From dbbac619d59e7055b71568348dcbec75e65d7bbc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 09:32:04 +0000 Subject: [PATCH 1/4] chore(deps-dev): update cyclonedx-bom requirement Updates the requirements on [cyclonedx-bom](https://github.com/CycloneDX/cyclonedx-python) to permit the latest version. - [Release notes](https://github.com/CycloneDX/cyclonedx-python/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/CycloneDX/cyclonedx-python/compare/v4.0.0...v7.3.0) --- updated-dependencies: - dependency-name: cyclonedx-bom dependency-version: 7.3.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 94689fd6..786d3fa0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,7 @@ dev = [ "pip-audit >=2.4.4,<3.0.0", "pylint >=3.0.0,<4.1.0", "perflint >=0.8.0,<1.0.0", - "cyclonedx-bom >=4.0.0,<5.0.0", + "cyclonedx-bom >=4.0.0,<8.0.0", ] docs = [ "sphinx >=5.1.1,<9.0.0", From 39dbab4439d828f83fbb7e1d20f047c53ace88bb Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Fri, 24 Apr 2026 06:14:51 +1000 Subject: [PATCH 2/4] chore: fix regression --- Makefile | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index dbbf83bd..5e2306c3 100644 --- a/Makefile +++ b/Makefile @@ -107,7 +107,7 @@ upgrade-quiet: # Generate a Software Bill of Materials (SBOM). .PHONY: sbom sbom: requirements - cyclonedx-py requirements --output-format json --outfile dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json + python -m cyclonedx_py requirements --spec-version 1.7 --output-reproducible --output-format json --output-file dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json # Generate a requirements.txt file containing version and integrity hashes for all # packages currently installed in the virtual environment. There's no easy way to diff --git a/pyproject.toml b/pyproject.toml index 786d3fa0..ece2e413 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,7 @@ dev = [ "pip-audit >=2.4.4,<3.0.0", "pylint >=3.0.0,<4.1.0", "perflint >=0.8.0,<1.0.0", - "cyclonedx-bom >=4.0.0,<8.0.0", + "cyclonedx-bom >=7.0.0,<8.0.0", ] docs = [ "sphinx >=5.1.1,<9.0.0", From 81152b1ba51360f66575d94b4036552e22644c8f Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Fri, 24 Apr 2026 06:21:19 +1000 Subject: [PATCH 3/4] chore: don't pin SBOM version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5e2306c3..0e14e433 100644 --- a/Makefile +++ b/Makefile @@ -107,7 +107,7 @@ upgrade-quiet: # Generate a Software Bill of Materials (SBOM). .PHONY: sbom sbom: requirements - python -m cyclonedx_py requirements --spec-version 1.7 --output-reproducible --output-format json --output-file dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json + python -m cyclonedx_py requirements --output-reproducible --output-format json --output-file dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json # Generate a requirements.txt file containing version and integrity hashes for all # packages currently installed in the virtual environment. There's no easy way to From adbe674fd2ee407d067b9f7f673657592c7eb0ba Mon Sep 17 00:00:00 2001 From: Jens Troeger Date: Fri, 24 Apr 2026 06:55:49 +1000 Subject: [PATCH 4/4] chore(deps): avoid crummy mypy version --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ece2e413..bd4bee13 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,7 +46,7 @@ actions = [ ] dev = [ "flit >=3.2.0,<4.0.0", - "mypy >=1.20.1,<1.21", + "mypy >=1.0.0,!=1.20.2,<1.21", "pip-audit >=2.4.4,<3.0.0", "pylint >=3.0.0,<4.1.0", "perflint >=0.8.0,<1.0.0",