Bump pip-licenses from 5.0.0 to 5.5.1

[dependabot]

Bumps pip-licenses from 5.0.0 to 5.5.1.

Release notes

Sourced from pip-licenses's releases.

5.5.1

Patch Notes for 5.5.1

Contains packaging and CI updates, dependency/dev-dependency security updates, small code/style fixes (typos, formatting), and preparation for PEP-compliant metadata and sdist behaviour.

Notable user-visible changes

• Version bump: version set to 5.5.1 (piplicenses.py).
• Typos fixed: README examples and internal docstrings (codespell fix).
• Formatting: Applied black 26.1.0 changes across the codebase.
• CI/CD:
  • Upgraded GitHub Actions runners/actions versions used in workflows:
    • actions/checkout → v6.0.1
    • actions/setup-python → v6.1.0
    • actions/upload-artifact → v6.0.0
    • actions/download-artifact → v7.0.0
    • codecov/codecov-action → v5.5.2
  • Workaround to bypass black lint step for Python 3.9 (black GHA failures with v3.9).
• Packaging & metadata:
  • pyproject.toml: made PEP-compliant changes:
    • build-system requires reviewed
      • project URLs normalized to "homepage", "releasenotes", "issues" (PEP-753 well-known labels)
      • MANIFEST.in updated to use a prune/exclude strategy suitable for setuptools-scm (avoid duplicative explicit include lists).
    • project.license and license-files fields normalized (PEP-639)
    • requires-python remains >=3.9 (note: CI deprecates 3.9 for black)

Developer dependencies updated (security/maintenance):

• urllib3 bumped 2.5.0 → 2.6.3
• wheel bumped 0.45.1 → 0.46.2

Small code cleanups:

• minor whitespace/annotation/style alignment and improved tuple assignment readability in piplicenses.py
• some filename/text extraction behavior unchanged but formatting and docstrings clarified.

Files (high-level) changed in this PR

piplicenses.py — version bump, docstring typo fix, style/formatting adjustments CHANGELOG.md — added 5.5.1 notes pyproject.toml — PEP-639/753 packaging metadata and URL label normalisation MANIFEST.in — adapted for setuptools-scm (prune/exclude) dev-requirements.txt — urllib3, wheel updates .github/workflows/python-package.yml and .github/workflows/CD-PyPi.yml — updated action references, black job conditional, upload/download artifact and codecov action upgrades

Impacted GitHub Issues (GHI)

• Closes #209
• Closes #264
• Opened #265

... (truncated)

Changelog

Sourced from pip-licenses's changelog.

5.5.1

• Fixed typographical issue in README examples, closing GHI #209.
• Fixed typographical issue in docstring found by codespell.
• Aligned Project URLs in pyproject.toml with PEP 753
• Brought pyproject.toml (e.g., packaging metadata) into alignment with PEP 639 and related packaging guidance.
  • Improved MANIFEST.in to setuptools-scm build logic with better filtering, closing GHI #266
• Fixed a regression in linting via black by deprecating support for python 3.9, closing GHI #264
  • Applied black 26.1.0suggestions to codebase, closing GHI #269

5.5.0

• Replace dependency on tomli with builtin tomllib for Python 3.11
• Added support for License-Expression metadata field, see PEP 639
• Added --from=expression option
• Breaking change: The --from=all output now includes the License-Expression value
• Fixed KeyError with --partial and --allow-only if a license matches multiple allowed licenses.
• Declare support for Python 3.13 and 3.14
• Added RST/Sphinx workflow example for --with-license-file option in documentation

Commits

• 6b97581 [UPDATE] Version 5.5.1
• 35b13b4 [MERGE] remote-tracking branch 'DimitriPapadopoulos/GitHub_jobs' into dev-5.5.1
• 1288522 Work around MyPy limitation
• 721334a Pin version of Python used to run Black/MyPy
• c368dc8 Run Black and MyPy only once
• d06d0d7 Merge branch 'dependabot/github_actions/dot-github/workflows/master/codecov/c...
• 77378c3 [SECURITY] Security update of developer dependencies
• 69d173a [SECURITY] Security update of developer dependencies
• 6b9e05f Merge remote-tracking branch 'DimitriPapadopoulos/black' into dev-5.5.1
• 35de465 [UPDATE] Release canididate for v5.5.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: poetry. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud