chore: prevent dev-lowest-lockfile from dependency bumps (#359)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
CycloneDX · Mar 20, 2023 · 16870f4 · 16870f4
1 parent 32ce3a2
commit 16870f4
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/requirements.lowest.txt → deps.lowest.r b/requirements.lowest.txt → deps.lowest.r
@@ -6,3 +6,5 @@ py-serializable == 0.11.1
 importlib-metadata == 3.4.0 # ; python_version < '3.8'
 setuptools == 47.0.0
 types-setuptools == 57.0.0
+
+# file name is a untypical one, so dependabot does not bump this file
diff --git a/pyproject.toml b/pyproject.toml
@@ -45,7 +45,7 @@ keywords = [
 "Bug Tracker" = "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
 
 [tool.poetry.dependencies]
-# ATTENTION: keep `requirements.lowest.txt` file in sync
+# ATTENTION: keep `deps.lowest.r` file in sync
 python = "^3.7"
 importlib-metadata = { version = "^3.4.0", python = "<3.8" }
 packageurl-python = ">= 0.9"

diff --git a/tox.ini b/tox.ini
@@ -21,7 +21,7 @@ whitelist_externals = poetry
 commands_pre =
     {envpython} --version
     poetry install -v
-    lowest: poetry run pip install -U -r requirements.lowest.txt
+    lowest: poetry run pip install -U -r deps.lowest.r
     poetry run pip freeze
 commands =
     poetry run coverage run --source=cyclonedx -m unittest discover -t . -s tests -v