Update all dependencies (master)

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	major	v2 -> v4
actions/setup-python	action	major	v2 -> v5
docker/build-push-action	action	major	v2 -> v5
docker/login-action	action	major	v1 -> v3
docker/setup-buildx-action	action	major	v1 -> v3
jsonschema (changelog)		major	~=3.2.0 -> ~=4.20.0
python	final	minor	3.8-slim-buster -> 3.11-slim-buster
spdx-tools		minor	~=0.6.1 -> ~=0.8.2
ws-sdk		major	~=0.3.1 -> ~=23.12.1

---

Release Notes

actions/checkout (actions/checkout)

v4

Compare Source

• Add support for partial checkout filters

v3

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

actions/setup-python (actions/setup-python)

v5

Compare Source

v4

Compare Source

v3

Compare Source

docker/build-push-action (docker/build-push-action)

v5

Compare Source

v4

Compare Source

v3

Compare Source

docker/login-action (docker/login-action)

v3

Compare Source

v2

Compare Source

docker/setup-buildx-action (docker/setup-buildx-action)

v3

Compare Source

v2

Compare Source

python-jsonschema/jsonschema (jsonschema)

v4.20.0

Compare Source

=======

• Properly consider items (and properties) to be evaluated by unevaluatedItems (resp. unevaluatedProperties) when behind a $dynamicRef as specified by the 2020 and 2019 specifications.
• jsonschema.exceptions.ErrorTree.__setitem__ is now deprecated.
  More broadly, in general users of jsonschema should never be mutating objects owned by the library.

v4.19.2

Compare Source

=======

• Fix the error message for additional items when used with heterogeneous arrays.
• Don't leak the additionalItems keyword into JSON Schema draft 2020-12, where it was replaced by items.

v4.19.1

Compare Source

=======

• Single label hostnames are now properly considered valid according to the hostname format.
  This is the behavior specified by the relevant RFC (1123).
  IDN hostname behavior was already correct.

v4.19.0

Compare Source

=======

• Importing the Validator protocol directly from the package root is deprecated.
  Import it from jsonschema.protocols.Validator instead.
• Automatic retrieval of remote references (which is still deprecated) now properly succeeds even if the retrieved resource does not declare which version of JSON Schema it uses.
  Such resources are assumed to be 2020-12 schemas.
  This more closely matches the pre-referencing library behavior.

v4.18.6

Compare Source

=======

• Set a jsonschema specific user agent when automatically retrieving remote references (which is deprecated).

v4.18.5

Compare Source

=======

• Declare support for Py3.12

v4.18.4

Compare Source

=======

• Improve the hashability of wrapped referencing exceptions when they contain hashable data.

v4.18.3

Compare Source

=======

• Properly preserve applicable_validators in extended validators.
  Specifically, validators extending early drafts where siblings of $ref were ignored will properly ignore siblings in the extended validator.

v4.18.2

Compare Source

=======

• Fix an additional regression with the deprecated jsonschema.RefResolver and pointer resolution.

v4.18.1

Compare Source

=======

• Fix a regression with jsonschema.RefResolver based resolution when used in combination with a custom validation dialect (via jsonschema.validators.create).

v4.18.0

Compare Source

=======

This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that should be backwards compatible, preserving old behavior whilst emitting deprecation warnings.

• jsonschema.RefResolver is now deprecated in favor of the new referencing library <https://github.com/python-jsonschema/referencing/>_.
  referencing will begin in beta, but already is more compliant than the existing $ref support.
  This change is a culmination of a meaningful chunk of work to make $ref resolution more flexible and more correct.
  Backwards compatibility should be preserved for existing code which uses RefResolver, though doing so is again now deprecated, and all such use cases should be doable using the new APIs.
  Please file issues on the referencing tracker if there is functionality missing from it, or here on the jsonschema issue tracker if you have issues with existing code not functioning the same, or with figuring out how to change it to use referencing.
  In particular, this referencing change includes a change concerning automatic retrieval of remote references (retrieving http://foo/bar automatically within a schema).
  This behavior has always been a potential security risk and counter to the recommendations of the JSON Schema specifications; it has survived this long essentially only for backwards compatibility reasons, and now explicitly produces warnings.
  The referencing library itself will not automatically retrieve references if you interact directly with it, so the deprecated behavior is only triggered if you fully rely on the default $ref resolution behavior and also include remote references in your schema, which will still be retrieved during the deprecation period (after which they will become an error).
• Support for Python 3.7 has been dropped, as it is nearing end-of-life.
  This should not be a "visible" change in the sense that requires-python has been updated, so users using 3.7 should still receive v4.17.3 when installing the library.
• On draft 2019-09, unevaluatedItems now properly does not consider items to be evaluated by an additionalItems schema if items is missing from the schema, as the specification says in this case that additionalItems must be completely ignored.
• Fix the date format checker on Python 3.11 (when format assertion behavior is enabled), where it was too liberal (#​1076).
• Speed up validation of unevaluatedProperties (#​1075).

Deprecations

• jsonschema.RefResolver -- see above for details on the replacement
• jsonschema.RefResolutionError -- see above for details on the replacement
• relying on automatic resolution of remote references -- see above for details on the replacement
• importing jsonschema.ErrorTree -- instead import it via jsonschema.exceptions.ErrorTree
• importing jsonschema.FormatError -- instead import it via jsonschema.exceptions.FormatError

v4.17.3

Compare Source

=======

• Fix instantiating validators with cached refs to boolean schemas
  rather than objects (#​1018).

v4.17.1

Compare Source

=======

• The error message when using unevaluatedProperties with a non-trivial
  schema value (i.e. something other than false) has been improved (#​996).

v4.17.0

Compare Source

=======

• The check_schema method on jsonschema.protocols.Validator instances
  now enables format validation by default when run. This can catch some
  additional invalid schemas (e.g. containing invalid regular expressions)
  where the issue is indeed uncovered by validating against the metaschema
  with format validation enabled as an assertion.
• The jsonschema CLI (along with jsonschema.cli the module) are now
  deprecated. Use check-jsonschema instead, which can be installed via
  pip install check-jsonschema and found
  here <https://github.com/python-jsonschema/check-jsonschema>_.

v4.16.0

Compare Source

=======

• Improve the base URI behavior when resolving a $ref to a resolution URI
  which is different from the resolved schema's declared $id.
• Accessing jsonschema.draftN_format_checker is deprecated. Instead, if you
  want access to the format checker itself, it is exposed as
  jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
  jsonschema.protocols.Validator.

v4.15.0

Compare Source

=======

• A specific API Reference page is now present in the documentation.
• $ref on earlier drafts (specifically draft 7 and 6) has been "fixed" to
  follow the specified behavior when present alongside a sibling $id.
  Specifically the ID is now properly ignored, and references are resolved
  against whatever resolution scope was previously relevant.

v4.14.0

Compare Source

=======

• FormatChecker.cls_checks is deprecated. Use FormatChecker.checks on
  an instance of FormatChecker instead.
• unevaluatedItems has been fixed for draft 2019. It's nonetheless
  discouraged to use draft 2019 for any schemas, new or old.
• Fix a number of minor annotation issues in protocols.Validator

v4.13.0

Compare Source

=======

• Add support for creating validator classes whose metaschema uses a different
  dialect than its schemas. In other words, they may use draft2020-12 to define
  which schemas are valid, but the schemas themselves use draft7 (or a custom
  dialect, etc.) to define which instances are valid. Doing this is likely
  not something most users, even metaschema authors, may need, but occasionally
  will be useful for advanced use cases.

v4.12.1

Compare Source

=======

• Fix some stray comments in the README.

v4.12.0

Compare Source

=======

• Warn at runtime when subclassing validator classes. Doing so was not
  intended to be public API, though it seems some downstream libraries
  do so. A future version will make this an error, as it is brittle and
  better served by composing validator objects instead. Feel free to reach
  out if there are any cases where changing existing code seems difficult
  and I can try to provide guidance.

v4.11.0

Compare Source

=======

• Make the rendered README in PyPI simpler and fancier. Thanks Hynek (#​983)!

v4.10.3

Compare Source

=======

• jsonschema.validators.validator_for now properly uses the explicitly
  provided default validator even if the $schema URI is not found.

v4.10.2

Compare Source

=======

• Fix a second place where subclasses may have added attrs attributes (#​982).

v4.10.1

Compare Source

=======

• Fix Validator.evolve (and APIs like iter_errors which call it) for cases
  where the validator class has been subclassed. Doing so wasn't intended to be
  public API, but given it didn't warn or raise an error it's of course
  understandable. The next release however will make it warn (and a future one
  will make it error). If you need help migrating usage of inheriting from a
  validator class feel free to open a discussion and I'll try to give some
  guidance (#​982).

v4.10.0

Compare Source

=======

• Add support for referencing schemas with $ref across different versions
  of the specification than the referrer's

v4.9.1

Compare Source

======

• Update some documentation examples to use newer validator releases in their
  sample code.

v4.9.0

Compare Source

======

• Fix relative $ref resolution when the base URI is a URN or other scheme
  (#​544).
• pkgutil.resolve_name is now used to retrieve validators
  provided on the command line. This function is only available on
  3.9+, so 3.7 and 3.8 (which are still supported) now rely on the
  pkgutil_resolve_name <https://pypi.org/project/pkgutil_resolve_name/>_
  backport package. Note however that the CLI itself is due
  to be deprecated shortly in favor of check-jsonschema <https://github.com/python-jsonschema/check-jsonschema>_.

v4.8.0

Compare Source

======

• best_match no longer traverses into anyOf and oneOf when all of
  the errors within them seem equally applicable. This should lead to clearer
  error messages in some cases where no branches were matched.

v4.7.2

Compare Source

======

• Also have best_match handle cases where the type validator is an
  array.

v4.7.1

Compare Source

======

• Minor tweak of the PyPI hyperlink names

v4.7.0

Compare Source

======

• Enhance best_match to prefer errors from branches of the schema which
  match the instance's type (#​728)

v4.6.2

Compare Source

======

• Fix a number of minor typos in docstrings, mostly private ones (#​969)

v4.6.1

Compare Source

======

• Gut the (incomplete) implementation of recursiveRef on draft 2019. It
  needs completing, but for now can lead to recursion errors (e.g. #​847).

v4.6.0

Compare Source

======

• Fix unevaluatedProperties and unevaluatedItems for types they should
  ignore (#​949)
• jsonschema now uses hatch <https://hatch.pypa.io/>_ for its build
  process. This should be completely transparent to end-users (and only matters
  to contributors).

v4.5.1

Compare Source

======

• Revert changes to $dynamicRef which caused a performance regression
  in v4.5.0

v4.5.0

Compare Source

======

• Validator classes for each version now maintain references to the correct
  corresponding format checker (#​905)
• Development has moved to a GitHub organization <https://github.com/python-jsonschema/>_.
  No functional behavior changes are expected from the change.

v4.4.0

Compare Source

======

• Add mypy support (#​892)
• Add support for Python 3.11

v4.3.3

Compare Source

======

• Properly report deprecation warnings at the right stack level (#​899)

v4.3.2

Compare Source

======

• Additional performance improvements for resolving refs (#​896)

v4.3.1

Compare Source

======

• Resolving refs has had performance improvements (#​893)

v4.3.0

Compare Source

======

• Fix undesired fallback to brute force container uniqueness check on
  certain input types (#​893)
• Implement a PEP544 Protocol for validator classes (#​890)

v4.2.1

Compare Source

======

• Pin importlib.resources from below (#​877)

v4.2.0

Compare Source

======

• Use importlib.resources to load schemas (#​873)
• Ensure all elements of arrays are verified for uniqueness by uniqueItems
  (#​866)

v4.1.2

Compare Source

======

• Fix dependentSchemas to properly consider non-object instances to be
  valid (#​850)

v4.1.1

Compare Source

======

• Fix prefixItems not indicating which item was invalid within the instance
  path (#​862)

v4.1.0

Compare Source

======

• Add Python 3.10 to the list of supported Python versions

v4.0.1

Compare Source

======

• Fix the declaration of minimum supported Python version (#​846)

v4.0.0

Compare Source

======

• Partial support for Draft 2020-12 (as well as 2019-09).
  Thanks to Thomas Schmidt and Harald Nezbeda.
• False and 0 are now properly considered non-equal even
  recursively within a container (#​686). As part of this change,
  uniqueItems validation may be slower in some cases. Please feel
  free to report any significant performance regressions, though in
  some cases they may be difficult to address given the specification
  requirement.
• The CLI has been improved, and in particular now supports a --output
  option (with plain (default) or pretty arguments) to control the
  output format. Future work may add additional machine-parsable output
  formats.
• Code surrounding DEFAULT_TYPES and the legacy mechanism for
  specifying types to validators have been removed, as per the deprecation
  policy. Validators should use the TypeChecker object to customize
  the set of Python types corresponding to JSON Schema types.
• Validation errors now have a json_path attribute, describing their
  location in JSON path format
• Support for the IP address and domain name formats has been improved
• Support for Python 2 and 3.6 has been dropped, with python_requires
  properly set.
• multipleOf could overflow when given sufficiently large numbers. Now,
  when an overflow occurs, jsonschema will fall back to using fraction
  division (#​746).
• jsonschema.__version__, jsonschema.validators.validators,
  jsonschema.validators.meta_schemas and
  jsonschema.RefResolver.in_scope have been deprecated, as has
  passing a second-argument schema to Validator.iter_errors and
  Validator.is_valid.

spdx/tools-python (spdx-tools)

v0.8.2

Compare Source

New features and changes

• added optional encoding parameter for parsing files
• fixed handling of the FilesAnalyzed field in Tag-Value format
• fixed the validation of the DownloadLocation field
• fixed the error handling while parsing license expressions
• fixed output of timezone-sensitive datetimes
• added code architecture documentation

Contributors

This release was made possible by the following contributors. Thank you very much!

• Christian Decker @​chrisdecker1201
• Jeff Licquia @​licquia
• Maximilian Huber @​maxhbr
• Armin Tänzer @​armintaenzertng

v0.8.1

Compare Source

New features and changes

• massive speed-up in the validation process of large SBOMs
• validation now detects and checks license references from external documents
• allow for userinfo in git+ssh download location
• more efficient relationship parsing in JSON/YAML/XML

Contributors

This release was made possible by the following contributors. Thank you very much!

• Brian DeHamer @​bdehamer
• Brandon Lum @​lumjjb
• Maximilian Huber @​maxhbr
• Armin Tänzer @​armintaenzertng

v0.8.0

Compare Source

New features and changes

• major refactoring of the library
  • new and improved data model
  • type hints and type checks have been added to the model classes
  • license expressions and SPDX license list are now handled by the license-expression package
  • to update your existing code, refer to the migration guide
• experimental support for the upcoming SPDX v3 specification (note, however, that support is neither complete nor
  stable at this point, as the spec is still evolving)
• full validation of SPDX documents against the v2.2 and v2.3 specification
• support for SPDX's RDF format with all v2.3 features
• unified pysdpxtools CLI tool replaces separate pyspdxtools_parser and pyspdxtools_convertor
• online API documentation
• replaced CircleCI with GitHub Actions

Contributors

This release was made possible by the following contributors. Thank you very much!

• Armin Tänzer @​armintaenzertng
• Gary O'Neall @​goneall
• Gaurav Mishra @​GMishx
• HarshvMahawar @​HarshvMahawar
• Holger Frydrych @​fholger
• Jeff Licquia @​licquia
• Kate Stewart @​kestewart
• Maximilian Huber @​maxhbr
• Meret Behrens @​meretp
• Nicolaus Weidner @​nicoweidner
• William Armiros @​willarmiros

v0.7.1

Compare Source

New features and changes

• added GitHub Actions workflow
• added requirements.txt
• added uritools for URI validation
• Python >= 3.7 is now required
• json/yaml/xml: added support for empty arrays for hasFiles and licenseInfoFromFiles
• rdf: fixed writing of multiple packages
• tag-value: enhanced parsing of snippet ranges to not mix it up with package version
• tag-value: fixed parsing of whitespaces
• tag-value: duplicates in LicenseInfoInFile are now removed during writing
• account for supplier and originator to be NOASSERTION
• checksum validation now requires lowercase values
• during writing of a file, the encoding can be set (default is utf-8)
• license list updated to version 3.20

Contributors

This release was made possible by the following contributors. Thank you very much!

• Christian Decker @​chrisdecker1201
• Marc-Etienne Vargenau @​vargenau
• John Vandenberg @​jayvdb
• Nicolaus Weidner @​nicoweidner
• Meret Behrens @​meretp
• Armin Tänzer @​armintaenzertng
• Maximilian Huber @​maxhbr

v0.7.0

Compare Source

Starting a Changelog.

New features and changes

• Dropped Python 2 support. Python >= 3.6 is now required.
• Added pyspdxtools_convertor and pyspdxtools_parser CLI scripts. See the readme for usage instructions.
• Updated the tools to support SPDX versions up to 2.3 and to conform with the specification. Apart from many bugfixes
  and new properties, some of the more significant changes include:
  • Support for multiple packages per document
  • Support for multiple checksums for packages and files
  • Support for files outside a package
• Note: Validation was updated to follow the 2.3 specification. Since there is currently no support for
  version-specific handling, some details may be handled incorrectly for documents using lower
  versions. The changes are mostly restricted to properties becoming optional and new property values becoming
  available, and should be of limited impact. See https://spdx.github.io/spdx-spec/v2.3/diffs-from-previous-editions/
  for a list of changes between the versions.
• Note: RDF support for 2.3 is not completed, see https://github.com/spdx/tools-python/issues/295
• Removed example documents from production code. Added additional up-to-date examples to test files.
• Introduced pytest as the preferred test framework.
• Improved error message handling and display.
• Extended the contribution guidelines.
• Improved tag/value output structure.
• Added .editorconfig and pyproject.toml.
• Improved handling of JSON-specific properties documentDescribes and hasFiles.
• Added new LicenseListVersion tag.
• Fixed annotation handling for the JSON and Tag/Value formats.
• Free form text values in Tag/Value no longer require <text> tags if they don't span multiple lines.

Contributors

This release was made possible by the following contributors. Thank you very much!

• Meret Behrens @​meretp
• Philippe Ombredanne @​pombredanne
• Pierre Tardy @​tardyp
• Nicolaus Weidner @​nicoweidner
• Jeff Licquia @​licquia
• Armin Tänzer @​armintaenzertng
• Alberto Pianon @​alpianon
• Rodney Richardson @​RodneyRichardson
• Lon Hohberger @​lhh
• Nathan Voss @​njv299
• Gary O'Neall @​goneall
• Jeffrey Otterson @​jotterson
• KOLANICH @​KOLANICH
• Yash Varshney @​Yash-Varshney
• HARDIK @​HARDIK-TSH1392
• Jose Quaresma @​quaresmajose
• Santiago Torres @​SantiagoTorres
• Shubham Kumar Jha @​ShubhamKJha
• Steven Kalt @​SKalt
• Cole Helbling @​cole-h
• Daniel Holth @​dholth
• John Vandenberg @​jayvdb
• Kate Stewart @​kestewart
• Alexios Zavras @​zvr
• Maximilian Huber @​maxhbr
• Kyle Altendorf @​altendky
• alpianon @​alpianon
• kbermude @​kbermude
• mzfr @​mzfr

whitesource-ps/ws-sdk (ws-sdk)

v23.12.1

Compare Source

v23.8.3

Compare Source

v22.12.1.1

Compare Source

v22.8.4.2

Compare Source

v22.8.4.1

Compare Source

v22.8.3.1

Compare Source

v22.8.3

Compare Source

v1.0.5

Compare Source

v1.0.4

Compare Source

v1.0.2

Compare Source

v1.0.0

Compare Source

v0.11.68

Compare Source

v0.11.8

Compare Source

v0.11.6

Compare Source

v0.11.4

Compare Source

v0.11.2

Compare Source

v0.11.0

Compare Source

v0.10.8

Compare Source

v0.10.7

Compare Source

v0.10.6

Compare Source

v0.10.5

Compare Source

v0.10.4

Compare Source

v0.10.3

Compare Source

v0.10.2

Compare Source

v0.10.1

Compare Source

v0.10.0

Compare Source

v0.9.6

Compare Source

v0.9.5

Compare Source

v0.9.4

Compare Source

v0.9.3

Compare Source

v0.9.2

Compare Source

v0.9.1

Compare Source

v0.9.0.8

Compare Source

v0.9.0.7

Compare Source

v0.9.0.6

Compare Source

v0.9.0.5

Compare Source

v0.9.0.4

Compare Source

v0.9.0.3

Compare Source

v0.9.0.2

Compare Source

v0.9.0.1

Compare Source

v0.9

Compare Source

v0.8.9.1

Compare Source

v0.8.9

Compare Source

v0.8.8

Compare Source

v0.8.7.1

Compare Source

v0.8.7

Compare Source

v0.8.6

Compare Source

v0.8.5

Compare Source

v0.8.4

Compare Source

v0.8.3

Compare Source

v0.8.2.2

Compare Source

v0.8.2.1

Compare Source

v0.8.2

Compare Source

v0.8.1.2

Compare Source

v0.8.1.1

Compare Source

v0.8.1

Compare Source

v0.8.0.2

Compare Source

v0.8.0.1

Compare Source

v0.8

Compare Source

v0.7.3

Compare Source

v0.7.2

Compare Source

v0.7.1

Compare Source

v0.7.0

Compare Source

v0.6.9.2

Compare Source

v0.6.9.1

Compare Source

v0.6.9

Compare Source

v0.6.1

Compare Source

v0.6.0.4

Compare Source

v0.6.0.3

Compare Source

v0.6.0.2

Compare Source

v0.6.0.1

Compare Source

v0.6

Compare Source

v0.5.1

Compare Source

v0.5

Compare Source

v0.4

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box