feat(validation): improve user-facing schema validation errors#940
Open
saquibsaifee wants to merge 78 commits into
Open
Conversation
change optional dependency from `jsonschemap[format]>=4.18,<5` to `jsonschemap[format-nongpl]>=4.25,<5` - requires https://github.com/python-jsonschema/jsonschema/releases/tag/v4.25.0 - fixes CycloneDX#743 considered a non-breaking change, since all functionality and capabilities stay the same. Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
when deserializing JSON: ignore unknown/unsupported properties when deserializing XML: ignore unknown/unsupported attributes and elements this is considered a **BREAKING Change**, as the old behavior was to throw an error when deserializing unknown/unsupported features - which no longer happens, instead, unknown/unsupported features are simply ignored. ----- - fixes CycloneDX#850 ----- --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
…neDX#855) Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Next Release</h2> <h2>Mypy 1.17</h2> <p>We’ve just uploaded mypy 1.17 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h3>Optionally Check That Match Is Exhaustive</h3> <p>Mypy can now optionally generate an error if a match statement does not match exhaustively, without having to use <code>assert_never(...)</code>. Enable this by using <code>--enable-error-code exhaustive-match</code>.</p> <p>Example:</p> <pre lang="python"><code># mypy: enable-error-code=exhaustive-match <p>import enum</p> <p>class Color(enum.Enum): RED = 1 BLUE = 2</p> <p>def show_color(val: Color) -> None: # error: Unhandled case for values of type "Literal[Color.BLUE]" match val: case Color.RED: print("red") </code></pre></p> <p>This feature was contributed by Donal Burns (PR <a href="https://redirect.github.com/python/mypy/pull/19144">19144</a>).</p> <h3>Further Improvements to Attribute Resolution</h3> <p>This release includes additional improvements to how attribute types and kinds are resolved. These fix many bugs and overall improve consistency.</p> <ul> <li>Handle corner case: protocol/class variable/descriptor (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19277">19277</a>)</li> <li>Fix a few inconsistencies in protocol/type object interactions (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19267">19267</a>)</li> <li>Refactor/unify access to static attributes (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19254">19254</a>)</li> <li>Remove inconsistencies in operator handling (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19250">19250</a>)</li> <li>Make protocol subtyping more consistent (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/18943">18943</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/0260991f6b055110c3df36bd5539d4f4489bf153"><code>0260991</code></a> Update version string</li> <li><a href="https://github.com/python/mypy/commit/3901aa2f9523ce55e08d94c1716028d840398753"><code>3901aa2</code></a> Updates to 1.17 changelog (<a href="https://redirect.github.com/python/mypy/issues/19436">#19436</a>)</li> <li><a href="https://github.com/python/mypy/commit/7d133961a7e759aab84223bf8038b9489daaa93c"><code>7d13396</code></a> Initial changelog for 1.17 release (<a href="https://redirect.github.com/python/mypy/issues/19427">#19427</a>)</li> <li><a href="https://github.com/python/mypy/commit/a182dec997b418b925fe0c28575c50debba0bb3a"><code>a182dec</code></a> Combine the revealed types of multiple iteration steps in a more robust manne...</li> <li><a href="https://github.com/python/mypy/commit/ab4fd57d45b7f81cf281b17b7d3697ac9f79bc15"><code>ab4fd57</code></a> Improve the handling of "iteration dependent" errors and notes in finally cla...</li> <li><a href="https://github.com/python/mypy/commit/09ba1f6488b3e8d91c5204839421c61c306ff252"><code>09ba1f6</code></a> [mypyc] Fix exception swallowing in async try/finally blocks with await (<a href="https://redirect.github.com/python/mypy/issues/19353">#19353</a>)</li> <li><a href="https://github.com/python/mypy/commit/5c65e330b0e4a188d68c04715a90e1f7d9c18df6"><code>5c65e33</code></a> [mypyc] Fix AttributeError in async try/finally with mixed return paths (<a href="https://redirect.github.com/python/mypy/issues/19361">#19361</a>)</li> <li><a href="https://github.com/python/mypy/commit/934ec50744c766522329c604c6908a6ed05affd6"><code>934ec50</code></a> Lessen dmypy suggest path limitations for Windows machines (<a href="https://redirect.github.com/python/mypy/issues/19337">#19337</a>)</li> <li><a href="https://github.com/python/mypy/commit/a4801f928aaadb19f9893fe45af8e69ab6b509d0"><code>a4801f9</code></a> Type ignore comments erroneously marked as unused by dmypy (<a href="https://redirect.github.com/python/mypy/issues/15043">#15043</a>)</li> <li><a href="https://github.com/python/mypy/commit/c3bfa0d6f3ac3cea78cc497a3c44002ea46437a1"><code>c3bfa0d</code></a> Handle corner case: protocol vs classvar vs descriptor (<a href="https://redirect.github.com/python/mypy/issues/19277">#19277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/mypy/compare/v1.16.1...v1.17.0">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
…eDX#859) ## Changed - getter `model.contact.PostalAddress.bom_ref` may no longer return `None` ## Added - Class `model.contact.OrganizationalContact` supports `bom_ref` - Class `model.contact.OrganizationalEntity` supports `bom_ref` - Class `model.license.DisjunctiveLicense` supports `bom_ref` - Class `model.license.LicenseExpression` supports `bom_ref` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
…cloneDX#865) Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 7.10.1 — 2025-07-27</h2> <ul> <li> <p>Fix: the exclusion for <code>if TYPE_CHECKING:</code> was wrong: it marked the branch as partial, but it should have been a line exclusion so the entire clause would be excluded. Improves <code>issue 831</code>_.</p> </li> <li> <p>Fix: changed where .pth files are written for <code>patch = subprocess</code>, closing <code>issue 2006</code>_.</p> </li> </ul> <p>.. _issue 2006: <a href="https://redirect.github.com/nedbat/coveragepy/issues/2006">nedbat/coveragepy#2006</a></p> <p>.. _changes_7-10-0:</p> <h2>Version 7.10.0 — 2025-07-24</h2> <ul> <li> <p>A new configuration option: ":ref:<code>config_run_patch</code>" specifies named patches to work around some limitations in coverage measurement. These patches are available:</p> <ul> <li> <p><code>patch = _exit</code> lets coverage save its data even when :func:<code>os._exit() <python:os._exit></code> is used to abruptly end the process. This closes long-standing <code>issue 310</code>_ as well as its duplicates: <code>issue 312</code><em>, <code>issue 1673</code></em>, <code>issue 1845</code><em>, and <code>issue 1941</code></em>.</p> </li> <li> <p><code>patch = subprocess</code> measures coverage in Python subprocesses created with :mod:<code>subprocess</code>, :func:<code>os.system</code>, or one of the :func:<code>execv <python:os.execl></code> or :func:<code>spawnv <python:os.spawnl></code> family of functions. Closes old <code>issue 367</code>_ and duplicate <code>issue 378</code>_.</p> </li> <li> <p><code>patch = execv</code> adjusts the :func:<code>execv <python:os.execl></code> family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes <code>issue 43</code>_ after 15 years!</p> </li> </ul> </li> <li> <p>The HTML report now dimly colors subsequent lines in multi-line statements. They used to have no color. This gives a better indication of the amount of code missing in the report. Closes <code>issue 1308</code>_.</p> </li> <li> <p>Two new exclusion patterns are part of the defaults: <code>...</code> is automatically excluded as a line and <code>if TYPE_CHECKING:</code> is excluded as a branch. Closes <code>issue 831</code>_.</p> </li> <li> <p>A new command-line option: <code>--save-signal=USR1</code> specifies a signal that coverage.py will listen for. When the signal is sent, the coverage data will be saved. This makes it possible to save data from within long-running processes. Thanks, <code>Arkady Gilinsky <pull 1998_></code>_.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/7fdcbeb70255447199fb4501707aac39840ffba4"><code>7fdcbeb</code></a> docs: sample HTML for 7.10.1</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c9e962586e30bdcc7e862dc12b8b4b7790cd8372"><code>c9e9625</code></a> docs: prep for 7.10.1</li> <li><a href="https://github.com/nedbat/coveragepy/commit/e8193ff919502be0a28d0922e4fd8e6eccc70e3c"><code>e8193ff</code></a> chore: make upgrade</li> <li><a href="https://github.com/nedbat/coveragepy/commit/9aad22a57a7163bf7e8d593112715c409193c643"><code>9aad22a</code></a> test: improve the <code>if TYPE_CHECKING:</code> exclusion test</li> <li><a href="https://github.com/nedbat/coveragepy/commit/1e2f41a756191898d4f1936fa01165d52ec9e624"><code>1e2f41a</code></a> fix: excluding TYPE_CHECKING should have been the line not the branch</li> <li><a href="https://github.com/nedbat/coveragepy/commit/2134e57af92b95b2ef883e756bb0d6b926b6eac1"><code>2134e57</code></a> fix: use getsitepackages for writing .pth files. <a href="https://redirect.github.com/nedbat/coveragepy/issues/2006">#2006</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/a4300a7e0f84683d92971ed0b8ac16e6c552f710"><code>a4300a7</code></a> test: signal statuses are mysterious. <a href="https://redirect.github.com/nedbat/coveragepy/issues/2008">#2008</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/2fd496182f9043e8e8471e58ca26c81a44a7b9a7"><code>2fd4961</code></a> docs: update the man page, for once</li> <li><a href="https://github.com/nedbat/coveragepy/commit/a13607f5da807a8ef5b483ce27c5e4779d1d4584"><code>a13607f</code></a> build: comment_on_fixes should show html urls</li> <li><a href="https://github.com/nedbat/coveragepy/commit/0f00d49a594c2dc3576714a0669fbdbcc4dd4c7e"><code>0f00d49</code></a> build: bump version to 7.10.1</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/7.9.2...7.10.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…neDX#868) Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h3>Mypy 1.17.1</h3> <ul> <li>Retain <code>None</code> as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR <a href="https://redirect.github.com/python/mypy/pull/19485">19485</a>)</li> <li>Fix "ignored exception in <code>hasattr</code>" in dmypy (Stanislav Terliakov, PR <a href="https://redirect.github.com/python/mypy/pull/19428">19428</a>)</li> <li>Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR <a href="https://redirect.github.com/python/mypy/pull/19453">19453</a>)</li> </ul> <h3>Acknowledgements</h3> <p>Thanks to all mypy contributors who contributed to this release:</p> <ul> <li>Alexey Makridenko</li> <li>Brian Schubert</li> <li>Chad Dombrova</li> <li>Chainfire</li> <li>Charlie Denton</li> <li>Charulata</li> <li>Christoph Tyralla</li> <li>CoolCat467</li> <li>Donal Burns</li> <li>Guy Wilson</li> <li>Ivan Levkivskyi</li> <li>johnthagen</li> <li>Jukka Lehtosalo</li> <li>Łukasz Kwieciński</li> <li>Marc Mueller</li> <li>Michael J. Sullivan</li> <li>Mikhail Golubev</li> <li>Sebastian Rittau</li> <li>Shantanu</li> <li>Stanislav Terliakov</li> <li>wyattscarpenter</li> </ul> <p>I’d also like to thank my employer, Dropbox, for supporting mypy development.</p> <h2>Mypy 1.16</h2> <p>We’ve just uploaded mypy 1.16 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h3>Different Property Getter and Setter Types</h3> <p>Mypy now supports using different types for a property getter and setter:</p> <pre lang="python"><code>class A: _value: int </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/acb29831e286bbccde37c03bc75381f40a5fdc9e"><code>acb2983</code></a> Bump version to 1.17.1</li> <li><a href="https://github.com/python/mypy/commit/933c913fbe6d2fbf277ff8d6b2f2298f0f84be64"><code>933c913</code></a> Retain <code>None</code> as constraints bottom if no bottoms were provided (<a href="https://redirect.github.com/python/mypy/issues/19485">#19485</a>)</li> <li><a href="https://github.com/python/mypy/commit/5f4428f0286df58169d2f34f4f86561ad617538b"><code>5f4428f</code></a> Fix "ignored exception in <code>hasattr</code>" in dmypy (<a href="https://redirect.github.com/python/mypy/issues/19428">#19428</a>)</li> <li><a href="https://github.com/python/mypy/commit/88fdeaae0abc92d605fc475fd153b4ad5b239310"><code>88fdeaa</code></a> Prevent a crash when InitVar is redefined with a method in a subclass (<a href="https://redirect.github.com/python/mypy/issues/19453">#19453</a>)</li> <li><a href="https://github.com/python/mypy/commit/e44d14f8e52a8890d08726ee753c8754edefd649"><code>e44d14f</code></a> Bump version to 1.17.1+dev</li> <li>See full diff in <a href="https://github.com/python/mypy/compare/v1.17.0...v1.17.1">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…eDX#867) Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.28.4</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/tox-dev/tox/pull/3570">tox-dev/tox#3570</a></li> <li>Pass ssh-agent variables by default by <a href="https://github.com/daniilgankov"><code>@daniilgankov</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3572">tox-dev/tox#3572</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/daniilgankov"><code>@daniilgankov</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3572">tox-dev/tox#3572</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.28.3...4.28.4">https://github.com/tox-dev/tox/compare/4.28.3...4.28.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.28.4 (2025-07-31)</h2> <p>Features - 4.28.4</p> <pre><code>- Pass ssh-agent variables ``SSH_AGENT_PID`` and ``SSH_AUTH_SOCK`` in ``pass_env`` by default. - by :user:`daniilgankov` (:issue:`3572`) <h2>v4.28.3 (2025-07-25)</h2> <p>No significant changes.</p> <h2>v4.28.2 (2025-07-25)</h2> <p>Bugfixes - 4.28.2 </code></pre></p> <ul> <li>Don't pass in the filter argument to tar.extractall on old Python versions - by :user:<code>gaborbernat</code>. (:issue:<code>3568</code>)</li> </ul> <h2>v4.28.1 (2025-07-22)</h2> <p>Bugfixes - 4.28.1</p> <pre><code>- Use `tarfile.data_filter <https://docs.python.org/3/library/tarfile.html#tarfile.data_filter>`_ with ``extractall`` only on supported Python versions: <ul> <li><code>&gt;= 3.11.4</code></li> <li><code>&gt;= 3.10.12</code> and <code>&lt; 3.11</code></li> <li><code>&gt;= 3.9.17</code> and <code>&lt; 3.10</code></li> </ul> <p>by :user:<code>gaborbernat</code>. (:issue:<code>3565</code>)</p> <h2>v4.28.0 (2025-07-20)</h2> <p>Features - 4.28.0 </code></pre></p> <ul> <li>Added <code>constraints</code> to allow specifying constraints files for all dependencies. (:issue:<code>3550</code>)</li> <li>Allow disabling tox plugins via the <code>TOX_DISABLED_EXTERNAL_PLUGINS</code> environment variable - by :user:<code>gaborbernat</code>. (:issue:<code>3468</code>)</li> </ul> <p>Improved Documentation - 4.28.0</p> <pre><code>- The ``min_version``/``minversion`` config option is deprecated in favor of the ``requires`` option. (:issue:`3553`) <h2>v4.27.0 (2025-06-17)</h2> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/611b7516d639638cecb1e2117adeeb6567120438"><code>611b751</code></a> release 4.28.4</li> <li><a href="https://github.com/tox-dev/tox/commit/9f2db71b64bdfc90ce40b33b38df82ac4d1a2abc"><code>9f2db71</code></a> Pass ssh-agent variables by default (<a href="https://redirect.github.com/tox-dev/tox/issues/3572">#3572</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c28c4b1c37b6cb24c66be2667223961cf14feaae"><code>c28c4b1</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3570">#3570</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/815ca3149733b5cd1dc84d8ad67d6feaf4736067"><code>815ca31</code></a> release 4.28.3</li> <li><a href="https://github.com/tox-dev/tox/commit/8a59b928c2dabfcd35e8842109126f7a7d9f9d7b"><code>8a59b92</code></a> Fix type on expression (<a href="https://redirect.github.com/tox-dev/tox/issues/3569">#3569</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/ebfaab66021d9f060ebfc3f1821a53874a905c49"><code>ebfaab6</code></a> release 4.28.2</li> <li><a href="https://github.com/tox-dev/tox/commit/ae930db56a6dbe11ad23ffc86c5d31c9d8ace514"><code>ae930db</code></a> Don't pass in hte filter argument to tar.extractall on old Python versions (#...</li> <li><a href="https://github.com/tox-dev/tox/commit/c836ab2727992329ffa61330d1aeb524e6d265f0"><code>c836ab2</code></a> release 4.28.1</li> <li><a href="https://github.com/tox-dev/tox/commit/c343b26717d314d59bb22252c5d61d7c4e9e03cb"><code>c343b26</code></a> Only use tarfile.data_filter when it's available (<a href="https://redirect.github.com/tox-dev/tox/issues/3566">#3566</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/753dd626564cec7f7b6756d86bc22e2cdfcdcbc3"><code>753dd62</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3564">#3564</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.27.0...4.28.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…loneDX#866) Updates the requirements on [deptry](https://github.com/fpgmaas/deptry) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fpgmaas/deptry/releases">deptry's releases</a>.</em></p> <blockquote> <h2>0.23.1</h2> <h2>What's Changed</h2> <h3>Bug Fixes</h3> <ul> <li>Improve handling of <code>TYPE_CHECKING</code> blocks by supporting <code>import typing as t</code> and checking <code>t.TYPE_CHECKING</code> (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1218">#1218</a>)</li> <li>Fix missing hyperlink in report output (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1162">#1162</a>)</li> </ul> <h3>Full Changelog</h3> <p><a href="https://github.com/fpgmaas/deptry/compare/0.23.0...0.23.1">https://github.com/fpgmaas/deptry/compare/0.23.0...0.23.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/fpgmaas/deptry/blob/main/CHANGELOG.md">deptry's changelog</a>.</em></p> <blockquote> <h2>0.23.1 - 2025-07-30</h2> <h3>Bug Fixes</h3> <ul> <li>Improve handling of <code>TYPE_CHECKING</code> blocks by supporting <code>import typing as t</code> and checking <code>t.TYPE_CHECKING</code> (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1218">#1218</a>)</li> <li>Fix missing hyperlink in report output (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1162">#1162</a>)</li> </ul> <h3>Full Changelog</h3> <p><a href="https://github.com/fpgmaas/deptry/compare/0.23.0...0.23.1">https://github.com/fpgmaas/deptry/compare/0.23.0...0.23.1</a></p> <h2>0.23.0 - 2025-01-25</h2> <h3>Features</h3> <ul> <li>Correctly detect transitive dependencies with different module names (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1033">#1033</a>)</li> </ul> <h3>Full Changelog</h3> <p><a href="https://github.com/fpgmaas/deptry/compare/0.22.0...0.23.0">https://github.com/fpgmaas/deptry/compare/0.22.0...0.23.0</a></p> <h2>0.22.0 - 2025-01-10</h2> <p>Poetry 2.0 introduced support for <a href="https://python-poetry.org/blog/announcing-poetry-2.0.0/">defining project metadata in PEP 621</a>. This is now supported by <em>deptry</em>. <a href="https://deptry.com/supported-dependency-managers/#poetry">Documentation</a> has been updated to detail <em>deptry</em>'s behavior.</p> <h3>Features</h3> <ul> <li>Support PEP 621 in Poetry 2.0+ (<a href="https://redirect.github.com/fpgmaas/deptry/pull/1003">#1003</a>)</li> </ul> <h3>Full Changelog</h3> <p><a href="https://github.com/fpgmaas/deptry/compare/0.21.2...0.22.0">https://github.com/fpgmaas/deptry/compare/0.21.2...0.22.0</a></p> <h2>0.21.2 - 2024-12-19</h2> <h3>Miscellaneous</h3> <ul> <li>Provide wheels for musllinux (<a href="https://redirect.github.com/fpgmaas/deptry/pull/979">#979</a>)</li> </ul> <h3>Full Changelog</h3> <p><a href="https://github.com/fpgmaas/deptry/compare/0.21.1...0.21.2">https://github.com/fpgmaas/deptry/compare/0.21.1...0.21.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fpgmaas/deptry/commit/709204b084da50f87d049b92da8d995b2d71786b"><code>709204b</code></a> Changelog for 0.23.1 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1226">#1226</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/0684ec0f2aa0184f1414155702cdf3cb03c9196b"><code>0684ec0</code></a> allow typing alias for TYPE_CHECKING (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1218">#1218</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/d6682ab288503398d9c77ceaf4f8e968e1283851"><code>d6682ab</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1223">#1223</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/840d5fb1d96a6444c1a92223fd37ddbc9c6aeee2"><code>840d5fb</code></a> chore(deps): update uv-version to v0.8.3 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1221">#1221</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/608161f2b61f314c85c12fb0715feeaac0cb9a2d"><code>608161f</code></a> test: update dependencies in tests to v4.25.0.20250720 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1222">#1222</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/71ec469fcbbbf4ca6cedd0fb86c84941a3d0fc1a"><code>71ec469</code></a> chore(deps): update astral-sh/setup-uv action to v6.4.3 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1219">#1219</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/4fed1ad9abc551fe40f2001b9f3e7003af72fe04"><code>4fed1ad</code></a> chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.12.5 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1220">#1220</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/775e6bc5d02ac41df8b7ef96906897f0b0becd65"><code>775e6bc</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1216">#1216</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/7b212fce2eb565199630a105c0399b9f83d54ac4"><code>7b212fc</code></a> chore: bump Ruff parser to 0.12.4 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1217">#1217</a>)</li> <li><a href="https://github.com/fpgmaas/deptry/commit/730d1fdd2c34d2c305bba334714219ebb6c32171"><code>730d1fd</code></a> chore(deps): update uv-version to v0.8.0 (<a href="https://redirect.github.com/fpgmaas/deptry/issues/1215">#1215</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fpgmaas/deptry/compare/0.23.0...0.23.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ycloneDX#871) Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 7.10.2 — 2025-08-03</h2> <ul> <li>Fix: some code with NOP bytecodes could report missing branches that are actually executed. This is now fixed, closing <code>issue 1999</code>_. Python 3.9 still shows the problem.</li> </ul> <p>.. _issue 1999: <a href="https://redirect.github.com/nedbat/coveragepy/issues/1999">nedbat/coveragepy#1999</a></p> <p>.. _changes_7-10-1:</p> <h2>Version 7.10.1 — 2025-07-27</h2> <ul> <li> <p>Fix: the exclusion for <code>if TYPE_CHECKING:</code> was wrong: it marked the branch as partial, but it should have been a line exclusion so the entire clause would be excluded. Improves <code>issue 831</code>_.</p> </li> <li> <p>Fix: changed where .pth files are written for <code>patch = subprocess</code>, closing <code>issue 2006</code>_.</p> </li> </ul> <p>.. _issue 2006: <a href="https://redirect.github.com/nedbat/coveragepy/issues/2006">nedbat/coveragepy#2006</a></p> <p>.. _changes_7-10-0:</p> <h2>Version 7.10.0 — 2025-07-24</h2> <ul> <li> <p>A new configuration option: ":ref:<code>config_run_patch</code>" specifies named patches to work around some limitations in coverage measurement. These patches are available:</p> <ul> <li> <p><code>patch = _exit</code> lets coverage save its data even when :func:<code>os._exit() <python:os._exit></code> is used to abruptly end the process. This closes long-standing <code>issue 310</code>_ as well as its duplicates: <code>issue 312</code><em>, <code>issue 1673</code></em>, <code>issue 1845</code><em>, and <code>issue 1941</code></em>.</p> </li> <li> <p><code>patch = subprocess</code> measures coverage in Python subprocesses created with :mod:<code>subprocess</code>, :func:<code>os.system</code>, or one of the :func:<code>execv <python:os.execl></code> or :func:<code>spawnv <python:os.spawnl></code> family of functions. Closes old <code>issue 367</code><em>, its duplicate <code>issue 378</code></em> and old <code>issue 689</code>_.</p> </li> <li> <p><code>patch = execv</code> adjusts the :func:<code>execv <python:os.execl></code> family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes <code>issue 43</code>_ after 15 years!</p> </li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/a8678528d235acb494ba7a2cace5db445a75a85f"><code>a867852</code></a> docs: sample HTML for 7.10.2</li> <li><a href="https://github.com/nedbat/coveragepy/commit/e7bfabe1c4d70a3c5d7a5326f43addaa7d3782c3"><code>e7bfabe</code></a> docs: prep for 7.10.2</li> <li><a href="https://github.com/nedbat/coveragepy/commit/5dbd736002e1cfe3c69d10435998d0621d629ffb"><code>5dbd736</code></a> test: this test often borks metacov, retry it</li> <li><a href="https://github.com/nedbat/coveragepy/commit/b7430fa56d8960646a6fa0269f15df1400b7dd22"><code>b7430fa</code></a> debug: more convenient run_trace.py</li> <li><a href="https://github.com/nedbat/coveragepy/commit/e2039d0df6992e14f28079849b206d65a21d43e6"><code>e2039d0</code></a> refactor: less redundancy in branch_trails</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c177731d969fec03b0e125aa1e91d9bb2b7f950b"><code>c177731</code></a> fix: see through nop bytecodes to get the right arcs. <a href="https://redirect.github.com/nedbat/coveragepy/issues/1999">#1999</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/7a83ab0b9bba903aab56f01f209620ecd190d160"><code>7a83ab0</code></a> test: don't try to make pth files when invoked from pth <a href="https://redirect.github.com/nedbat/coveragepy/issues/2011">#2011</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/6d8b091ee7900dc0050f77fa792de0651e0cc6df"><code>6d8b091</code></a> refactor: remove a commented-out line</li> <li><a href="https://github.com/nedbat/coveragepy/commit/fc507ad92ea7d779e7213d4103f15152dbe4e4d8"><code>fc507ad</code></a> test: add a case for an extension-less Python file parse error</li> <li><a href="https://github.com/nedbat/coveragepy/commit/05a6e8d0d5d5ea616519be432d4be9c4301a6a76"><code>05a6e8d</code></a> test: no need for skip, we already skip windows</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/7.10.1...7.10.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li> <li>BREAKING fix: inconsistent path behavior for single artifact downloads by ID by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li> </ul> <h2>v5.0.0</h2> <h3>🚨 Breaking Change</h3> <p>This release fixes an inconsistency in path behavior for single artifact downloads by ID. <strong>If you're downloading single artifacts by ID, the output path may change.</strong></p> <h4>What Changed</h4> <p>Previously, <strong>single artifact downloads</strong> behaved differently depending on how you specified the artifact:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (direct)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/my-artifact/</code> (nested)</li> </ul> <p>Now both methods are consistent:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (unchanged)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/</code> (fixed - now direct)</li> </ul> <h4>Migration Guide</h4> <h5>✅ No Action Needed If:</h5> <ul> <li>You download artifacts by <strong>name</strong></li> <li>You download <strong>multiple</strong> artifacts by ID</li> <li>You already use <code>merge-multiple: true</code> as a workaround</li> </ul> <h5>⚠️ Action Required If:</h5> <p>You download <strong>single artifacts by ID</strong> and your workflows expect the nested directory structure.</p> <p><strong>Before v5 (nested structure):</strong></p> <pre lang="yaml"><code>- uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist # Files were in: dist/my-artifact/ </code></pre> <blockquote> <p>Where <code>my-artifact</code> is the name of the artifact you previously uploaded</p> </blockquote> <p><strong>To maintain old behavior (if needed):</strong></p> <pre lang="yaml"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/634f93cb2916e3fdff6788551b99b062d0335ce0"><code>634f93c</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/416">#416</a> from actions/single-artifact-id-download-path</li> <li><a href="https://github.com/actions/download-artifact/commit/b19ff4302770b82aa4694b63703b547756dacce6"><code>b19ff43</code></a> refactor: resolve download path correctly in artifact download tests (mainly ...</li> <li><a href="https://github.com/actions/download-artifact/commit/e262cbee4ab8c473c61c59a81ad8e9dc760e90db"><code>e262cbe</code></a> bundle dist</li> <li><a href="https://github.com/actions/download-artifact/commit/bff23f9308ceb2f06d673043ea6311519be6a87b"><code>bff23f9</code></a> update docs</li> <li><a href="https://github.com/actions/download-artifact/commit/fff8c148a8fdd56aa81fcb019f0b5f6c65700c4d"><code>fff8c14</code></a> fix download path logic when downloading a single artifact by id</li> <li><a href="https://github.com/actions/download-artifact/commit/448e3f862ab3ef47aa50ff917776823c9946035b"><code>448e3f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/407">#407</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/download-artifact/commit/47225c44b359a5155efdbbbc352041b3e249fb1b"><code>47225c4</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/actions/download-artifact/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
…eDX#879) Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.29.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Docs: environment variables contain strings by <a href="https://github.com/hroncok"><code>@hroncok</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3575">tox-dev/tox#3575</a></li> <li>🐍 Fix sys_platform Fixture Leakage breaking the CI by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3589">tox-dev/tox#3589</a></li> <li>Expose a new <code>tox_extend_envs</code> hook in plugins API by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3591">tox-dev/tox#3591</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.28.4...4.29.0">https://github.com/tox-dev/tox/compare/4.28.4...4.29.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.29.0 (2025-08-29)</h2> <p>Features - 4.29.0</p> <pre><code>- A new tox life cycle event is now exposed for use via :doc:`Plugins API </plugins>` -- by :user:`webknjaz`. <p>The corresponding hook point is :func:<code>tox_extend_envs &lt;tox.plugin.spec.tox_extend_envs&gt;</code>. It allows plugin authors to declare ephemeral environments that they can then populate through the in-memory configuration loader interface.</p> <p>This patch was made possible thanks to pair programming with :user:<code>gaborbernat</code> at PyCon US 2025. (:issue:<code>3510</code>, :issue:<code>3591</code>)</p> <h2>v4.28.4 (2025-07-31)</h2> <p>Features - 4.28.4 </code></pre></p> <ul> <li>Pass ssh-agent variables <code>SSH_AGENT_PID</code> and <code>SSH_AUTH_SOCK</code> in <code>pass_env</code> by default. <ul> <li>by :user:<code>daniilgankov</code> (:issue:<code>3572</code>)</li> </ul> </li> </ul> <h2>v4.28.3 (2025-07-25)</h2> <p>No significant changes.</p> <h2>v4.28.2 (2025-07-25)</h2> <p>Bugfixes - 4.28.2</p> <pre><code>- Don't pass in the filter argument to tar.extractall on old Python versions - by :user:`gaborbernat`. (:issue:`3568`) <h2>v4.28.1 (2025-07-22)</h2> <p>Bugfixes - 4.28.1 </code></pre></p> <ul> <li> <p>Use <code>tarfile.data_filter <https://docs.python.org/3/library/tarfile.html#tarfile.data_filter></code>_ with <code>extractall</code> only on supported Python versions:</p> <ul> <li><code>>= 3.11.4</code></li> <li><code>>= 3.10.12</code> and <code>< 3.11</code></li> <li><code>>= 3.9.17</code> and <code>< 3.10</code></li> </ul> <p>by :user:<code>gaborbernat</code>. (:issue:<code>3565</code>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/59aaee9defa7e3ca4eae644f498037b9b2cbf6c8"><code>59aaee9</code></a> release 4.29.0</li> <li><a href="https://github.com/tox-dev/tox/commit/bf558e375dfac8c85eac6bbfbc13103e64347c31"><code>bf558e3</code></a> Expose a new <code>tox_extend_envs</code> hook in plugins API (<a href="https://redirect.github.com/tox-dev/tox/issues/3591">#3591</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/eceba31061fb01f6077f5cd1a93a5b1f01175591"><code>eceba31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3587">#3587</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/18d294354686b4d8d79ca40e0f2c487e917f65a0"><code>18d2943</code></a> Fix sys_platform patch in test suite leaking patching (<a href="https://redirect.github.com/tox-dev/tox/issues/3589">#3589</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/8088ecb03240145cba0179c9dbdca14eda93d1c2"><code>8088ecb</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3582">#3582</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c0b411892495499fa391ceb4b5001f76d2926d30"><code>c0b4118</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3581">#3581</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/1e067797eaafcc9283bec2c1bb0520ed47033ccf"><code>1e06779</code></a> Bump actions/download-artifact from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3576">#3576</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/7d4cb4e92650545cd4eb45501320d2e2eb6ac2d2"><code>7d4cb4e</code></a> Docs: environment variables contain strings (<a href="https://redirect.github.com/tox-dev/tox/issues/3575">#3575</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/9930f8bf62e5bbbdf156f178f9a5b69deda096a4"><code>9930f8b</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3573">#3573</a>)</li> <li>See full diff in <a href="https://github.com/tox-dev/tox/compare/4.28.4...4.29.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ycloneDX#878) Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 7.10.6 — 2025-08-29</h2> <ul> <li> <p>Fix: <code>source</code> directories were not properly communicated to subprocesses that ran in different directories, as reported in <code>issue 1499</code>_. This is now fixed.</p> </li> <li> <p>Performance: <code>Alex Gaynor continues fine-tuning <pull 2038_></code>_ the speed of combination, especially with many contexts.</p> </li> </ul> <p>.. _issue 1499: <a href="https://redirect.github.com/nedbat/coveragepy/issues/1499">nedbat/coveragepy#1499</a> .. _pull 2038: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2038">nedbat/coveragepy#2038</a></p> <p>.. _changes_7-10-5:</p> <h2>Version 7.10.5 — 2025-08-23</h2> <ul> <li>Big speed improvements for <code>coverage combine</code>: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests <code>2032 <pull 2032_></code><em>, <code>2033 <pull 2033_></code></em>, and <code>2034 <pull 2034_></code>_.</li> </ul> <p>.. _pull 2032: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2032">nedbat/coveragepy#2032</a> .. _pull 2033: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2033">nedbat/coveragepy#2033</a> .. _pull 2034: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2034">nedbat/coveragepy#2034</a></p> <p>.. _changes_7-10-4:</p> <h2>Version 7.10.4 — 2025-08-16</h2> <ul> <li> <p>Added <code>patch = fork</code> for times when the built-in forking support is insufficient.</p> </li> <li> <p>Fix: <code>patch = execv</code> also inherits the entire coverage configuration now.</p> </li> </ul> <p>.. _changes_7-10-3:</p> <h2>Version 7.10.3 — 2025-08-10</h2> <ul> <li> <p>Fixes for <code>patch = subprocess</code>:</p> <ul> <li> <p>If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing <code>issue 2024</code>_.</p> </li> <li> <p>If subprocesses were created in other directories, their data files were</p> </li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/88c55ff87437f7e59b42d131d0e2b6ce413546bf"><code>88c55ff</code></a> docs: sample HTML for 7.10.6</li> <li><a href="https://github.com/nedbat/coveragepy/commit/01d89959bfa825f661121e0f8d173f3ae1ecedac"><code>01d8995</code></a> docs: prep for 7.10.6</li> <li><a href="https://github.com/nedbat/coveragepy/commit/9b0c24ffc17840464c2343b702a6ee44e10fcadf"><code>9b0c24f</code></a> docs: thanks Alex <a href="https://redirect.github.com/nedbat/coveragepy/issues/2038">#2038</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/66d69108654f6fc1de916a37fc06ac898091aa2d"><code>66d6910</code></a> fix: make <code>source</code> paths absolute where they exist. <a href="https://redirect.github.com/nedbat/coveragepy/issues/1499">#1499</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/bb3382f50f2b91aebb046d665334a5d361e5ddc5"><code>bb3382f</code></a> build: no need for the combine/html times now</li> <li><a href="https://github.com/nedbat/coveragepy/commit/9ea349a164527832a49faa3eeec628d59ef75c7c"><code>9ea349a</code></a> lab: warn_executed.py</li> <li><a href="https://github.com/nedbat/coveragepy/commit/808c9b48af3ad7b567182d383eb31451615664e0"><code>808c9b4</code></a> build: changing metacov.ini should trigger metacov</li> <li><a href="https://github.com/nedbat/coveragepy/commit/384f5f22bd1ef52000d80922de03922a58ff936c"><code>384f5f2</code></a> build: oops, some 'if's are really line pragmas</li> <li><a href="https://github.com/nedbat/coveragepy/commit/a7224af73365ba2d217f0e0966c7873c5bac3a67"><code>a7224af</code></a> perf: pre-compute the mapping between other_db.context and main.context (<a href="https://redirect.github.com/nedbat/coveragepy/issues/2038">#2038</a>)</li> <li><a href="https://github.com/nedbat/coveragepy/commit/5c00c5ba4bcd4f7da6a9f0ccd0797e0944415e8a"><code>5c00c5b</code></a> chore: bump the action-dependencies group with 3 updates (<a href="https://redirect.github.com/nedbat/coveragepy/issues/2039">#2039</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/7.10.2...7.10.6">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1164">actions/setup-python#1164</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Enhancements:</h3> <ul> <li>Add support for <code>pip-version</code> by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1129">actions/setup-python#1129</a></li> <li>Enhance reading from .python-version by <a href="https://github.com/krystof-k"><code>@krystof-k</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/787">actions/setup-python#787</a></li> <li>Add version parsing from Pipfile by <a href="https://github.com/aradkdj"><code>@aradkdj</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1067">actions/setup-python#1067</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1183">actions/setup-python#1183</a></li> <li>Change missing cache directory error to warning by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1182">actions/setup-python#1182</a></li> <li>Add Architecture-Specific PATH Management for Python with --user Flag on Windows by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1122">actions/setup-python#1122</a></li> <li>Include python version in PyPy python-version output by <a href="https://github.com/cdce8p"><code>@cdce8p</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1110">actions/setup-python#1110</a></li> <li>Update docs: clarification on pip authentication with setup-python by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1156">actions/setup-python#1156</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade idna from 2.9 to 3.7 in /<strong>tests</strong>/data by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/843">actions/setup-python#843</a></li> <li>Upgrade form-data to fix critical vulnerabilities <a href="https://redirect.github.com/actions/setup-python/issues/182">#182</a> & <a href="https://redirect.github.com/actions/setup-python/issues/183">#183</a> by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1163">actions/setup-python#1163</a></li> <li>Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1165">actions/setup-python#1165</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/1181">actions/setup-python#1181</a></li> <li>Upgrade <code>@actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/1095">actions/setup-python#1095</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/krystof-k"><code>@krystof-k</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/787">actions/setup-python#787</a></li> <li><a href="https://github.com/cdce8p"><code>@cdce8p</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1110">actions/setup-python#1110</a></li> <li><a href="https://github.com/aradkdj"><code>@aradkdj</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1067">actions/setup-python#1067</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v6.0.0">https://github.com/actions/setup-python/compare/v5...v6.0.0</a></p> <h2>v5.6.0</h2> <h2>What's Changed</h2> <ul> <li>Workflow updates related to Ubuntu 20.04 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1065">actions/setup-python#1065</a></li> <li>Fix for Candidate Not Iterable Error by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1082">actions/setup-python#1082</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1091">actions/setup-python#1091</a></li> <li>Upgrade prettier from 2.8.8 to 3.5.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1046">actions/setup-python#1046</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1081">actions/setup-python#1081</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.6.0">https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p> <h2>v5.5.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Support free threaded Python versions like '3.13t' by <a href="https://github.com/colesbury"><code>@colesbury</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li> <li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.3 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1056">actions/setup-python#1056</a></li> <li>Add support for .tool-versions file in setup-python by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Fix architecture for pypy on Linux ARM64 by <a href="https://github.com/mayeut"><code>@mayeut</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1011">actions/setup-python#1011</a> This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/e797f83bcb11b83ae66e0230d6156d7c80228e7c"><code>e797f83</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/setup-python/issues/1164">#1164</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/3d1e2d2ca0a067f27da6fec484fce7f5256def85"><code>3d1e2d2</code></a> Revert "Enhance cache-dependency-path handling to support files outside the w...</li> <li><a href="https://github.com/actions/setup-python/commit/65b071217a8539818fdb8b54561bcbae40380a54"><code>65b0712</code></a> Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...</li> <li><a href="https://github.com/actions/setup-python/commit/5b668cf7652160527499ee14ceaff4be9306cb88"><code>5b668cf</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-python/issues/1181">#1181</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/f62a0e252fe7114e86949abfa6e1e89f85bb38c2"><code>f62a0e2</code></a> Change missing cache directory error to warning (<a href="https://redirect.github.com/actions/setup-python/issues/1182">#1182</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/9322b3ca74000aeb2c01eb777b646334015ddd72"><code>9322b3c</code></a> Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...</li> <li><a href="https://github.com/actions/setup-python/commit/fbeb884f69f0ac1c0257302f62aa524c2824b649"><code>fbeb884</code></a> Bump form-data to fix critical vulnerabilities <a href="https://redirect.github.com/actions/setup-python/issues/182">#182</a> & <a href="https://redirect.github.com/actions/setup-python/issues/183">#183</a> (<a href="https://redirect.github.com/actions/setup-python/issues/1163">#1163</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/03bb6152f4f691b9d64579a1bd791904a083c452"><code>03bb615</code></a> Bump idna from 2.9 to 3.7 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/843">#843</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/36da51d563b70a972897150555bb025096d65565"><code>36da51d</code></a> Add version parsing from Pipfile (<a href="https://redirect.github.com/actions/setup-python/issues/1067">#1067</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/3c6f142cc0036d53007e92fa1e327564a4cfb7aa"><code>3c6f142</code></a> update documentation (<a href="https://redirect.github.com/actions/setup-python/issues/1156">#1156</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-python/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…eDX#884) Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.30.2</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tox-dev/tox/pull/3603">tox-dev/tox#3603</a></li> <li>Ensure automatically provisioned environment is torn down by <a href="https://github.com/vytas7"><code>@vytas7</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3601">tox-dev/tox#3601</a></li> <li>Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 in /.github/workflows by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tox-dev/tox/pull/3604">tox-dev/tox#3604</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.30.1...4.30.2">https://github.com/tox-dev/tox/compare/4.30.1...4.30.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.30.2 (2025-09-04)</h2> <p>Bugfixes - 4.30.2</p> <pre><code>- Previously, when tox ran in an automatically provisioned environment, it could hang waiting for a PEP 517 build backend if used in conjunction with the ``--installpkg`` option. This has been fixed by properly tearing down the automatically provisioned environment after the tests. - by :user:`vytas7` (:issue:`3600`) <h2>v4.30.1 (2025-09-03)</h2> <p>Bugfixes - 4.30.1 </code></pre></p> <ul> <li>Prevent tox from hanging upon exit due to orphaned build threads and subprocesses when the <code>--installpkg</code> option is used with <em>sdist</em>. <ul> <li>by :user:<code>vytas7</code> (:issue:<code>3530</code>)</li> </ul> </li> </ul> <h2>v4.30.0 (2025-09-03)</h2> <p>Features - 4.30.0</p> <pre><code>- Add ``__TOX_ENVIRONMENT_VARIABLE_ORIGINAL_CI``, which passes through the ``CI`` variable if present. This is intended for use by other libraries to detect if tox is running under CI. (:issue:`3442`) <p>Bugfixes - 4.30.0 </code></pre></p> <ul> <li> <p>Makes the error message more clear when pyproject.toml file cannot be loaded or is missing expected keys. (:issue:<code>3578</code>)</p> </li> <li> <p>The :func:<code>tox_extend_envs() hook <tox.plugin.spec.tox_extend_envs></code> recently added in :pull:<code>3591</code> turned out to not work well with <code>tox run</code>. It was fixed internally, not to exhaust the underlying iterator on the first use.</p> <p>-- by :user:<code>webknjaz</code> (:issue:<code>3598</code>)</p> </li> </ul> <h2>v4.29.0 (2025-08-29)</h2> <p>Features - 4.29.0</p> <pre><code>- A new tox life cycle event is now exposed for use via :doc:`Plugins API </plugins>` -- by :user:`webknjaz`. <p>The corresponding hook point is :func:<code>tox_extend_envs &lt;tox.plugin.spec.tox_extend_envs&gt;</code>. It allows plugin authors to declare ephemeral environments that they can then populate through the in-memory configuration loader interface.</p> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/5e0784a7f5ea5f89c089351c9a7e23863bd131b9"><code>5e0784a</code></a> release 4.30.2</li> <li><a href="https://github.com/tox-dev/tox/commit/64e8a34883369a80350b311ceb3550f30931cd51"><code>64e8a34</code></a> Bump pypa/gh-action-pypi-publish in /.github/workflows (<a href="https://redirect.github.com/tox-dev/tox/issues/3604">#3604</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/723008808899afec3c1aa7412bd7771694d66f5a"><code>7230088</code></a> Ensure automatically provisioned environment is torn down (<a href="https://redirect.github.com/tox-dev/tox/issues/3601">#3601</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/2c31dbcbfc4d28944b4116b86a70420a815a012a"><code>2c31dbc</code></a> Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (<a href="https://redirect.github.com/tox-dev/tox/issues/3603">#3603</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/b33a43c270eb87e61833b7ed934b401d23aeded5"><code>b33a43c</code></a> release 4.30.1</li> <li><a href="https://github.com/tox-dev/tox/commit/9ea1c3223aef5d919dcd44baf0bf2de4aedbf7f7"><code>9ea1c32</code></a> Prevent Tox from hanging with <code>--installpkg</code> sdist due to orphaned build back...</li> <li><a href="https://github.com/tox-dev/tox/commit/aa90652cd6b451ca1cf75144467b23d32daab448"><code>aa90652</code></a> release 4.30.0</li> <li><a href="https://github.com/tox-dev/tox/commit/48fecab4a8691674448c39ab7cde6531038fb308"><code>48fecab</code></a> Ensure <code>tox_extend_envs</code> list can be read twice (<a href="https://redirect.github.com/tox-dev/tox/issues/3598">#3598</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/0b8f66f259f8d0ab413d5041834073f1f9066231"><code>0b8f66f</code></a> fix: provide clear messaging about config file loading (<a href="https://redirect.github.com/tox-dev/tox/issues/3578">#3578</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/adf0997b760ecd2a877e0f42f01da996911f6f18"><code>adf0997</code></a> Add a "version added" note for <code>tox_extend_envs</code> (<a href="https://redirect.github.com/tox-dev/tox/issues/3595">#3595</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.29.0...4.30.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
…neDX#889) Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Next Release</h2> <h2>Mypy 1.18</h2> <p>We’ve just uploaded mypy 1.18 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h3>Mypy Performance Improvements</h3> <p>Mypy 1.18 includes numerous performance improvements, resulting in about 40% speedup compared to 1.17 when type checking mypy itself. In extreme cases, the improvement can be 10x or higher. The list below is an overview of the various mypy optimizations. Many mypyc improvements (discussed in a separate section below) also improve performance.</p> <p>Type caching optimizations have a small risk of causing regressions. When reporting issues with unexpected inferred types, please also check if <code>--disable-expression-cache</code> will work around the issue, as it turns off some of these optimizations.</p> <ul> <li>Improve self check performance by 1.8% (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19768">19768</a>, <a href="https://redirect.github.com/python/mypy/pull/19769">19769</a>, <a href="https://redirect.github.com/python/mypy/pull/19770">19770</a>)</li> <li>Optimize fixed-format deserialization (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19765">19765</a>)</li> <li>Use macros to optimize fixed-format deserialization (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19757">19757</a>)</li> <li>Two additional micro‑optimizations (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19627">19627</a>)</li> <li>Another set of micro‑optimizations (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19633">19633</a>)</li> <li>Cache common types (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19621">19621</a>)</li> <li>Skip more method bodies in third‑party libraries for speed (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19586">19586</a>)</li> <li>Simplify the representation of callable types (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19580">19580</a>)</li> <li>Add cache for types of some expressions (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19505">19505</a>)</li> <li>Use cache for dictionary expressions (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19536">19536</a>)</li> <li>Use cache for binary operations (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19523">19523</a>)</li> <li>Cache types of type objects (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19514">19514</a>)</li> <li>Avoid duplicate work when checking boolean operations (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19515">19515</a>)</li> <li>Optimize generic inference passes (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19501">19501</a>)</li> <li>Speed up the default plugin (Jukka Lehtosalo, PRs <a href="https://redirect.github.com/python/mypy/pull/19385">19385</a> and <a href="https://redirect.github.com/python/mypy/pull/19462">19462</a>)</li> <li>Remove nested imports from the default plugin (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19388">19388</a>)</li> <li>Micro‑optimize type expansion (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19461">19461</a>)</li> <li>Micro‑optimize type indirection (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19460">19460</a>)</li> <li>Micro‑optimize the plugin framework (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19464">19464</a>)</li> <li>Avoid temporary set creation in subtype checking (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19463">19463</a>)</li> <li>Subtype checking micro‑optimization (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19384">19384</a>)</li> <li>Return early where possible in subtype check (Stanislav Terliakov, PR <a href="https://redirect.github.com/python/mypy/pull/19400">19400</a>)</li> <li>Deduplicate some types before joining (Stanislav Terliakov, PR <a href="https://redirect.github.com/python/mypy/pull/19409">19409</a>)</li> <li>Speed up type checking by caching argument inference context (Jukka Lehtosalo, PR <a href="https://redirect.github.com/python/mypy/pull/19323">19323</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/03fbaa941bccc3a9f8aea796d586603b67119bf2"><code>03fbaa9</code></a> bump version to 1.18.1 due to wheels failure</li> <li><a href="https://github.com/python/mypy/commit/b44a1fbf0cf9fd90fd29d6bcd9f64c55dd2fd4c8"><code>b44a1fb</code></a> removed +dev from version</li> <li><a href="https://github.com/python/mypy/commit/7197a99d1aebb1b7a584f82a53c44efb7dddf136"><code>7197a99</code></a> Removed Unreleased in the Changelog for Release 1.18 (<a href="https://redirect.github.com/python/mypy/issues/19827">#19827</a>)</li> <li><a href="https://github.com/python/mypy/commit/ee61cec0d654463874ddee3a60914f0a6cd08222"><code>ee61cec</code></a> Updates to 1.18 changelog (<a href="https://redirect.github.com/python/mypy/issues/19826">#19826</a>)</li> <li><a href="https://github.com/python/mypy/commit/24eed0bd0bb1107ede163ed314082a0f3e7dbbc4"><code>24eed0b</code></a> Initial changelog for release 1.18 (<a href="https://redirect.github.com/python/mypy/issues/19818">#19818</a>)</li> <li><a href="https://github.com/python/mypy/commit/0ca1f2a7e50ed38eed95ecf8c1f2df1057da902d"><code>0ca1f2a</code></a> Expose --fixed-format-cache if compiled (<a href="https://redirect.github.com/python/mypy/issues/19815">#19815</a>)</li> <li><a href="https://github.com/python/mypy/commit/2ce1bb225f3ced0ad4b2080af8a9a0eb39f8b38e"><code>2ce1bb2</code></a> [mypyc] Fix subclass processing in detect_undefined_bitmap (<a href="https://redirect.github.com/python/mypy/issues/19787">#19787</a>)</li> <li><a href="https://github.com/python/mypy/commit/a6b55f061d6a352e7d272ec5bc890650b7187380"><code>a6b55f0</code></a> feat: new mypyc primitives for weakref.proxy (<a href="https://redirect.github.com/python/mypy/issues/19217">#19217</a>)</li> <li><a href="https://github.com/python/mypy/commit/5a323dd2f8927eb958835e51916402c27ec2f31f"><code>5a323dd</code></a> Make --allow-redefinition-new argument public (<a href="https://redirect.github.com/python/mypy/issues/19796">#19796</a>)</li> <li><a href="https://github.com/python/mypy/commit/8638eb40aa7b9d3088f17ab005c538c86c752edd"><code>8638eb4</code></a> [stubtest] temporary <code>--ignore-disjoint-bases</code> flag (<a href="https://redirect.github.com/python/mypy/issues/19740">#19740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/mypy/compare/v1.17.1...v1.18.1">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…neDX#890) Updates the requirements on [mypy](https://github.com/python/mypy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h3>Mypy 1.18.2</h3> <ul> <li>Fix crash on recursive alias (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19845">19845</a>)</li> <li>Add additional guidance for stubtest errors when runtime is <code>object.__init__</code> (Stephen Morton, PR <a href="https://redirect.github.com/python/mypy/pull/19733">19733</a>)</li> <li>Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR <a href="https://redirect.github.com/python/mypy/pull/19846">19846</a>)</li> </ul> <h3>Acknowledgements</h3> <p>Thanks to all mypy contributors who contributed to this release:</p> <ul> <li>Ali Hamdan</li> <li>Anthony Sottile</li> <li>BobTheBuidler</li> <li>Brian Schubert</li> <li>Chainfire</li> <li>Charlie Denton</li> <li>Christoph Tyralla</li> <li>CoolCat467</li> <li>Daniel Hnyk</li> <li>Emily</li> <li>Emma Smith</li> <li>Ethan Sarp</li> <li>Ivan Levkivskyi</li> <li>Jahongir Qurbonov</li> <li>Jelle Zijlstra</li> <li>Joren Hammudoglu</li> <li>Jukka Lehtosalo</li> <li>Marc Mueller</li> <li>Omer Hadari</li> <li>Piotr Sawicki</li> <li>PrinceNaroliya</li> <li>Randolf Scholz</li> <li>Robsdedude</li> <li>Saul Shanabrook</li> <li>Shantanu</li> <li>Stanislav Terliakov</li> <li>Stephen Morton</li> <li>wyattscarpenter</li> </ul> <p>I’d also like to thank my employer, Dropbox, for supporting mypy development.</p> <h2>Mypy 1.17</h2> <p>We’ve just uploaded mypy 1.17 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/df05f05555ee62dbdb9960c64cad186172e92be1"><code>df05f05</code></a> remove +dev from version</li> <li><a href="https://github.com/python/mypy/commit/01a7a1285d03cb7a330359b22cb462aacb5f9720"><code>01a7a12</code></a> Update changelog for 1.18.2 (<a href="https://redirect.github.com/python/mypy/issues/19873">#19873</a>)</li> <li><a href="https://github.com/python/mypy/commit/ca5abf09f3bfc543ac9c18a364696bc5da20bc03"><code>ca5abf0</code></a> Typeshed cherry-pick: Make type of <code>unitest.mock.Any</code> a subclass of <code>Any</code> (<a href="https://redirect.github.com/python/mypy/issues/1">#1</a>...</li> <li><a href="https://github.com/python/mypy/commit/9d794b57d9c5b03d61caa3286756c05e0ae3021b"><code>9d794b5</code></a> [mypyc] fix: inappropriate <code>None</code>s in f-strings (<a href="https://redirect.github.com/python/mypy/issues/19846">#19846</a>)</li> <li><a href="https://github.com/python/mypy/commit/2c0510c84868b6bb42ef0f305b701e530a85c25f"><code>2c0510c</code></a> stubtest: additional guidance on errors when runtime is object.<strong>init</strong> (<a href="https://redirect.github.com/python/mypy/issues/19733">#19733</a>)</li> <li><a href="https://github.com/python/mypy/commit/2f3f03c3e39e68dbfa3544c01a34f99803b3e1c2"><code>2f3f03c</code></a> Bump version to 1.18.2+dev for point release</li> <li><a href="https://github.com/python/mypy/commit/76698412bc1f3ca99000d52649acd5a0e06aa71d"><code>7669841</code></a> Fix crash on recursive alias in indirection.py (<a href="https://redirect.github.com/python/mypy/issues/19845">#19845</a>)</li> <li>See full diff in <a href="https://github.com/python/mypy/compare/v1.18.1...v1.18.2">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | mypy | [>= 0.971.a, < 0.972] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ycloneDX#891) Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 7.10.7 — 2025-09-21</h2> <ul> <li> <p>Performance: with branch coverage in large files, generating HTML, JSON, or LCOV reports could take far too long due to some quadratic behavior when creating the function and class index pages. This is now fixed, closing <code>issue 2048</code>_. Thanks to Daniel Diniz for help diagnosing the problem.</p> </li> <li> <p>Most warnings and a few errors now have links to a page in the docs explaining the specific message. Closes <code>issue 1921</code>_.</p> </li> </ul> <p>.. _issue 1921: <a href="https://redirect.github.com/nedbat/coveragepy/issues/1921">nedbat/coveragepy#1921</a> .. _issue 2048: <a href="https://redirect.github.com/nedbat/coveragepy/issues/2048">nedbat/coveragepy#2048</a></p> <p>.. _changes_7-10-6:</p> <h2>Version 7.10.6 — 2025-08-29</h2> <ul> <li> <p>Fix: <code>source</code> directories were not properly communicated to subprocesses that ran in different directories, as reported in <code>issue 1499</code>_. This is now fixed.</p> </li> <li> <p>Performance: <code>Alex Gaynor continues fine-tuning <pull 2038_></code>_ the speed of combination, especially with many contexts.</p> </li> </ul> <p>.. _issue 1499: <a href="https://redirect.github.com/nedbat/coveragepy/issues/1499">nedbat/coveragepy#1499</a> .. _pull 2038: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2038">nedbat/coveragepy#2038</a></p> <p>.. _changes_7-10-5:</p> <h2>Version 7.10.5 — 2025-08-23</h2> <ul> <li>Big speed improvements for <code>coverage combine</code>: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests <code>2032 <pull 2032_></code><em>, <code>2033 <pull 2033_></code></em>, and <code>2034 <pull 2034_></code>_.</li> </ul> <p>.. _pull 2032: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2032">nedbat/coveragepy#2032</a> .. _pull 2033: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2033">nedbat/coveragepy#2033</a> .. _pull 2034: <a href="https://redirect.github.com/nedbat/coveragepy/pull/2034">nedbat/coveragepy#2034</a></p> <p>.. _changes_7-10-4:</p> <h2>Version 7.10.4 — 2025-08-16</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/92a2af54e6bc948a9c536bd9b12bab70fb055904"><code>92a2af5</code></a> docs: sample HTML for 7.10.7</li> <li><a href="https://github.com/nedbat/coveragepy/commit/952afdaca658d5e1acdd533c727448a0b218caf0"><code>952afda</code></a> docs: prep for 7.10.7</li> <li><a href="https://github.com/nedbat/coveragepy/commit/a301761e69da97b27662f395974d26f78fa8b2b5"><code>a301761</code></a> build: riscv64 wheels (<a href="https://redirect.github.com/nedbat/coveragepy/issues/2055">#2055</a>)</li> <li><a href="https://github.com/nedbat/coveragepy/commit/5daff8d38786aa540ff9bec622eb3389f117f911"><code>5daff8d</code></a> docs: now source is formatted with ruff</li> <li><a href="https://github.com/nedbat/coveragepy/commit/04bbc3acfd914fdd99ffec9873bc03bdc7329357"><code>04bbc3a</code></a> docs: discuss cog in the contributing docs</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c181b9315f59a81667da47cf3d760d0253872238"><code>c181b93</code></a> build: use cog --check-fail-msg to instruct devs</li> <li><a href="https://github.com/nedbat/coveragepy/commit/33c4ba196f49e0ee86ab0ff473c0876c0bacd5fa"><code>33c4ba1</code></a> chore: make upgrade</li> <li><a href="https://github.com/nedbat/coveragepy/commit/0744b73b6b503ccf2cb75aba095c023672b921a8"><code>0744b73</code></a> chore: bump the action-dependencies group across 1 directory with 2 updates (...</li> <li><a href="https://github.com/nedbat/coveragepy/commit/0d5a112fc54c1d5a07f3f2ec451779808902c9af"><code>0d5a112</code></a> perf: bulk narrowing to avoid N**2. <a href="https://redirect.github.com/nedbat/coveragepy/issues/2048">#2048</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/a868ed9269ca474748130f5c6360cd2aae66ffc8"><code>a868ed9</code></a> docs: mention Python Discord on the index page</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/7.10.6...7.10.7">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
### Description Adds validation documentation with practical examples for validating CycloneDX SBOMs, addressing CycloneDX#708. - Include practical examples for JSON and XML validation - Document error handling patterns with ValidationError inspection Resolves or fixes issue: CycloneDX#708 ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md) guidelines --------- Signed-off-by: Saquib Saifee <saquibsaifee@ibm.com> Signed-off-by: Saquib Saifee <saquibsaifee2@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Documentation build overview
|
saquibsaifee
changed the base branch from
main
to
feat/validator_error_useful
saquibsaifee
changed the base branch from
feat/validator_error_useful
to
main
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description The correct parameter name is `--signoff` as per the official docs: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s Otherwise, it is frustrating for occasional or first-time contributors to be told to use parameters which the standard tools do not understand. Additionally fixes a casing typo I stumbled upon when reading the document. Resolves or fixes issue: none ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: stefan6419846 <96178532+stefan6419846@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
…DX#947) This change adds properties to DisjunctiveLicense according to CycloneDX v1.5 Related to / implements a part of issue CycloneDX#578 ---- ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: Peter Schuster <p.schuster@pilz.de>
Signed-off-by: Peter Schuster <p.schuster@pilz.de>
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
…rm compatibility (CycloneDX#950) Currently pyupgrade cannot be run on Windows due to 'sh' in tox.ini not working in PowerShell. Adding a separate script for this might be controversial. \ I could not find another solution that is platform independent, except from inline python in tox.ini which got "complicated" due to `{posargs}`. However, if anyone has a better idea, this could be reworked. ### AI Tool Disclosure - [X] My contribution includes AI-generated content, as disclosed below: - The contents of the new script is based on suggestions from Claude Sonnet 4.6 ### Affirmation - [X] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md) guidelines --------- Signed-off-by: Peter Schuster <p.schuster@pilz.de> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context. Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
### Description fix coverage reporting failing runs: - timeout https://github.com/CycloneDX/cyclonedx-python-lib/actions/runs/24053559593/job/70220791872#step:3:350 - unresolvable target: https://github.com/CycloneDX/cyclonedx-python-lib/actions/runs/24052662937/job/70152194867#step:3:422 ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
…eDX#954) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: semantic-release <semantic-release> Co-authored-by: cyclonedx-internal-release-bot[bot] <275040549+cyclonedx-internal-release-bot[bot]@users.noreply.github.com> Co-authored-by: cyclonedx-releases[bot] <275040549+cyclonedx-releases[bot]@users.noreply.github.com>
…tracking (CycloneDX#961) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com>
…DX#968) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: cyclonedx-releases[bot] <275040549+cyclonedx-releases[bot]@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 1609 |
| Duplication | 38 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
…idation-error-messages Signed-off-by: Saquib Saifee <saquibsaifee2@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
jsonschemacontext error when available.message/pathshape used for JSON.Fixes issue: #827
AI Tool Disclosure
GTP CodexGPT-5.3-Codex[Summarize the key prompts or instructions given to the AI tools]Affirmation