anchore / yardstick

Compare vulnerability scanners results (to make them better!)
Apache License 2.0
15 stars 4 forks source link

chore(deps): bump importlib-metadata from 7.1.0 to 8.0.0 #336

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps importlib-metadata from 7.1.0 to 8.0.0.

Changelog

Sourced from importlib-metadata's changelog.

v8.0.0

Deprecations and Removals

  • Message.getitem now raises a KeyError on missing keys. (#371)
  • Removed deprecated support for Distribution subclasses not implementing abstract methods.

v7.2.1

Bugfixes

  • When reading installed files from an egg, use relative_to(walk_up=True) to honor files installed outside of the installation root. (#455)

v7.2.0

Features

Commits
  • f390168 Finalize
  • c3bae1e Merge pull request #491 from python/debt/remove-legacy
  • a970a49 Message.getitem now raises a KeyError on missing keys.
  • 32c14aa Removed deprecated support for Distribution subclasses not implementing abstr...
  • b76931d Finalize
  • 48d2a85 Merge pull request #482 from dan-blanchard/fix-relative-to
  • b94b42e Add news fragment
  • e4d1dcc Remove additional method in SimplePath.
  • 07a2a44 Revert "Fix mypy failure that has nothing to do with this PR"
  • b815aee Mark compat code as uncovered.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)