From 1a1e370990e8063459237ab2777b353519e9a2ec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jan 2024 14:15:22 -0500
Subject: [PATCH] chore(deps): Bump cvss from 2.6 to 3.0 (#464)

Bumps [cvss](https://github.com/RedHatProductSecurity/cvss) from 2.6 to 3.0.
- [Release notes](https://github.com/RedHatProductSecurity/cvss/releases)
- [Commits](https://github.com/RedHatProductSecurity/cvss/compare/v2.6...v3.0)

---
updated-dependencies:
- dependency-name: cvss
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 poetry.lock    | 9 ++++-----
 pyproject.toml | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 4b621024..786905ba 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -330,13 +330,12 @@ toml = ["tomli"]
 
 [[package]]
 name = "cvss"
-version = "2.6"
-description = "CVSS2/3 library with interactive calculator for Python 2 and Python 3"
+version = "3.0"
+description = "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3"
 optional = false
 python-versions = "*"
 files = [
-    {file = "cvss-2.6-py2.py3-none-any.whl", hash = "sha256:7006a025e1587f94fc7ce6bd2f3fa10b27a85d2f843d72d4346122779919c63b"},
-    {file = "cvss-2.6.tar.gz", hash = "sha256:1e8f0c7ac1c1d7f4fb6d901950aa216358809de25ee7c41bc138615a23936c80"},
+    {file = "cvss-3.0-py2.py3-none-any.whl", hash = "sha256:705995aa6f99efdd600f83997c78b625bc81be0603ec00a91465ad2eb613cd7b"},
 ]
 
 [[package]]
@@ -2204,4 +2203,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "73352aa3c5a785c07ae52041c5a97fad976d68b4f497e46e22fd1bf47128d006"
+content-hash = "68320cbfb9a3a675389e270ce67dbc936dbd13b86adf557531e1387b1c20e7ba"
diff --git a/pyproject.toml b/pyproject.toml
index 90c840be..99124014 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -47,7 +47,7 @@ colorlog = "^6.7.0"
 PyYAML = ">= 6.0, < 7.0"  # note: required for enterprise
 ijson = ">= 2.5.1, < 3.0"   # note: required for enterprise
 xxhash = "^3.1.0"
-cvss = "^2.6"
+cvss = ">=2.6,<4.0"
 python-dateutil = "^2.8.2"
 defusedxml = "^0.7.1"
 orjson = "^3.8.6"