Review comments

Author: spoorcc

README.md

@@ -20,7 +20,7 @@
 **DFetch can manage dependencies**
 
 We make products that can last 15+ years; because of this we want to be able to have all sources available
-to build the entire project from source not being dependent on the existence of the remote resource.
+to build the entire project from source without depending on external resources.
 For this, we needed a dependency manager that was flexible enough to retrieve dependencies as plain text
 from various sources. `svn externals`, `git submodules` and `git subtrees` solve a similar
 problem, but not in a VCS-agnostic way or completely user-friendly way.

dfetch/manifest/project.py

@@ -176,9 +176,9 @@
 
 VCS type
 ########
-*DFetch* does it best to find out what type of version control system (vcs) the remote url is, for
-instance by trying a simple call to the remote repository. But sometimes both is possible, for example,
-in the past GitHub provided an `svn and git interface the same url`_.
+*DFetch* does its best to find out what type of version control system (vcs) the remote url is, for
+instance by trying a simple call to the remote repository. But sometimes both are possible, for example,
+in the past GitHub provided an `svn and git interface at the same url`_.
 
 .. _`svn and git interface at the same url`:
    https://docs.github.com/en/github/importing-your-projects-to-github/support-for-subversion-clients

doc/conf.py

@@ -89,7 +89,7 @@
 autosectionlabel_maxdepth = 3
 
 # Suppress warnings about duplicate labels from argparse directive
-suppress_warnings = ["autosectionlabel.*"]
+suppress_warnings = ["autosectionlabel.manual"]
 
 # -- Options for HTML output ----------------------------------------------
 

doc/manual.rst

@@ -149,8 +149,8 @@ Import
 
 .. automodule:: dfetch.commands.import_
 
-Cheatsheet
-----------
+CLI Cheatsheet
+--------------
 
 A source-only, no-hassle project-dependency aggregator.
 It uses a **manifest file** to describe your project's dependencies and fetches them into your codebase.
@@ -168,17 +168,17 @@ Also called vendoring. More info: <https://dfetch.readthedocs.io/en/latest/getti
 
      dfetch import
 
-- Check for newer versions of dependencies and create a machine parseable report:
+- Check for newer versions of dependencies and create a machine parseable report for your CI:
 
   .. code-block:: console
 
-     dfetch check [--jenkins-json] [--sarif] [--code-climate] {{[project]}}
+     dfetch check [--jenkins-json] [--sarif] [--code-climate] [project]
 
 - Download a or all projects from the manifest:
 
   .. code-block:: console
 
-     dfetch update [-f] {{[project]}}
+     dfetch update [-f] [project]
 
 - Freeze all projects to their current version:
 
@@ -190,4 +190,4 @@ Also called vendoring. More info: <https://dfetch.readthedocs.io/en/latest/getti
 
   .. code-block:: console
 
-     dfetch report [-o <filename>] [-t {sbom,list}] {{[project]}}
+     dfetch report [-o <filename>] [-t {sbom,list}] [project]

doc/vendoring.rst

@@ -265,7 +265,7 @@ They *mitigate* vendoring risks; they do not eliminate them.
     * Dependency and CVE scanning
     * SBOM generation
 
-    **Rationale** By copy-pasting a dependency, there may maybe silent security degradation since there is no automatic updates.
+    **Rationale** By copy-pasting a dependency, there maybe silent security degradation since there is no automatic updates.
 
     *Dfetch* addresses this by providing a ``dfetch check`` (:ref:`Check`) command to see if vendored dependencies are out-of-date and
     various report formats (including SBoM) to check vulnerabilities.