diff --git a/CODEOWNERS b/CODEOWNERS
index 1014e9c..d0468c6 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -6,3 +6,5 @@
# Define the code owners for the repository manually
# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
# for more information
+
+* @szymonmaszke
diff --git a/README.md b/README.md
index 408ddfb..4dee152 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ SPDX-License-Identifier: Apache-2.0
- Commit-based semantic versioning — verifiable, immutable, and tag-free.
+ Commit-based semantic versioning - highly configurable and tag-free.
@@ -73,6 +73,8 @@ Semantic versioning based on Git tags has a few limitations:
[__Double versioning scheme__](https://open-nudge.github.io/comver/tutorials/why);
one version for technical changes, another for public releases is
a viable mitigation.
+- Tag creation by `bot`s (e.g. during automated releases) lead to problems
+ with `branch protection` (see [here](https://github.com/orgs/community/discussions/25305)).
- Not all commits are relevant for release versions
(e.g., CI changes, bot updates, or tooling config),
yet many schemes count them in. With filtering, `comver` can exclude
diff --git a/SECURITY-SELF-ASSESSMENT.md b/SECURITY-SELF-ASSESSMENT.md
index a3b4c73..5cf762c 100644
--- a/SECURITY-SELF-ASSESSMENT.md
+++ b/SECURITY-SELF-ASSESSMENT.md
@@ -56,11 +56,15 @@ Source: https://tag-security.cncf.io/community/assessments/guide/self-assessment
## Overview
-Commit-based semantic versioning — verifiable, immutable, and tag-free.
+Commit-based semantic versioning - highly configurable and tag-free.
### Background
-TBD
+Tool creating versions directly from commits (no tag creation, no tag usage),
+which makes it largely immutable.
+
+Usable with any language as long as the project is git based, but
+created in and tailored largely towards Python.
### Actors
@@ -69,15 +73,18 @@ TBD
### Actions
-TBD
+- All security features are provided by
+ [opentemplate](https://github.com/open-nudge/opentemplate) [](templateskip)
### Goals
-TBD
+Making [semantic versioning](https://semver.org/) more reliable
+and flexible by introducing double versioning scheme.
### Non-goals
-TBD
+Changing current software versioning standards; this project looks to build
+upon them and improve the weak points.
## Self-assessment use
@@ -147,7 +154,9 @@ file.
### Incident response
-TBD
+As defined in [`SECURITY.md`](https://github.com/open-nudge/cogeol/blob/master/SECURITY.md#reporting-a-vulnerability.),
+usually response should take up to a few working days, if not please reach out
+at `security@opennudge.com`.
## Appendix
diff --git a/pyproject.toml b/pyproject.toml
index e1c6794..3907cc8 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -14,7 +14,7 @@ requires = [
[project]
name = "comver"
-description = "Commit-based semantic versioning — verifiable, immutable, and tag-free."
+description = "Commit-based semantic versioning - highly configurable and tag-free."
readme = "README.md"
license = "Apache-2.0"
@@ -426,6 +426,7 @@ ignore_undeclared = [
]
ignore_unused = [
+ "hatchling",
"basedpyright",
"cairosvg",
"cffconvert",
diff --git a/src/comver/_version.py b/src/comver/_version.py
index be994df..a375442 100644
--- a/src/comver/_version.py
+++ b/src/comver/_version.py
@@ -511,7 +511,8 @@ def from_message( # noqa: PLR0913
if unrecognized_message == "error":
raise error.MessageUnrecognizedError(message)
- return version
+ # Based on hypothesis testing this line may not run
+ return version # pragma: no cover
@classmethod
def from_string(cls, version: str) -> Version: