cyclonedx-python-lib v4.2.2

[regro-cf-autotick-bot]

It is very likely that the current package version for this feedstock is out of date.

Checklist before merging this PR:

• Dependencies have been updated if changed: see upstream
• Tests have passed
• Updated license if changed and license_file is packaged

Information about this PR:

1. Feel free to push to the bot's branch to update this PR if needed.
2. The bot will almost always only open one PR per version.
3. The bot will stop issuing PRs if more than 3 version bump PRs generated by the bot are open. If you don't want to package a particular version please close the PR.
4. If you want these PRs to be merged automatically, make an issue with @conda-forge-admin,please add bot automerge in the title and merge the resulting PR. This command will add our bot automerge feature to your feedstock.
5. If this PR was opened in error or needs to be updated please add the bot-rerun label to this PR. The bot will close this PR and schedule another one. If you do not have permissions to add this label, you can use the phrase @conda-forge-admin, please rerun bot in a PR comment to have the conda-forge-admin add it for you.

Dependency Analysis

Please note that this analysis is highly experimental. The aim here is to make maintenance easier by inspecting the package's dependencies. Importantly this analysis does not support optional dependencies, please double check those before making changes. If you do not want hinting of this kind ever please add bot: inspection: false to your conda-forge.yml. If you encounter issues with this feature please ping the bot team conda-forge/bot.

Analysis by source code inspection+grayskull shows a discrepancy between it and the the package's stated requirements in the meta.yaml.

Packages found by source code inspection+grayskull but not in the meta.yaml:

• python >=3.7,<4.0
• python >=3.7.0,<4.0.0

Packages found in the meta.yaml but not found by source code inspection+grayskull:

• python >=3.7
• python >=3.7

_{This PR was created by the regro-cf-autotick-bot. The regro-cf-autotick-bot is a service to automatically track the dependency graph, migrate packages, and propose package version updates for conda-forge. Feel free to drop us a line if there are any issues! This PR was generated by https://github.com/regro/cf-scripts/actions/runs/6187073424, please use this URL for debugging.}

[conda-forge-webservices]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.

[bollwyvl]

@conda-forge-admin please rerender

[github-actions]

Hi! This is the friendly automated conda-forge-webservice.

I tried to rerender for you, but it looks like there was nothing to do.

This message was generated by GitHub actions workflow run https://github.com/conda-forge/cyclonedx-python-lib-feedstock/actions/runs/6191473350.

[github-actions]

Hi! This is the friendly conda-forge automerge bot!

I considered the following status checks when analyzing this PR:

• linter: passed
• azure: passed

Thus the PR was passing and merged! Have a great day!

[jkowalleck]

thing is that this file MUST to be shipped, along with the NOTICE file, for legal reasons.
the files MUST to be shipped, but dont need to be installed.

[jkowalleck]

👍

[bollwyvl]

Yeah, as mentioned over there, each distribution must contain them, but delivering them to site-packages all but ensures they will be destroyed if only one other package is broken in that way. pip won't even say anything about it.

On conda-forge, as we build from source, we have some more control over things. We harvest the license as-files-as-source into a similar pkg-info member inside the .conda file, but as we also control what goes into the actual package, remove them from the as-installed site-packages.

If poetry is the blocker, perhaps try hatch or flit, which seem to have no trouble with this.

[jkowalleck]

yes, poetry is the blocker - python-poetry/poetry#8441