From 16870f4119865b549172cc76588ca1aa7ce00357 Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Mon, 20 Mar 2023 10:37:54 +0100
Subject: [PATCH] chore: prevent dev-lowest-lockfile from dependency bumps
 (#359)

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 requirements.lowest.txt => deps.lowest.r | 2 ++
 pyproject.toml                           | 2 +-
 tox.ini                                  | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)
 rename requirements.lowest.txt => deps.lowest.r (79%)

diff --git a/requirements.lowest.txt b/deps.lowest.r
similarity index 79%
rename from requirements.lowest.txt
rename to deps.lowest.r
index dce1896c..812374aa 100644
--- a/requirements.lowest.txt
+++ b/deps.lowest.r
@@ -6,3 +6,5 @@ py-serializable == 0.11.1
 importlib-metadata == 3.4.0 # ; python_version < '3.8'
 setuptools == 47.0.0
 types-setuptools == 57.0.0
+
+# file name is a untypical one, so dependabot does not bump this file
diff --git a/pyproject.toml b/pyproject.toml
index 69ba6603..4a724768 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -45,7 +45,7 @@ keywords = [
 "Bug Tracker" = "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
 
 [tool.poetry.dependencies]
-# ATTENTION: keep `requirements.lowest.txt` file in sync
+# ATTENTION: keep `deps.lowest.r` file in sync
 python = "^3.7"
 importlib-metadata = { version = "^3.4.0", python = "<3.8" }
 packageurl-python = ">= 0.9"
diff --git a/tox.ini b/tox.ini
index ddf620bc..de97d0e6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -21,7 +21,7 @@ whitelist_externals = poetry
 commands_pre =
     {envpython} --version
     poetry install -v
-    lowest: poetry run pip install -U -r requirements.lowest.txt
+    lowest: poetry run pip install -U -r deps.lowest.r
     poetry run pip freeze
 commands =
     poetry run coverage run --source=cyclonedx -m unittest discover -t . -s tests -v