i-doit / knowledge-base

i-doit docs
http://kb.i-doit.com
Creative Commons Attribution Share Alike 4.0 International
11 stars 6 forks source link

chore(deps): bump cyclonedx-bom from 4.4.3 to 4.5.0 #612

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps cyclonedx-bom from 4.4.3 to 4.5.0.

Release notes

Sourced from cyclonedx-bom's releases.

v4.5.0 (2024-06-10)

Chore

  • chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1a1ad60)

Ci

  • ci: modernize artifact action (#737)

supersedes #625 supersedes #624


Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com> (1222201)

Documentation

  • docs: exclude dep bumps from changelog (#750)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a)

  • docs: OSSF best practice badge percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803)

Feature

  • feat: environment - gather declared license information according to PEP639 (#755)

From python environments, gather additional declared license information according to PEP 639 (improving license clarity with better package metadata).

New CLI switches for cyclonedx environment:

  • --PEP-639: Enable license gathering according to PEP 639 (improving license clarity with better package metadata). The behavior may change during the draft development of the PEP.
  • --gather-license-texts: Enable license text gathering.

In current state of implementation, --gather-license-texts has effect only if --PEP-639 is also given.

... (truncated)

Changelog

Sourced from cyclonedx-bom's changelog.

v4.5.0 (2024-06-10)

Chore

  • chore: shield_ossf-best-practices subbary

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1a1ad60)

Ci

  • ci: modernize artifact action (#737)

supersedes #625 supersedes #624


Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com> (1222201)

Documentation

  • docs: exclude dep bumps from changelog (#750)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d02d6a)

  • docs: OSSF best practice badge percentage

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5717803)

Feature

  • feat: environment - gather declared license information according to PEP639 (#755)

From python environments, gather additional declared license information according to PEP 639 (improving license clarity with better package metadata).

New CLI switches for cyclonedx environment:

  • --PEP-639: Enable license gathering according to PEP 639 (improving license clarity with better package metadata). The behavior may change during the draft development of the PEP.
  • --gather-license-texts: Enable license text gathering.

In current state of implementation, --gather-license-texts has effect only if --PEP-639 is also given.

... (truncated)

Commits
  • 6cb2cbc chore(release): 4.5.0
  • e9cc805 feat: environment - gather declared license information according to PEP639 (...
  • cba521e refactor: const for purl type pypi (#754)
  • a178d2e refactor: extred -> extref (#753)
  • 54b2ad8 chore(deps-dev): Update tox requirement from 4.15.0 to 4.15.1 (#751)
  • f13311b Create config.yml
  • c4b15d8 Rename feature_request.md to 1-feature_request.md
  • 58199a5 Rename bug_report.md to 2-bug_report.md
  • b23f16d chore(deps-dev): Update autopep8 requirement from 2.1.0 to 2.2.0 (#748)
  • 3d02d6a docs: exclude dep bumps from changelog (#750)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)