Skjold

Feature/Maintenance release.

**Important!**: From this release onwards `skjold` depends on/uses `packaging` instead of `poetry-semver` (See 52 for details).

**Changes**
- Use `packaging` for parsing versions instead of `poetry-semver`. See 52
- Display helpful message if Github Token is not found/set when using the `github` source. See 56
- Updated dependencies.

Bugfix release.

**Changes**
- Removing `verbose` flag from `.pre-commit-hook.yaml` as it is only supposed to be used during debugging. See [Comment](https://github.com/twu/skjold/pull/48#discussion_r655524560) Thanks asottile!
- Bump types-pyyaml from 0.1.9 to 5.4.3 (49)

Bugfix release.

**Changes**
- Bumps minimal `click` version to `8.x` to fix issue with changed `get_default` signature.

Feature / Maintenance release.

**Important!**: When using `skjold` as a `pre-commit`-hook it only gets triggered if you want to commit changed dependency files (e.g. `Pipenv.lock`, `poetry.lock`, `requirements.txt`,...). It will not continuously check your dependencies on _every_ commit!

**Important!**: If you use `report_only` in any way make sure that you add `verbose: true` to your hook configuration otherwise `pre-commit` won't show you any output since the hook is always returning with a zero exit code due to `report_only` being set!

**Breaking Changes**
- **CLI**: `skjold` will now always write the number of ignored findings and vulnerable packages to `stderr`. The rest of the output `json` or `cli` are still written to `stdout` for easier redirection.

**Changes**
- **CLI**: Temporarily or permanently ignore findings based on their source identifiers added to `.skjoldignore`. (See 47) Thanks micheller!
- **CLI**: `skjold` now outputs ignored findings when using `cli` or `json` output formats.
- **OSV/PyPA Advisory DB**: Initial support for using either `osv` or `pypa` as sources. (See 45)
- **CLI**: Advisories with additional references are added to the `cli` output if present.
- Bumps **mypy** to `0.902`
- Moves `mypy.ini` to `pyproject.toml`.
- Adds `types-toml` and `types-PyYAML` as `dev` dependencies.
- Update `README.md`.

Bugfix / Maintenance release.

**Changes**
- **Gemnasium**: Assume all versions are affected if 'affected_versions' string is empty. (30). Thanks dermoumi!
- Bump **pyyaml** from 5.3.1 to 5.4.1 (24, 26)
- Bump **coverage** from 5.3.1 to 5.4 (29)
- Bump **pytest** from 6.2.1 to 6.2.2 (28)
- Bump **mypy** from 0.790 to 0.800 (27)
- Bump **pytest-cov** from 2.10.1 to 2.11.1 (23, 25)
- Bump **pytest-mock** from 3.4.0 to 3.5.1 (21, 22)
- Update `README.md`.

Bugfix / Feature release.

**Changes**
- Refactored CLI.
- Fix issue with CLI defaults overriding already set values. Fixes 11. Thanks inkhey!
- Add py.typed marker file (PEP 561).
- Replaced `tomlkit` with the more commonly used `toml`.
- Replaced `requests` with `urllib` from the standard library.
- Remove `pytest-env` since it is unused.
- Use latest `actions/checkout` and `actions/setup-python` in `test` workflow.
- Dependencies are now updated by `dependabot`.
- Updated dependencies.