>package.json</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12080">#12080</a>)</li> <li><code>[jest-core]</code> Incorrect detection of open ZLIB handles (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12022">#12022</a>)</li> <li><code>[jest-diff]</code> Break dependency cycle (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/10818">#10818</a>)</li> <li><code>[jest-environment-jsdom]</code> Add <code>@types/jsdom</code> dependency (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11999">#11999</a>)</li> <li><code>[jest-environment-jsdom]</code> Do not reset the global.document too early on teardown (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11871">#11871</a>)</li> <li><code>[jest-transform]</code> Improve error and warning messages (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11998">#11998</a>)</li> </ul> <h3>Chore & Maintenance</h3> <ul> <li><code>[docs]</code> CLI options alphabetized (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11586">#11586</a>)</li> <li><code>[jest-runner]</code> Add info regarding timers to forcedExit message(<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12083">#12083</a>)</li> <li><code>[]</code> Replaced <code>substr</code> method with <code>substring</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12066">#12066</a>)</li> <li><code>[]</code> Add <code>types</code> entry to all export maps (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/12073">#12073</a>)</li> </ul> <h2>27.3.1</h2> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Make <code>expect</code> extension properties <code>configurable</code> (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11978">#11978</a>)</li> <li><code>[expect]</code> Fix <code>.any()</code> checks on primitive wrapper classes (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11976">#11976</a>)</li> </ul> <h3>Chore & Maintenance</h3> <ul> <li><code>[expect]</code> <code>BigInt</code> global is always defined, don't check for its existence at runtime (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11979">#11979</a>)</li> <li><code>[jest-config, jest-util]</code> Use <code>ci-info</code> instead of <code>is-ci</code> to detect CI environment (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11973">#11973</a>)</li> </ul> <h2>27.3.0</h2> <h3>Features</h3> <ul> <li><code>[jest-config]</code> Add <code>testEnvironmentOptions.html</code> to apply to jsdom input (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11950">#11950</a>)</li> <li><code>[jest-resolver]</code> Support default export (<code>.</code>) in <code>exports</code> field <em>if</em> <code>main</code> is missing (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11919">#11919</a>)</li> </ul> <h3>Fixes</h3> <ul> <li><code>[expect]</code> Tweak and improve types (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11949">#11949</a>)</li> <li><code>[jest-runtime]</code> Ensure absolute paths can be resolved within test modules (<a href="https://github-redirect.dependabot.com/facebook/jest/pull/11943">#11943</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/jest/commit/0dc6dde296550370ade2574d6665748fed37f9c9"><code>0dc6dde</code></a> v27.4.0</li> <li><a href="https://github.com/facebook/jest/commit/c6b1ed8e576db90a7bd5236767e5dec8226cc197"><code>c6b1ed8</code></a> chore: update changelog for release</li> <li><a href="https://github.com/facebook/jest/commit/585beb6ecd0a87ca319702172f220079023e0063"><code>585beb6</code></a> docs: fix typos in CodeTransformation.md (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/12034">#12034</a>)</li> <li><a href="https://github.com/facebook/jest/commit/a3bc271f4e80c1616b32ef35810a1c2219f425f3"><code>a3bc271</code></a> chore(CONTRIBUTING.md): recommend using node v16 (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/12012">#12012</a>)</li> <li><a href="https://github.com/facebook/jest/commit/9e2c7b1d3a21f8b61a4e70714d8ef95f52ff633e"><code>9e2c7b1</code></a> jest-worker: Unable to customize thread execArgv with enableThreadWorkers (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/1">#1</a>...</li> <li><a href="https://github.com/facebook/jest/commit/2e6c217163ca743123e600843b5fb67cfe1483f5"><code>2e6c217</code></a> fix(cli, config, docs): improve <code>mock</code> related cli messages, config template ...</li> <li><a href="https://github.com/facebook/jest/commit/ee24dfcb60bec4907912a4b04006a19833fb7d30"><code>ee24dfc</code></a> adding ts-jest mock util functions in jest-mock (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/12089">#12089</a>)</li> <li><a href="https://github.com/facebook/jest/commit/c7397485f11e27d0e03f647283c2c9d9b6ce33ea"><code>c739748</code></a> docs: Clarify setupFiles run order (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11641">#11641</a>)</li> <li><a href="https://github.com/facebook/jest/commit/9d14c5d492bb0885b3f0f7bf1e92cf320b5d6ec3"><code>9d14c5d</code></a> fix: avoid unhandled promise rejections when concurrent tests fail (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/11987">#11987</a>)</li> <li><a href="https://github.com/facebook/jest/commit/5cd75f4e0b9f8b678fedee268676864013b12d81"><code>5cd75f4</code></a> Enhancing the <code>toHaveProperty</code> matcher to support array selection (<a href="https://github-redirect.dependabot.com/facebook/jest/issues/12092">#12092</a>)</li> <li>Additional commits viewable in <a href="https://github.com/facebook/jest/compare/v27.2.2...v27.4.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+601 -568

0 comment

1 changed file

pr created time in 5 hours

PR opened CycloneDX/cyclonedx-node-module

Bump actions/setup-node from 2.4.1 to 2.5.0

Bumps actions/setup-node from 2.4.1 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>Adding Node.js version file support</h2> <p>In scope of this release we add the <code>node-version-file</code> input and update <code>actions/cache</code> dependency to the latest version.</p> <h2>Adding Node.js version file support</h2> <p>The new input (<code>node-version-file</code>) provides functionality to specify the path to the file containing Node.js's version with such behaviour:</p> <ul> <li>If the file does not exist the action will throw an error.</li> <li>If you specify both <code>node-version</code> and <code>node-version-file</code> inputs, the action will use value from the <code>node-version</code> input and throw the following warning: <code>Both node-version and node-version-file inputs are specified, only node-version will be used</code>.</li> <li>For now the action does not support all of the variety of values for Node.js version files. The action can handle values according to the <a href="https://github.com/actions/setup-node#supported-version-syntax">documentation</a> and values with <code>v</code> prefix (<code>v14</code>)</li> </ul> <pre lang="yaml"><code>steps:

  • uses: actions/checkout@v2
  • name: Setup node from node version file uses: actions/setup-node@v2 with: node-version-file: '.nvmrc'
  • run: npm install
  • run: npm test </code></pre> <h2>Update actions/cache dependency to 1.0.8 version.</h2> <p>We updated actions/cache dependency to the latest version (1.0.8). For more information please refer to the <a href="https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md">toolkit/cache</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/04c56d2f954f1e4c69436aa54cfef261a018f458"><code>04c56d2</code></a> update cache to 1.0.8 (<a href="https://github-redirect.dependabot.com/actions/setup-node/issues/367">#367</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/d08cf222111d5c1d21b3cd4b958937f818d10d9a"><code>d08cf22</code></a> Adding Node.js version file support (<a href="https://github-redirect.dependabot.com/actions/setup-node/issues/338">#338</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/360ab8b75b056fc18d368ee27a78d34e29c0b2d9"><code>360ab8b</code></a> Fix typo in the <code>bug_report</code> template (<a href="https://github-redirect.dependabot.com/actions/setup-node/issues/353">#353</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/fd4bd829f2dd6b6c1420bd94a93449c54612ffc2"><code>fd4bd82</code></a> Add issue and pull request templates (<a href="https://github-redirect.dependabot.com/actions/setup-node/issues/344">#344</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a4b8ed2f4e9dd97eeae325f6967ce23d5478bd53"><code>a4b8ed2</code></a> Update dependencies (<a href="https://github-redirect.dependabot.com/actions/setup-node/issues/346">#346</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/v2.4.1...v2.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+2 -2

0 comment

2 changed files

pr created time in 5 hours

delete branch CycloneDX/cyclonedx-python

delete branch : dependabot/pip/flake8-bugbear-21.11.28

delete time in 9 hours

PR closed CycloneDX/cyclonedx-python

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.28 dependencies python

Bumps flake8-bugbear from 21.9.2 to 21.11.28. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/flake8-bugbear/releases">flake8-bugbear's releases</a>.</em></p> <blockquote> <h2>21.11.28</h2> <ul> <li>B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li>Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li>Update B014: <code>binascii.Error</code> is now treated as a subclass of <code>ValueError</code> (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li>add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li>Test with 3.10 official</li> <li>Add B018 check to find useless declarations (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/196">#196</a>, <a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e311d5af7ffd2bba272fc6471b8ecfe21bf1993"><code>9e311d5</code></a> Fix 904 tests to expect on correct raise line</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/987e539cf7d786fd6feb6e0d07657d9c78548b27"><code>987e539</code></a> Update CHANGES.md, black format, update to version 21.11.28 for release</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e14a8c9594eace788d0efba8baa9fd3587da2f0"><code>9e14a8c</code></a> B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c452048afb9a87d09840e16030fcb89aae94613b"><code>c452048</code></a> Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c90fa65506ccecb40521cf20f37a2b2444010a37"><code>c90fa65</code></a> B014: catch binascii.Error and ValueError redundancy + cleanup (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/71091f9384a82c23b960a19344ae8ba30e3b4e4b"><code>71091f9</code></a> add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/98829c3842c05b5b24305e275c5c5be7c782333c"><code>98829c3</code></a> Improve B018 further (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/2ca8d79ef840a216b1d9c9c1c9c4f5cb7a6da0c6"><code>2ca8d79</code></a> B018: Find more constants w/o assign (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/201">#201</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/597dbf621317b28ce2fdbfee7e6d386fe1ede57b"><code>597dbf6</code></a> Fix hyperlink in readme (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/199">#199</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/5ecf5b03eb6ec6e57c057b6e2fbdf120c8aff5b5"><code>5ecf5b0</code></a> Add B018 check to find useless string declarations (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/196">#196</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyCQA/flake8-bugbear/compare/21.9.2...21.11.28">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+6 -6

1 comment

2 changed files

dependabot[bot]

pr closed time in 9 hours

pull request commentCycloneDX/cyclonedx-python

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.28

Superseded by #269.

dependabot[bot]

comment created time in 9 hours

PR opened CycloneDX/cyclonedx-python

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29

Bumps flake8-bugbear from 21.9.2 to 21.11.29. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/flake8-bugbear/releases">flake8-bugbear's releases</a>.</em></p> <blockquote> <h2>21.11.29</h2> <ul> <li>B018: Disable strings from check for now (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/209">#209</a>)</li> </ul> <h2>21.11.28</h2> <ul> <li>B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li>Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li>Update B014: <code>binascii.Error</code> is now treated as a subclass of <code>ValueError</code> (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li>add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li>Test with 3.10 official</li> <li>Add B018 check to find useless declarations (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/196">#196</a>, <a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/49aec1807ead4c7da7d055e20118563ed13b5201"><code>49aec18</code></a> Update version + Change Log for 21.11.29 release (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/210">#210</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/225f4e6a8b88c77ac543a894e57cf32f204147ea"><code>225f4e6</code></a> Remove detection of strings in B018 (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/209">#209</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e311d5af7ffd2bba272fc6471b8ecfe21bf1993"><code>9e311d5</code></a> Fix 904 tests to expect on correct raise line</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/987e539cf7d786fd6feb6e0d07657d9c78548b27"><code>987e539</code></a> Update CHANGES.md, black format, update to version 21.11.28 for release</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e14a8c9594eace788d0efba8baa9fd3587da2f0"><code>9e14a8c</code></a> B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c452048afb9a87d09840e16030fcb89aae94613b"><code>c452048</code></a> Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c90fa65506ccecb40521cf20f37a2b2444010a37"><code>c90fa65</code></a> B014: catch binascii.Error and ValueError redundancy + cleanup (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/71091f9384a82c23b960a19344ae8ba30e3b4e4b"><code>71091f9</code></a> add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/98829c3842c05b5b24305e275c5c5be7c782333c"><code>98829c3</code></a> Improve B018 further (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/2ca8d79ef840a216b1d9c9c1c9c4f5cb7a6da0c6"><code>2ca8d79</code></a> B018: Find more constants w/o assign (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/201">#201</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyCQA/flake8-bugbear/compare/21.9.2...21.11.29">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+6 -6

0 comment

2 changed files

pr created time in 9 hours

PR opened CycloneDX/cyclonedx-rust-cargo

Bump anyhow from 1.0.50 to 1.0.51

Bumps anyhow from 1.0.50 to 1.0.51. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.51</h2> <ul> <li>Show doc for <code>Ok</code> fn</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/anyhow/commit/871be23b2c3351157445c8f657917461ab33e6d7"><code>871be23</code></a> Release 1.0.51</li> <li><a href="https://github.com/dtolnay/anyhow/commit/97cff686efc05eba6720bd378e5262bb3dd51b6c"><code>97cff68</code></a> Show doc for Ok fn</li> <li>See full diff in <a href="https://github.com/dtolnay/anyhow/compare/1.0.50...1.0.51">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+3 -3

0 comment

2 changed files

pr created time in 11 hours

create barnchCycloneDX/cyclonedx-rust-cargo

branch : dependabot/cargo/anyhow-1.0.51

created branch time in 11 hours

PR opened CycloneDX/cyclonedx-dotnet

Bump System.IO.Abstractions.TestingHelpers from 13.2.47 to 14.0.3

Bumps System.IO.Abstractions.TestingHelpers from 13.2.47 to 14.0.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/5f7ae53a22dffcff2b5716052e15ff2f155000fc"><code>5f7ae53</code></a> fix: include XML documentation in package (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/744">#744</a>)</li> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/f3cdce3393c5e7a53945087c92a31443e1f8405c"><code>f3cdce3</code></a> chore(deps): update dependency microsoft.sourcelink.github to v1.1.1 (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/760">#760</a>)</li> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/56389ddd0a5734406961d8d371233fe6325724dd"><code>56389dd</code></a> feat: add support for .NET 6 (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/763">#763</a>)</li> <li>See full diff in <a href="https://github.com/TestableIO/System.IO.Abstractions/compare/v13.2.47...v14.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

pr created time in 13 hours

PR opened CycloneDX/cyclonedx-dotnet

Bump System.IO.Abstractions from 13.2.47 to 14.0.3

Bumps System.IO.Abstractions from 13.2.47 to 14.0.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/5f7ae53a22dffcff2b5716052e15ff2f155000fc"><code>5f7ae53</code></a> fix: include XML documentation in package (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/744">#744</a>)</li> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/f3cdce3393c5e7a53945087c92a31443e1f8405c"><code>f3cdce3</code></a> chore(deps): update dependency microsoft.sourcelink.github to v1.1.1 (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/760">#760</a>)</li> <li><a href="https://github.com/TestableIO/System.IO.Abstractions/commit/56389ddd0a5734406961d8d371233fe6325724dd"><code>56389dd</code></a> feat: add support for .NET 6 (<a href="https://github-redirect.dependabot.com/TestableIO/System.IO.Abstractions/issues/763">#763</a>)</li> <li>See full diff in <a href="https://github.com/TestableIO/System.IO.Abstractions/compare/v13.2.47...v14.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

pr created time in 13 hours

pull request commentCycloneDX/cyclonedx-dotnet-library

Bump JsonSchema.Net from 1.11.3 to 1.11.5

Superseded by #108.

dependabot[bot]

comment created time in 14 hours

delete branch CycloneDX/cyclonedx-dotnet-library

delete branch : dependabot/nuget/JsonSchema.Net-1.11.5

delete time in 14 hours

PR closed CycloneDX/cyclonedx-dotnet-library

Bump JsonSchema.Net from 1.11.3 to 1.11.5 dependencies .NET

Bumps JsonSchema.Net from 1.11.3 to 1.11.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gregsdennis/json-everything/commit/cb1ef3bd1b57c271ee1141fb1a11b46c6c603eb8"><code>cb1ef3b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gregsdennis/json-everything/issues/179">#179</a> from gregsdennis/json-pointer-class</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/cf6d974dee9f13ba3a90c96f01fe9fb59f0a2a1c"><code>cf6d974</code></a> some code cleanup</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/dc10da007dc1b4bf2efba4e9f775bc70cf8b64fc"><code>dc10da0</code></a> require format validation when deserializing patch test</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/e893fc5ea7e80f2fb2c0bde7182ad6d21703e3ed"><code>e893fc5</code></a> updated jsonpointer from struct to class</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/05ca8a2ed18164e78b00e32456f9dc756a190aaf"><code>05ca8a2</code></a> add projects to site deployment trigger</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/dcf14edafeb108c37f6e667617d53b2450c02791"><code>dcf14ed</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gregsdennis/json-everything/issues/177">#177</a> from gregsdennis/schema-data-relative-uris-broken</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/46533afbf84dac7e5944be397bc012b52b7b0e06"><code>46533af</code></a> support relative uris in data keyword deserialization</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/70df65c981f3987bface186c7151c03866b477f7"><code>70df65c</code></a> rebuilt documentation</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/59d0780777228eca5606424c131361e917cf8199"><code>59d0780</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gregsdennis/json-everything/issues/176">#176</a> from gregsdennis/schema-v1.11.4</li> <li><a href="https://github.com/gregsdennis/json-everything/commit/9994c0e0b9e8bbdc0684dbf4cf2376bdf96f289f"><code>9994c0e</code></a> update release notes</li> <li>Additional commits viewable in <a href="https://github.com/gregsdennis/json-everything/compare/schema-v1.11.3...schema-v1.11.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 14 hours

more