build: bump cyclonedx-bom from 4.6.1 to 6.1.1

Closed

Number: #5
Type: Pull Request
State: Closed

Author:

dependabot[bot]
Association: None
Comments: 1

Created: May 20, 2025 at 08:56 PM UTC
(about 1 year ago)

Updated: August 05, 2025 at 02:39 AM UTC
(11 months ago)

Closed: August 05, 2025 at 02:39 AM UTC
(11 months ago)

Time to Close: 3 months

Labels:
dependencies no_ci_cd_run

Assignees:
aps831

Description:

Bumps cyclonedx-bom from 4.6.1 to 6.1.1.

Release notes

Sourced from cyclonedx-bom's releases.

v6.1.1 (2025-05-12)

Bug Fixes

Maintenance (e3c168b)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Detailed Changes: v6.1.0...v6.1.1

v6.1.0 (2025-05-12)

Documentation

Fix default value for --spec-version (2f2982b)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Rootless docker container (#893, a0cd44b)

What's Changed

chore(deps-dev): Update flake8-logging requirement from 1.6.0 to 1.7.0 by @dependabot in CycloneDX/cyclonedx-python#888

chore(deps-dev): Update pep8-naming requirement from 0.14.1 to 0.15.0 by @dependabot in CycloneDX/cyclonedx-python#891

chore(deps-dev): Update uv requirement from 0.6.14 to 0.7.2 by @dependabot in CycloneDX/cyclonedx-python#890

chore(deps-dev): Update pep8-naming requirement from 0.15.0 to 0.15.1 by @dependabot in CycloneDX/cyclonedx-python#896

feat: rootless docker container by @virgo-o in CycloneDX/cyclonedx-python#893

chore(deps): Bump python-semantic-release/python-semantic-release from 9.21.0 to 9.21.1 by @dependabot in CycloneDX/cyclonedx-python#894

chore(deps-dev): Update uv requirement from 0.7.2 to 0.7.3 by @dependabot in CycloneDX/cyclonedx-python#895

Full Changelog: https://github.com/CycloneDX/cyclonedx-python/compare/v6.0.0...v6.1.0

v6.1.0-rc.1 (2025-05-12)

Detailed Changes: v6.1.0-alpha.1...v6.1.0-rc.1

v6.1.0-alpha.1 (2025-05-12)

Documentation

Fix default value for --spec-version (2f2982b)

... (truncated)

Changelog

Sourced from cyclonedx-bom's changelog.

v6.1.1 (2025-05-12)

Bug Fixes

Maintenance (e3c168b)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v6.1.0 (2025-05-12)

Documentation

Fix default value for --spec-version (2f2982b)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Rootless docker container (#893, a0cd44b)

As per OWASP's Docker Security Cheat Sheet, it is recommended to set a user instead of running the container as root.
  ee568549229f cyclonedx-py:latest "/bin/bash" About a minute ago Up About a minute nifty_swirles
  virgo@lenovo:~$ docker exec -it ee568549229f sh -c "id" uid=1000(cyclonedx) gid=1000(cyclonedx)
  groups=1000(cyclonedx) ```
:arrow_up: Now the container is running as a standard user.
Signed-off-by: virgo-o <virgoj@protonmail.com>
v6.0.0 (2025-04-24)
Features

Add mimetype detection for rich text format (rtf)
(#886,
9861a46)


Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
</tr></table>

... (truncated)

Commits

c4d75b8 chore(release): 6.1.1
e3c168b fix: maintenance
52bf19b chore: GH workflow permissions (#897)
e82393d chore(release): 6.1.0
84949df chore(deps-dev): Update uv requirement from 0.7.2 to 0.7.3 (#895)
69f6c8e chore(deps): Bump python-semantic-release/python-semantic-release from 9.21.0...
a0cd44b feat: rootless docker container (#893)
fcc1d75 chore(deps-dev): Update pep8-naming requirement from 0.15.0 to 0.15.1 (#896)
e33f80e chore(deps-dev): Update uv requirement from 0.6.14 to 0.7.2 (#890)
0e6d845 chore(deps-dev): Update pep8-naming requirement from 0.14.1 to 0.15.0 (#891)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Pull Request Statistics

Commits:
1

Files Changed:
2

Additions:
+19

Deletions:
-16

Package Dependencies

Package:
cyclonedx-bom

Ecosystem:
pip

Version Change:
4.6.1 → 6.1.1

Update Type:
Major

ID:	`4596570`
UUID:	`2532611608`
Node ID:	`PR_kwDOOqzJLs6W9JYY`
Host:	GitHub
Repository:	aps831/workflows-testbed-python
Mergeable:	Yes
Merge State:	Clean

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot

build: bump cyclonedx-bom from 4.6.1 to 6.1.1

v6.1.1 (2025-05-12)

Bug Fixes

v6.1.0 (2025-05-12)

Documentation

Features

What's Changed

v6.1.0-rc.1 (2025-05-12)

v6.1.0-alpha.1 (2025-05-12)

Documentation

v6.1.1 (2025-05-12)

Bug Fixes

v6.1.0 (2025-05-12)

Documentation

Features

v6.0.0 (2025-04-24)

Features

Pull Request Statistics

Package Dependencies

Actions

Technical Details