profile
viewpoint
Jan Kowalleck jkowalleck GfK SE Nuremberg, Germany software engineer by heart. Maintainer @CycloneDX.

jkowalleck/morgengrauen_tintin 1

tintin++ config for morgengrauen

jkowalleck/AoC2020 0

https://adventofcode.com/ 2020

jkowalleck/bach 0

Dependency vulnerability auditor for PHP

jkowalleck/cli 0

The Docker CLI

jkowalleck/cyclonedx-php-composer 0

Creates CycloneDX Software Bill-of-Materials (SBOM) from PHP Composer projects

jkowalleck/cyclonedx-php-library 0

PHP Implementation of CycloneDX Software Bill of Materials (SBOM)

pull request commentCycloneDX/cyclonedx-python-lib

add tox env for minimal required dependencies

this comments purpose is to move this PR to top of list.

jkowalleck

comment created time in 7 minutes

push eventCycloneDX/cyclonedx-python

dependabot[bot]

commit sha 82f0dba359030b513e9fcf3f8e8c561afc794c1d

build(deps-dev): Bump coverage from 6.1.2 to 6.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.1.2 to 6.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.1.2...6.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha 36dd7bdd571f677f04863d904a4dce589b378745

CHORE: build(deps-dev): Bump coverage from 6.1.2 to 6.2 build(deps-dev): Bump coverage from 6.1.2 to 6.2

view details

push time in 9 minutes

PR merged CycloneDX/cyclonedx-python

build(deps-dev): Bump coverage from 6.1.2 to 6.2 dependencies python

Bumps coverage from 6.1.2 to 6.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 6.2 — 2021-11-26</h2> <ul> <li> <p>Feature: Now the <code>--concurrency</code> setting can now have a list of values, so that threads and another lightweight threading package can be measured together, such as <code>--concurrency=gevent,thread</code>. Closes <code>issue 1012</code>_ and <code>issue 1082</code>.</p> </li> <li> <p>Fix: A module specified as the <code>source</code> setting is imported during startup, before the user program imports it. This could cause problems if the rest of the program isn't ready yet. For example, <code>issue 1203</code> describes a Django setting that is accessed before settings have been configured. Now the early import is wrapped in a try/except so errors then don't stop execution.</p> </li> <li> <p>Fix: A colon in a decorator expression would cause an exclusion to end too early, preventing the exclusion of the decorated function. This is now fixed.</p> </li> <li> <p>Fix: The HTML report now will not overwrite a .gitignore file that already exists in the HTML output directory (follow-on for <code>issue 1244</code>).</p> </li> <li> <p>API: The exceptions raised by Coverage.py have been specialized, to provide finer-grained catching of exceptions by third-party code.</p> </li> <li> <p>API: Using <code>suffix=False</code> when constructing a Coverage object with multiprocessing wouldn't suppress the data file suffix (<code>issue 989</code>). This is now fixed.</p> </li> <li> <p>Debug: The <code>coverage debug data</code> command will now sniff out combinable data files, and report on all of them.</p> </li> <li> <p>Debug: The <code>coverage debug</code> command used to accept a number of topics at a time, and show all of them, though this was never documented. This no longer works, to allow for command-line options in the future.</p> </li> </ul> <p>.. _issue 989: <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/989">nedbat/coveragepy#989</a> .. _issue 1012: <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/1012">nedbat/coveragepy#1012</a> .. _issue 1082: <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/1082">nedbat/coveragepy#1082</a> .. _issue 1203: <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/1203">nedbat/coveragepy#1203</a></p> <p>.. _changes_612:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/7a0188231be8f7bb04b2832365401062e18b7ab2"><code>7a01882</code></a> docs: prep for 6.2</li> <li><a href="https://github.com/nedbat/coveragepy/commit/7c128a6cf6e20674c7bab31ff13f7480b42e6148"><code>7c128a6</code></a> docs: sample html report</li> <li><a href="https://github.com/nedbat/coveragepy/commit/fbd3c71eca4e660125769ff61d468963ce699440"><code>fbd3c71</code></a> docs: tweak the description of --concurrency</li> <li><a href="https://github.com/nedbat/coveragepy/commit/fb7b0e5b90bd2213255a66c26e258612c9784827"><code>fb7b0e5</code></a> docs: tweak the latest changelog entry</li> <li><a href="https://github.com/nedbat/coveragepy/commit/9162ad085c0e4a3b3e14fd1fcbdbf65c93b81487"><code>9162ad0</code></a> test(refactor): avoid full commands to speed tests</li> <li><a href="https://github.com/nedbat/coveragepy/commit/8ca306e93b40ae815bdcca96f8f6d8748dd52790"><code>8ca306e</code></a> test(perf): shave a few seconds off the FailUnder tests</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c9d821deba6f7ee5eef30fef5355f7c93808b4f9"><code>c9d821d</code></a> feat: multiple --concurrency values. <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/1012">#1012</a> <a href="https://github-redirect.dependabot.com/nedbat/coveragepy/issues/1082">#1082</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/97fdd550020384d2eedaf72ff0cd46a4efcb7d05"><code>97fdd55</code></a> build(docs): a target for running cog on the docs</li> <li><a href="https://github.com/nedbat/coveragepy/commit/eff683c74dccf0f444484ac470e35dbc0a8cc498"><code>eff683c</code></a> test(fix): keep SourceIncludeOmitTest's from clobbering each other</li> <li><a href="https://github.com/nedbat/coveragepy/commit/08655902e365c6f118ca625eae04bacc9d344cef"><code>0865590</code></a> test(build): i've had the wrong -r character this whole time</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/6.1.2...6.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+50 -50

0 comment

2 changed files

dependabot[bot]

pr closed time in 9 minutes

issue openedCycloneDX/cyclonedx-php-library

[DRAFT] spec1.4 - component's version is optional

make the component's version an optional propery.

when rendering/normalizing to XML/JSON the version string is to be set as an empty string.

see https://github.com/CycloneDX/specification/pull/92

created time in 10 minutes

PullRequestReviewEvent
PullRequestReviewEvent

push eventCycloneDX/cyclonedx-python

dependabot[bot]

commit sha a3d0b87152183682dfeed459c6e44af4bc69a8c8

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 21.9.2 to 21.11.29. - [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) - [Commits](https://github.com/PyCQA/flake8-bugbear/compare/21.9.2...21.11.29) --- updated-dependencies: - dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha c7a5fd0d8cc4f618ebc988767ced1bb050eeaf07

CHORE: build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29

view details

push time in 18 minutes

PR merged CycloneDX/cyclonedx-python

build(deps-dev): Bump flake8-bugbear from 21.9.2 to 21.11.29 dependencies python

Bumps flake8-bugbear from 21.9.2 to 21.11.29. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/flake8-bugbear/releases">flake8-bugbear's releases</a>.</em></p> <blockquote> <h2>21.11.29</h2> <ul> <li>B018: Disable strings from check for now (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/209">#209</a>)</li> </ul> <h2>21.11.28</h2> <ul> <li>B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li>Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li>Update B014: <code>binascii.Error</code> is now treated as a subclass of <code>ValueError</code> (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li>add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li>Test with 3.10 official</li> <li>Add B018 check to find useless declarations (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/196">#196</a>, <a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/49aec1807ead4c7da7d055e20118563ed13b5201"><code>49aec18</code></a> Update version + Change Log for 21.11.29 release (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/210">#210</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/225f4e6a8b88c77ac543a894e57cf32f204147ea"><code>225f4e6</code></a> Remove detection of strings in B018 (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/209">#209</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e311d5af7ffd2bba272fc6471b8ecfe21bf1993"><code>9e311d5</code></a> Fix 904 tests to expect on correct raise line</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/987e539cf7d786fd6feb6e0d07657d9c78548b27"><code>987e539</code></a> Update CHANGES.md, black format, update to version 21.11.28 for release</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/9e14a8c9594eace788d0efba8baa9fd3587da2f0"><code>9e14a8c</code></a> B904: ensure the raise is in the same context with the except (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/191">#191</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c452048afb9a87d09840e16030fcb89aae94613b"><code>c452048</code></a> Add Option to extend the list of immutable calls (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/204">#204</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/c90fa65506ccecb40521cf20f37a2b2444010a37"><code>c90fa65</code></a> B014: catch binascii.Error and ValueError redundancy + cleanup (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/206">#206</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/71091f9384a82c23b960a19344ae8ba30e3b4e4b"><code>71091f9</code></a> add simple pre-commit config (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/205">#205</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/98829c3842c05b5b24305e275c5c5be7c782333c"><code>98829c3</code></a> Improve B018 further (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/202">#202</a>)</li> <li><a href="https://github.com/PyCQA/flake8-bugbear/commit/2ca8d79ef840a216b1d9c9c1c9c4f5cb7a6da0c6"><code>2ca8d79</code></a> B018: Find more constants w/o assign (<a href="https://github-redirect.dependabot.com/PyCQA/flake8-bugbear/issues/201">#201</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyCQA/flake8-bugbear/compare/21.9.2...21.11.29">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+6 -6

0 comment

2 changed files

dependabot[bot]

pr closed time in 18 minutes

PullRequestReviewEvent

issue commentCycloneDX/cyclonedx-python

Support multiple requirement files according to envionments

hello @manuel-sommer .

in case you need an solution to merge multiple CycloneDX SBOM files into one SBOM you could have a look at https://github.com/CycloneDX/cyclonedx-cli


regarding

Furthermore, cyclonedx-python fails if there is "-r base.txt" in a requirements file

this syntax is not supported. actually, "-r base.txt" is not a universal requirement. it is a pre-requirement-phase statement as used in requirements.in files. you need to "compile" your input file to an actual static requirements-file - for example with pip-compile from https://pypi.org/project/pip-tools/

manuel-sommer

comment created time in 24 minutes

issue commentCycloneDX/cyclonedx-php-composer

require composer-plugin-api v2.1

#152 reverted some code, tho allow running in lower composer versions.

  • raise api and see if code can be bumped
  • raise def dependency
jkowalleck

comment created time in 17 hours

push eventCycloneDX/cyclonedx-php-composer

Jan Kowalleck

commit sha aa35111392414c48fd165deac6843009ae51842a

allow install unsafe requirements in CI test Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

view details

push time in 17 hours

push eventCycloneDX/cyclonedx-php-composer

Jan Kowalleck

commit sha 6e35d4d432c8dbd04512d8833ea9f8b227509f8b

allow install unsafe requirements in CI test Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

view details

push time in 17 hours

create barnchCycloneDX/cyclonedx-php-composer

branch : bugfix_composer2compat

created branch time in 17 hours

push eventCycloneDX/cyclonedx-php-composer

dependabot[bot]

commit sha d2f96ef0f580f3d583434f7a63f850ad031cf2d1

tools(deps-dev): update vimeo/psalm requirement in /tools/psalm Updates the requirements on [vimeo/psalm](https://github.com/vimeo/psalm) to permit the latest version. - [Release notes](https://github.com/vimeo/psalm/releases) - [Commits](https://github.com/vimeo/psalm/compare/4.12.0...4.13.1) --- updated-dependencies: - dependency-name: vimeo/psalm dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha c3bd51a85d9a6764eac9de10934c508ab34ebd45

remove unused tool: schema-downloader Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

view details

Jan Kowalleck

commit sha 83a257faebe4c5080cdf810b2ad5b8073f80e186

Merge pull request #150 from CycloneDX/dependabot/composer/tools/psalm/vimeo/psalm-4.13.1 tools(deps-dev): update vimeo/psalm requirement from 4.12.0 to 4.13.1 in /tools/psalm

view details

Jan Kowalleck

commit sha 681a3a81f0a239b327c0f58cbe22d938331f2fc3

Merge pull request #151 from CycloneDX/remove-tool_schema-downloader remove unused tool: schema-downloader

view details

Jan Kowalleck

commit sha a08edfc8cd75e3230e080ccafd38faa1302281d3

WIP ExternalReferences

view details

Jan Kowalleck

commit sha c2429033186579e8f5482019b72535935e16c174

demos

view details

Jan Kowalleck

commit sha 7277b46791229dc50c5aff5ccf7a6a3c84692268

lib 1.2

view details

push time in 19 hours

push eventCycloneDX/cyclonedx-php-composer

Jan Kowalleck

commit sha c3bd51a85d9a6764eac9de10934c508ab34ebd45

remove unused tool: schema-downloader Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

view details

Jan Kowalleck

commit sha 681a3a81f0a239b327c0f58cbe22d938331f2fc3

Merge pull request #151 from CycloneDX/remove-tool_schema-downloader remove unused tool: schema-downloader

view details

push time in 19 hours

push eventCycloneDX/cyclonedx-php-composer

dependabot[bot]

commit sha d2f96ef0f580f3d583434f7a63f850ad031cf2d1

tools(deps-dev): update vimeo/psalm requirement in /tools/psalm Updates the requirements on [vimeo/psalm](https://github.com/vimeo/psalm) to permit the latest version. - [Release notes](https://github.com/vimeo/psalm/releases) - [Commits](https://github.com/vimeo/psalm/compare/4.12.0...4.13.1) --- updated-dependencies: - dependency-name: vimeo/psalm dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha 83a257faebe4c5080cdf810b2ad5b8073f80e186

Merge pull request #150 from CycloneDX/dependabot/composer/tools/psalm/vimeo/psalm-4.13.1 tools(deps-dev): update vimeo/psalm requirement from 4.12.0 to 4.13.1 in /tools/psalm

view details

push time in 19 hours

PR merged CycloneDX/cyclonedx-php-composer

tools(deps-dev): update vimeo/psalm requirement from 4.12.0 to 4.13.1 in /tools/psalm dependencies tools

Updates the requirements on vimeo/psalm to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vimeo/psalm/releases">vimeo/psalm's releases</a>.</em></p> <blockquote> <h2>Fixed crash during config parsing</h2> <h2>What's Changed</h2> <p>This release fixes the crash when running Psalm on PHP 7.1</p> <h3>Fixes</h3> <ul> <li>Error with version 4.13.0 using DOMNodeList::count introduced only from PHP 7.2 by <a href="https://github.com/AlessandroMinoccheri"><code>@​AlessandroMinoccheri</code></a> in <a href="https://github-redirect.dependabot.com/vimeo/psalm/pull/6981">vimeo/psalm#6981</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vimeo/psalm/commit/5cf660f63b548ccd4a56f62d916ee4d6028e01a3"><code>5cf660f</code></a> using lenght istead of count for php 7.1 compatibility</li> <li><a href="https://github.com/vimeo/psalm/commit/cd489407a0219b93cadd04d5aff9845a942f7e5d"><code>cd48940</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vimeo/psalm/issues/6946">#6946</a> from sebkehr/fix_cannot_extend_constrained_with_impo...</li> <li><a href="https://github.com/vimeo/psalm/commit/511ed99e46e48e403d6cd857debfa1428e5cf26e"><code>511ed99</code></a> expand type aliases when comparing unions</li> <li><a href="https://github.com/vimeo/psalm/commit/6097e027730373dcc6473fbf334484ad904e37b9"><code>6097e02</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vimeo/psalm/issues/6529">#6529</a> from boesing/bugfix/class-constant-reconciliation</li> <li><a href="https://github.com/vimeo/psalm/commit/aabd96c22af2da0507a4d9049e408e710de8ce8a"><code>aabd96c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vimeo/psalm/issues/6932">#6932</a> from kamil-tekiela/patch-1</li> <li><a href="https://github.com/vimeo/psalm/commit/d0528a37f66987341a81aa29e0edc24b3fc9e213"><code>d0528a3</code></a> Update CallMap_80_delta.php</li> <li><a href="https://github.com/vimeo/psalm/commit/9f0441fcd9671a72253aadeb1f1a013f3452c394"><code>9f0441f</code></a> Update callmap</li> <li><a href="https://github.com/vimeo/psalm/commit/2b05f66d3619492ae6801a4ea1e692cc812c0581"><code>2b05f66</code></a> session_set_cookie_params signature changed in 8.0</li> <li><a href="https://github.com/vimeo/psalm/commit/6bf02657b6ccc47d01fa19f1ccc496480bd768c5"><code>6bf0265</code></a> qa: ensure <code>array_merge</code> has at least one argument</li> <li><a href="https://github.com/vimeo/psalm/commit/62b0a0974187fb711d9e7b8578b5f2f19d43781a"><code>62b0a09</code></a> qa: remove useless <code>var</code> annotation and the psalm suppression</li> <li>Additional commits viewable in <a href="https://github.com/vimeo/psalm/compare/4.12.0...4.13.1">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 19 hours

PullRequestReviewEvent

push eventCycloneDX/cyclonedx-php-composer

Jan Kowalleck

commit sha c3bd51a85d9a6764eac9de10934c508ab34ebd45

remove unused tool: schema-downloader Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

view details

push time in 19 hours

create barnchCycloneDX/cyclonedx-php-composer

branch : remove-tool_schema-downloader

created branch time in 19 hours

push eventCycloneDX/cyclonedx-php-composer

dependabot[bot]

commit sha f4d8795b1ac2d145edf44bb68bd7176d8a7179c8

gh-actions(deps): bump actions/cache from 2.1.6 to 2.1.7 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha c5220ac899b9e0994c854416aff2c0c60c7505f5

Merge pull request #147 from CycloneDX/dependabot/github_actions/actions/cache-2.1.7 gh-actions(deps): bump actions/cache from 2.1.6 to 2.1.7

view details

dependabot[bot]

commit sha 0a74d9b628224e87151f7a0b24cb462f8323cdf3

tools(deps-dev): update ergebnis/composer-normalize requirement Updates the requirements on [ergebnis/composer-normalize](https://github.com/ergebnis/composer-normalize) to permit the latest version. - [Release notes](https://github.com/ergebnis/composer-normalize/releases) - [Changelog](https://github.com/ergebnis/composer-normalize/blob/main/CHANGELOG.md) - [Commits](https://github.com/ergebnis/composer-normalize/compare/2.15.0...2.16.0) --- updated-dependencies: - dependency-name: ergebnis/composer-normalize dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

dependabot[bot]

commit sha 9c41381c6efa391fdcfe522b99a1d6512ffa0c78

tools(deps-dev): update icanhazstring/composer-unused requirement Updates the requirements on [icanhazstring/composer-unused](https://github.com/composer-unused/composer-unused) to permit the latest version. - [Release notes](https://github.com/composer-unused/composer-unused/releases) - [Changelog](https://github.com/composer-unused/composer-unused/blob/main/CHANGELOG.md) - [Commits](https://github.com/composer-unused/composer-unused/compare/0.7.7...0.7.8) --- updated-dependencies: - dependency-name: icanhazstring/composer-unused dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha 1122942a5b11469d8f6a8cbdc35eb68f57695ea2

Merge pull request #149 from CycloneDX/dependabot/composer/tools/composer-unused/icanhazstring/composer-unused-0.7.8 tools(deps-dev): update icanhazstring/composer-unused requirement from 0.7.7 to 0.7.8 in /tools/composer-unused

view details

Jan Kowalleck

commit sha 765d2b7c226271b14ef1c45bf65e0271ad4775ed

Merge pull request #148 from CycloneDX/dependabot/composer/tools/composer-normalize/ergebnis/composer-normalize-2.16.0 tools(deps-dev): update ergebnis/composer-normalize requirement from 2.15.0 to 2.16.0 in /tools/composer-normalize

view details

Jan Kowalleck

commit sha 02f433f00c2c380d4efd0401bc5cee32996ded58

WIP ExternalReferences

view details

Jan Kowalleck

commit sha b20ccc54d1718cdca5a81cc35d4620b19c324036

demos

view details

Jan Kowalleck

commit sha 8cb0f907a068f3f00f357f18b97f40ac43ea04d6

lib 1.2

view details

push time in 19 hours

PR merged CycloneDX/cyclonedx-php-composer

tools(deps-dev): update ergebnis/composer-normalize requirement from 2.15.0 to 2.16.0 in /tools/composer-normalize dependencies tools

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Updates the requirements on ergebnis/composer-normalize to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ergebnis/composer-normalize/releases">ergebnis/composer-normalize's releases</a>.</em></p> <blockquote> <h2>2.16.0</h2> <ul> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.7.3</code> to <code>4.8.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/756">#756</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan</code> from <code>0.12.89</code> to <code>0.12.90</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/757">#757</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan-phpunit</code> from <code>0.12.19</code> to <code>0.12.20</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/758">#758</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>psalm/plugin-phpunit</code> from <code>0.16.0</code> to <code>0.16.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/759">#759</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpunit/phpunit</code> from <code>8.5.16</code> to <code>8.5.17</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/760">#760</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>Enhancement: Restore auto-merge of dependabot pull requests (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/776">#776</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>github-actions(deps): bump <code>shivammathur/setup-php</code> from <code>2.11.0</code> to <code>2.12.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/766">#766</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>actions/stale</code> from <code>3.0.19</code> to <code>4</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/765">#765</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>gr2m/create-or-update-pull-request-action</code> from <code>1.4.0</code> to <code>1.4.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/772">#772</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan-strict-rules</code> from <code>0.12.9</code> to <code>0.12.10</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/762">#762</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan-phpunit</code> from <code>0.12.20</code> to <code>0.12.21</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/768">#768</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>symfony/filesystem</code> from <code>5.3.0</code> to <code>5.3.4</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/769">#769</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpunit/phpunit</code> from <code>8.5.17</code> to <code>8.5.19</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/774">#774</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps): bump <code>justinrainbow/json-schema</code> from <code>5.2.10</code> to <code>5.2.11</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/770">#770</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.8.1</code> to <code>4.9.2</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/775">#775</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.9.2</code> to <code>4.9.3</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/778">#778</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan-phpunit</code> from <code>0.12.21</code> to <code>0.12.22</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/777">#777</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>Remove trailing comma from <code>composer.json</code> README.md usage docs (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/780">#780</a>), by <a href="https://github.com/ntwb"><code>@​ntwb</code></a></li> <li>github-actions(deps): bump <code>actions/github-script</code> from <code>4.0.2</code> to <code>4.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/782">#782</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>ibiqlik/action-yamllint</code> from <code>3.0.2</code> to <code>3.0.4</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/783">#783</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan</code> from <code>0.12.94</code> to <code>0.12.96</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/784">#784</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan-strict-rules</code> from <code>0.12.10</code> to <code>0.12.11</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/785">#785</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan</code> from <code>0.12.96</code> to <code>0.12.98</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/787">#787</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpunit/phpunit</code> from <code>8.5.19</code> to <code>8.5.20</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/786">#786</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.9.3</code> to <code>4.10.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/788">#788</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>stefanzweifel/git-auto-commit-action</code> from <code>4.11.0</code> to <code>4.12.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/789">#789</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>shivammathur/setup-php</code> from <code>2.12.0</code> to <code>2.14.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/790">#790</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpstan/phpstan</code> from <code>0.12.98</code> to <code>0.12.99</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/791">#791</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>phpunit/phpunit</code> from <code>8.5.20</code> to <code>8.5.21</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/793">#793</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>actions/github-script</code> from <code>4.1</code> to <code>5</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/792">#792</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>Fix: Adjust usage of <code>octokit</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/798">#798</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>github-actions(deps): bump <code>shivammathur/setup-php</code> from <code>2.14.0</code> to <code>2.15.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/794">#794</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>actions/checkout</code> from <code>2.3.4</code> to <code>2.3.5</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/797">#797</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>ibiqlik/action-yamllint</code> from <code>3.0.4</code> to <code>3.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/795">#795</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>gr2m/create-or-update-pull-request-action</code> from <code>1.4.1</code> to <code>1.5.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/800">#800</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>Updated <code>README.md</code> - optimize console command's (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/803">#803</a>), by <a href="https://github.com/sfritzsche"><code>@​sfritzsche</code></a></li> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.10.0</code> to <code>4.11.2</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/801">#801</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>composer(deps-dev): bump <code>vimeo/psalm</code> from <code>4.11.2</code> to <code>4.12.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/806">#806</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>github-actions(deps): bump <code>actions/checkout</code> from <code>2.3.5</code> to <code>2.4.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/805">#805</a>), by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li> <li>Fix: Drop support for <code>composer/composer</code>:^1.0.0` (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/807">#807</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Enhancement: Run tests on PHP <code>8.1</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/808">#808</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Fix: Wrapping (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/809">#809</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Fix: Remove <code>phpstan/phpstan</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/810">#810</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Fix: Do not cache cache directory for <code>vimeo/psalm</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/811">#811</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Enhancement: Install <code>humbug/box</code> with <code>phive</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/812">#812</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Enhancement: Update <code>humbug/box</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/813">#813</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> <li>Enhancement: Update <code>composer/composer</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/804">#804</a>), by <a href="https://github.com/localheinz"><code>@​localheinz</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ergebnis/composer-normalize/blob/main/CHANGELOG.md">ergebnis/composer-normalize's changelog</a>.</em></p> <blockquote> <h2>[<code>2.16.0</code>][2.16.0]</h2> <p>For a full diff see [<code>2.15.0...2.16.0</code>][2.15.0...2.16.0].</p> <h3>Changed</h3> <ul> <li>Required <code>composer/composer:2.1.12</code> for compiling <code>composer-normalize.phar</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/804">#804</a>), by [<a href="https://github.com/localheinz"><code>@​localheinz</code></a>]</li> <li>Dropped support for <code>composer/composer:^1.0.0</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/807">#807</a>), by [<a href="https://github.com/localheinz"><code>@​localheinz</code></a>]</li> </ul> <h2>[<code>2.15.0</code>][2.15.0]</h2> <p>For a full diff see [<code>2.14.0...2.15.0</code>][2.14.0...2.15.0].</p> <h3>Changed</h3> <ul> <li>Updated <code>schema.json</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/754">#754</a>), by [<a href="https://github.com/ergebnis-bot"><code>@​ergebnis-bot</code></a>]</li> </ul> <h2>[<code>2.14.0</code>][2.14.0]</h2> <p>For a full diff see [<code>2.13.4...2.14.0</code>][2.13.4...2.14.0].</p> <h3>Changed</h3> <ul> <li>Updated <code>schema.json</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/744">#744</a>), by [<a href="https://github.com/ergebnis-bot"><code>@​ergebnis-bot</code></a>]</li> </ul> <h3>Fixed</h3> <ul> <li>Updated <code>composer/composer</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/750">#750</a>), by [<a href="https://github.com/localheinz"><code>@​localheinz</code></a>]</li> </ul> <h2>[<code>2.13.4</code>][2.13.4]</h2> <p>For a full diff see [<code>2.13.3...2.13.4</code>][2.13.3...2.13.4].</p> <h3>Fixed</h3> <ul> <li>Required <code>composer/composer:2.0.13</code> for compiling <code>composer-normalize.phar</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/743">#743</a>), by [<a href="https://github.com/localheinz"><code>@​localheinz</code></a>]</li> </ul> <h2>[<code>2.13.3</code>][2.13.3]</h2> <p>For a full diff see [<code>2.13.2...2.13.3</code>][2.13.2...2.13.3].</p> <h3>Fixed</h3> <ul> <li>Required <code>ergebnis/json-normalizer:^1.0.3</code> which correctly sorts <code>composer-plugin-api</code> (<a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/707">#707</a>), by [<a href="https://github.com/dependabot"><code>@​dependabot</code></a>]</li> </ul> <h2>[<code>2.13.2</code>][2.13.2]</h2> <p>For a full diff see [<code>2.13.1...2.13.2</code>][2.13.1...2.13.2].</p> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ergebnis/composer-normalize/commit/21eb186aa37247544674ee75aa4139c1cade7a64"><code>21eb186</code></a> Fix: Update CHANGELOG.md</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/1d972449c55d041d184a2d14599f31dd5c6c0a44"><code>1d97244</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/804">#804</a> from ergebnis/feature/composer</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/72af70bb0640b5a66b8d109be21aaca323b6e9d8"><code>72af70b</code></a> Fix: Verify that locker is an instance of Locker</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/ce24f6b3622de7c8183a89268d512425c4425430"><code>ce24f6b</code></a> Fix: Remove unnecessary DocBlock</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/77abc83d1b27483c303aabe9a37b69f7f661f1a6"><code>77abc83</code></a> Enhancement: Update composer/composer</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/d4112fea36ac8c683978f6528932962cf49a568c"><code>d4112fe</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/813">#813</a> from ergebnis/feature/box</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/d136ce42ef87fcfba77967981e048a16c877835a"><code>d136ce4</code></a> Enhancement: Update humbug/box</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/41ede7457dda1f3ddeda8a4a98bf7bb078a1fb04"><code>41ede74</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/812">#812</a> from ergebnis/feature/box</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/239dcaa2668674c27fc8c0a3408f4a3c60151c44"><code>239dcaa</code></a> Enhancement: Install humbug/box with phive</li> <li><a href="https://github.com/ergebnis/composer-normalize/commit/6fff6f27c715baf917444a98ced91d9fcb05cd45"><code>6fff6f2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ergebnis/composer-normalize/issues/811">#811</a> from ergebnis/fix/cache</li> <li>Additional commits viewable in <a href="https://github.com/ergebnis/composer-normalize/compare/2.15.0...2.16.0">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 19 hours

push eventCycloneDX/cyclonedx-php-composer

dependabot[bot]

commit sha 0a74d9b628224e87151f7a0b24cb462f8323cdf3

tools(deps-dev): update ergebnis/composer-normalize requirement Updates the requirements on [ergebnis/composer-normalize](https://github.com/ergebnis/composer-normalize) to permit the latest version. - [Release notes](https://github.com/ergebnis/composer-normalize/releases) - [Changelog](https://github.com/ergebnis/composer-normalize/blob/main/CHANGELOG.md) - [Commits](https://github.com/ergebnis/composer-normalize/compare/2.15.0...2.16.0) --- updated-dependencies: - dependency-name: ergebnis/composer-normalize dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha 765d2b7c226271b14ef1c45bf65e0271ad4775ed

Merge pull request #148 from CycloneDX/dependabot/composer/tools/composer-normalize/ergebnis/composer-normalize-2.16.0 tools(deps-dev): update ergebnis/composer-normalize requirement from 2.15.0 to 2.16.0 in /tools/composer-normalize

view details

push time in 19 hours

PullRequestReviewEvent

push eventCycloneDX/cyclonedx-php-composer

dependabot[bot]

commit sha 9c41381c6efa391fdcfe522b99a1d6512ffa0c78

tools(deps-dev): update icanhazstring/composer-unused requirement Updates the requirements on [icanhazstring/composer-unused](https://github.com/composer-unused/composer-unused) to permit the latest version. - [Release notes](https://github.com/composer-unused/composer-unused/releases) - [Changelog](https://github.com/composer-unused/composer-unused/blob/main/CHANGELOG.md) - [Commits](https://github.com/composer-unused/composer-unused/compare/0.7.7...0.7.8) --- updated-dependencies: - dependency-name: icanhazstring/composer-unused dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jan Kowalleck

commit sha 1122942a5b11469d8f6a8cbdc35eb68f57695ea2

Merge pull request #149 from CycloneDX/dependabot/composer/tools/composer-unused/icanhazstring/composer-unused-0.7.8 tools(deps-dev): update icanhazstring/composer-unused requirement from 0.7.7 to 0.7.8 in /tools/composer-unused

view details

push time in 19 hours

more