snazy commented on code in PR #2897: URL: https://github.com/apache/polaris/pull/2897#discussion_r2491599426
########## client/python/pyproject.toml: ########## @@ -29,13 +29,6 @@ requires-python = ">=3.10,<4.0" license = "Apache-2.0" keywords = ["Apache Polaris", "Polaris", "Polaris Management Service", "Apache Iceberg REST Catalog API"] dynamic = ["classifiers"] -dependencies = [ Review Comment: @MonkeyCanCode I heard you're a poetry guy ;) This PR is a draft / experiment, but if you have some time I'd appreciate your advise. So, in this PR I want to generate Cyclone SBOMs and also tried to add some rudimentary stuff for the Python client. I'm not sure why, but I had to move some stuff around in this file. Is this an issue (no clue why the CycloneDX tool expects stuff to be in this place when scanning the poetry metadata 🤷 )? And what I also don't understand why chardet's reported as an error for example in [this run](https://github.com/apache/polaris/actions/runs/19072722357/job/54479693148?pr=2897). I know we tackled this dependency before, but I don't see why it's flagged again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
