Conflict mkdocs-material and mdbom

[codie3611]

Describe the bug

Installing mdbom and mkdocs-material creates a dependency conflict. While mdbom requires Jinja2 version to be 2.X, mkdocs-material requires 3.X.X

To Reproduce

Steps to reproduce the behavior:

1. poetry add --dev mdbom
2. poetry add --dev mkdocs-material

> poetry add --dev mkdocs mkdocs-material

Using version ^1.3.1 for mkdocs
Using version ^8.5.1 for mkdocs-material

Updating dependencies
Resolving dependencies... (0.0s)

  SolverProblemError

  Because no versions of mkdocs-material match >8.5.1,<9.0.0
   and mkdocs-material (8.5.1) depends on jinja2 (>=3.0.2), mkdocs-material (>=8.5.1,<9.0.0) requires jinja2 (>=3.0.2).
  And because mdbom (0.3.0) depends on Jinja2 (>=2.11.3,<3.0.0)
   and no versions of mdbom match >0.3.0,<0.4.0, mkdocs-material (>=8.5.1,<9.0.0) is incompatible with mdbom (>=0.3.0,<0.4.0).
  So, because deathstar depends on both mdbom (^0.3.0) and mkdocs-material (^8.5.1), version solving failed.

  at ~/sw/miniconda3/lib/python3.9/site-packages/poetry/puzzle/solver.py:241 in _solve
      237│             packages = result.packages
      238│         except OverrideNeeded as e:
      239│             return self.solve_in_compatibility_mode(e.overrides, use_latest=use_latest)
      240│         except SolveFailure as e:
    → 241│             raise SolverProblemError(e)
      242│ 
      243│         results = dict(
      244│             depth_first_search(
      245│                 PackageNode(self._package, packages), aggregate_package_nodes

Expected behavior

Installaion succeeds.

System (please complete the following information):

• Mardown SBOM version: 0.3.0
• Python version: 3.9.2
• OS: Ubuntu

[codie3611]

Tried to update it myself but failed since git changelog requires also jinja2 as 2.X.X. Such an annoying conflict.

[HaRo87]

Yes @codie3611. I did start working on a proper replacement using Golang. 😉 The whole Python dependency mess is really annoying.