Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pyproject: constrain cyclonedx to ~2 #558

Merged
merged 3 commits into from
Mar 20, 2023
Merged

pyproject: constrain cyclonedx to ~2 #558

merged 3 commits into from
Mar 20, 2023

Conversation

woodruffw
Copy link
Member

cyclonedx-python-lib suddenly released a new major, so this was no longer constrained correctly.

Reflow as well.

This should fix the broken CI.

@woodruffw
pyproject: constrain cyclonedx to ~2
81512e9 
Reflow as well.

Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw added the dependencies Pull requests that update a dependency file label Mar 20, 2023
@woodruffw woodruffw requested review from di and tetsuo-cpp March 20, 2023 16:49
@woodruffw woodruffw self-assigned this Mar 20, 2023
@woodruffw
pyproject: fix version
6e5211d 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
Copy link
Member Author

We should also do a patch release after this, since some downstream users are likely to be broken by this.

@woodruffw
pyproject: more version hacking
2aa9672 
Conflict sadness.

Signed-off-by: William Woodruff <william@trailofbits.com>
@di di merged commit 849d6b9 into main Mar 20, 2023
@di di deleted the ww/fix-cyclonedx-pin branch March 20, 2023 16:59
@woodruffw woodruffw mentioned this pull request Mar 20, 2023
Merged
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 30, 2023
@0-wiz-0
py-pip_audit: update to 2.5.4.
4bcd4e6 
## [2.5.4]

### Changed

* Refactored `index-url` option to not override user pip config by default,
  unless specified ([#565](pypa/pip-audit#565))

### Fixed

* Fixed bug with the `--fix` flag where new requirements were sometimes being
  appended to requirement files instead of patching the existing requirement
  ([#577](pypa/pip-audit#577))

* Fixed a crash caused by auditing requirements files that refer to other
  requirements files ([#568](pypa/pip-audit#568))

## [2.5.3]

### Changed

* Further simplified `pip-audit`'s dependency resolution to remove inconsistent
  behaviour when using hashed requirements or the `--no-deps` flag
  ([#540](pypa/pip-audit#540))

### Fixed

* Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs
  ([#572](pypa/pip-audit#572))

## [2.5.2]

### Fixed

* Fixed a loose dependency constraint for CycloneDX SBOM generation
  ([#558](pypa/pip-audit#558))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@woodruffw woodruffw

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@woodruffw @di