Chore
* chore: shield_ossf-best-practices subbary
Signed-off-by: Jan Kowalleck <jan.kowalleckgmail.com> ([`0d00496`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d00496ca2191394276d0410cc8e81e5630d674d))
* chore(deps-dev): update coverage requirement from 7.5.0 to 7.5.1 (608)
Updates the requirements on
[coverage](https://github.com/nedbat/coveragepy) to permit the latest
version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href=&34;https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage&39;s
changelog</a>.</em></p>
<blockquote>
<h2>Version 7.5.1 — 2024-05-04</h2>
<ul>
<li>
<p>Fix: a pragma comment on the continuation lines of a multi-line
statement
now excludes the statement and its body, the same as if the pragma is
on the first line. This closes <code>issue 754</code><em>. The fix was
contributed by
<code>Daniel Diniz &lt;pull 1773_&gt;</code></em>.</p>
</li>
<li>
<p>Fix: very complex source files like <code>this one
&lt;resolvent_lookup_&gt;</code>_ could
cause a maximum recursion error when creating an HTML report. This is
now
fixed, closing <code>issue 1774</code>_.</p>
</li>
<li>
<p>HTML report improvements:</p>
<ul>
<li>
<p>Support files (JavaScript and CSS) referenced by the HTML report now
have
hashes added to their names to ensure updated files are used instead of
stale cached copies.</p>
</li>
<li>
<p>Missing branch coverage explanations that said &quot;the condition
was never
false&quot; now read &quot;the condition was always true&quot; because
it&39;s easier to
understand.</p>
</li>
<li>
<p>Column sort order is remembered better as you move between the index
pages,
fixing <code>issue 1766</code><em>. Thanks, <code>Daniel Diniz &lt;pull
1768_&gt;</code></em>.</p>
</li>
</ul>
</li>
</ul>
<p>.. _resolvent_lookup: <a
href=&34;https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py">https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py</a>
.. _issue 754: <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/754">nedbat/coveragepy754</a>
.. _issue 1766: <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1766">nedbat/coveragepy1766</a>
.. _pull 1768: <a
href=&34;https://redirect.github.com/nedbat/coveragepy/pull/1768">nedbat/coveragepy1768</a>
.. _pull 1773: <a
href=&34;https://redirect.github.com/nedbat/coveragepy/pull/1773">nedbat/coveragepy1773</a>
.. _issue 1774: <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1774">nedbat/coveragepy1774</a></p>
<p>.. _changes_7-5-0:</p>
<h2>Version 7.5.0 — 2024-04-23</h2>
<ul>
<li>
<p>Added initial support for function and class reporting in the HTML
report.
There are now three index pages which link to each other: files,
functions,
and classes. Other reports don&39;t yet have this information, but it will
be
added in the future where it makes sense. Feedback gladly accepted!
Finishes <code>issue 780</code>_.</p>
</li>
<li>
<p>Other HTML report improvements:</p>
<ul>
<li>There is now a &quot;hide covered&quot; checkbox to filter out 100%
files, finishing
<code>issue 1384</code>_.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/be938eaa195a52dd89f3a13aa68bb80de3425b11"><code>be938ea</code></a>
docs: sample HTML for 7.5.1</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/02c66d76912259c8a03282d153007a569f05f495"><code>02c66d7</code></a>
docs: prep for 7.5.1</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/5fa9f67853a7112e08185ed416de7907b8e524da"><code>5fa9f67</code></a>
fix: avoid max recursion errors in ast code. <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1774">1774</a></li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/34af01dfc877e7f35b49f5ec402c39437ae7c1f1"><code>34af01d</code></a>
build: easier to run metasmoke on desired python version</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/6b0cac5843d0cbfb68391f36397e6759e13e297d"><code>6b0cac5</code></a>
perf: cache _human_key to speed html report by about 10%</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/fdc0ee896825334bfa13735d94b2da78da72f76b"><code>fdc0ee8</code></a>
docs: oops, typo</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/60e6cb4267c1f25690e37198e1e55130ae94b4e1"><code>60e6cb4</code></a>
docs: changelog for <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/754">754</a>
and <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1773">1773</a></li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/277c8c43c9ee59c941ec8fd7da8ea2a49049d1e0"><code>277c8c4</code></a>
fix: &39; pragma: no branch&39; in multiline if statements. <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/754">754</a>
(<a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1773">1773</a>)</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/34d3eb76b7833268019ac25e5265c2c1b192abcb"><code>34d3eb7</code></a>
docs: update changelog for <a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1786">1786</a>.
Thanks, Daniel Diniz</li>
<li><a
href=&34;https://github.com/nedbat/coveragepy/commit/2bb5ef22787185fd90a525e8e26bbe360a3492f1"><code>2bb5ef2</code></a>
fix(html): make HTML column sorting consistent across index pages (fix
<a
href=&34;https://redirect.github.com/nedbat/coveragepy/issues/1766">1766</a>)...</li>
<li>Additional commits viewable in <a
href=&34;https://github.com/nedbat/coveragepy/compare/7.5.0...7.5.1">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don&39;t
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: (dependabot-automerge-start)
[//]: (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <supportgithub.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]users.noreply.github.com> ([`4f9174b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4f9174b52fd7e9c940d447b8149559b624b1539e))
* chore(ci): update GH action versions (606)
Signed-off-by: Paul Horton <paul.hortonowasp.org> ([`6d1bc5b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6d1bc5b5e3c6cecc8681b7a197d07632819dc994))
* chore(deps-dev): update tox requirement from 4.14.2 to 4.15.0 (603)
Updates the requirements on [tox](https://github.com/tox-dev/tox) to
permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href=&34;https://github.com/tox-dev/tox/releases">tox&39;s
releases</a>.</em></p>
<blockquote>
<h2>4.15.0</h2>
<!-- raw HTML omitted -->
<h2>What&39;s Changed</h2>
<ul>
<li>Remove duplicated and misleading configuration section by <a
href=&34;https://github.com/jugmac00"><code>jugmac00</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3251">tox-dev/tox3251</a></li>
<li>Fix dropped leading characters <code>c</code> from constraints&39;
packages by <a
href=&34;https://github.com/jugmac00"><code>jugmac00</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3250">tox-dev/tox3250</a></li>
<li>Fix type-checking by <a
href=&34;https://github.com/stefanor"><code>stefanor</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3260">tox-dev/tox3260</a></li>
<li>Update installation.rst by <a
href=&34;https://github.com/shenxianpeng"><code>shenxianpeng</code></a>
in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3257">tox-dev/tox3257</a></li>
<li>Allow appending to deps with the command line by <a
href=&34;https://github.com/stefanor"><code>stefanor</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3259">tox-dev/tox3259</a></li>
<li>Support multiple override appends by <a
href=&34;https://github.com/amitschang"><code>amitschang</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3261">tox-dev/tox3261</a></li>
<li>Add bang to invert exit code by <a
href=&34;https://github.com/sillydan1"><code>sillydan1</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3271">tox-dev/tox3271</a></li>
<li>fix(parser): Fix --discover parsed incorrectly from env by <a
href=&34;https://github.com/mimre25"><code>mimre25</code></a> in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3274">tox-dev/tox3274</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href=&34;https://github.com/shenxianpeng"><code>shenxianpeng</code></a>
made their first contribution in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3257">tox-dev/tox3257</a></li>
<li><a
href=&34;https://github.com/amitschang"><code>amitschang</code></a> made
their first contribution in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3261">tox-dev/tox3261</a></li>
<li><a href=&34;https://github.com/sillydan1"><code>sillydan1</code></a>
made their first contribution in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3271">tox-dev/tox3271</a></li>
<li><a href=&34;https://github.com/mimre25"><code>mimre25</code></a> made
their first contribution in <a
href=&34;https://redirect.github.com/tox-dev/tox/pull/3274">tox-dev/tox3274</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href=&34;https://github.com/tox-dev/tox/compare/4.14.2...4.15.0">https://github.com/tox-dev/tox/compare/4.14.2...4.15.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href=&34;https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox&39;s
changelog</a>.</em></p>
<blockquote>
<h2>v4.15.0 (2024-04-26)</h2>
<p>Features - 4.15.0</p>
<pre><code>- Add support for multiple appending override options (-x,
--override) on command line - by :user:`amitschang`. (:issue:`3261`)
- Add support for inverting exit code success criteria using bang (!)
(:issue:`3271`)