Skip to content

chore(deps): update poetry and other dependency versions#369

Merged
madpah merged 3 commits intoCycloneDX:mainfrom
gruebel:update-packageurl-dep
Mar 31, 2023
Merged

chore(deps): update poetry and other dependency versions#369
madpah merged 3 commits intoCycloneDX:mainfrom
gruebel:update-packageurl-dep

Conversation

@gruebel
Copy link
Contributor

@gruebel gruebel commented Mar 26, 2023

Originally I juste wanted to update packageurl with the added type hints to remove the type ignores, I also found a typing issue in cyclonedx/serialization/__init__.py but I couldn't upgrade the poertry.lock file, so I had to use the latest 1.4.1 version and they changed the lock file version to 2.0, which looks now different. This probably also the reason, why all the dependabot PRs are failing 🤔

@gruebel gruebel requested a review from a team as a code owner March 26, 2023 11:04
@jkowalleck
Copy link
Member

jkowalleck commented Mar 28, 2023

partially duplicates #358

@gruebel
Copy link
Contributor Author

gruebel commented Mar 28, 2023

@jkowalleck didn't see that PR 🙈 I can wait till it is merged and then recreate my with the type hint changes.

@madpah
Copy link
Collaborator

madpah commented Mar 30, 2023

#358 has been merged to main now @gruebel - thanks for your patience!

jkowalleck
jkowalleck requested changes Mar 30, 2023
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you rebase and incorporate my remarks?

gruebel added 2 commits March 31, 2023 10:48
@gruebel
update packageurl type hints
2e16440 
Signed-off-by: gruebel <anton.gruebel@gmail.com>
@gruebel
lower bound packageurl-python dependency
fe68787 
Signed-off-by: gruebel <anton.gruebel@gmail.com>
@gruebel gruebel force-pushed the update-packageurl-dep branch from 2154bdc to fe68787 Compare March 31, 2023 08:59
@gruebel
Copy link
Contributor Author

gruebel commented Mar 31, 2023

@jkowalleck I lower bound packageurl-python as requested 🙂

@jkowalleck jkowalleck requested review from jkowalleck and madpah March 31, 2023 09:09
@jkowalleck
Copy link
Member

jkowalleck commented Mar 31, 2023
edited
Loading

you need to upgrade the lowest-lockfile too,
see https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/pyproject.toml#L48

thanks in advance

@gruebel
update deps.lowest.r
6066aae 
Signed-off-by: gruebel <anton.gruebel@gmail.com>
@jkowalleck
Copy link
Member

jkowalleck commented Mar 31, 2023

LGTM, @madpah

@madpah madpah merged commit aa5b936 into CycloneDX:main Mar 31, 2023
@gruebel gruebel deleted the update-packageurl-dep branch April 3, 2023 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck approved these changes

@madpah madpah madpah approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gruebel @jkowalleck @madpah