pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/py-pip-audit py-pip-audit: update to 1.1.0.
details: https://anonhg.NetBSD.org/pkgsrc/rev/1fff236966a4
branches: trunk
changeset: 770744:1fff236966a4
user: wiz <wiz%pkgsrc.org@localhost>
date: Tue Dec 07 20:27:07 2021 +0000
description:
py-pip-audit: update to 1.1.0.
## [1.1.0]
### Added
* CLI: The `--path <PATH>` flag has been added, allowing users to limit
dependency discovery to one or more paths (specified separately)
when `pip-audit` is invoked in environment mode
([#148](https://github.com/trailofbits/pip-audit/pull/148))
* CLI: The `pip-audit` CLI can now be accessed through `python -m pip_audit`.
All functionality is identical to the functionality provided by the
`pip-audit` entrypoint
([#173](https://github.com/trailofbits/pip-audit/pull/173))
* CLI: The `--verbose` flag has been added, allowing users to receive more
more verbose output from `pip-audit`. Supplying the `--verbose` flag
overrides the `PIP_AUDIT_LOGLEVEL` environment variable and is equivalent to
setting it to `debug`
([#185](https://github.com/trailofbits/pip-audit/pull/185))
### Changed
* CLI: `pip-audit` now clears its spinner bar from the terminal upon
completion, preventing visual confusion
([#174](https://github.com/trailofbits/pip-audit/pull/174))
### Fixed
* Dependency sources: a crash caused by `platform.python_version` returning
an version string that couldn't be parsed as a PEP-440 version was fixed
([#175](https://github.com/trailofbits/pip-audit/pull/175))
* Dependency sources: a crash caused by incorrect assumptions about
the structure of source distributions was fixed
([#166](https://github.com/trailofbits/pip-audit/pull/166))
* Vulnerability sources: a performance issue on Windows caused by cache failures
was fixed ([#178](https://github.com/trailofbits/pip-audit/pull/178))
## [1.0.1] - 2021-12-02
### Fixed
* CLI: The `--desc` flag no longer requires a following argument. If passed
as a bare option, `--desc` is equivalent to `--desc on`
([#153](https://github.com/trailofbits/pip-audit/pull/153))
* Dependency resolution: The PyPI-based dependency resolver no longer throws
an uncaught exception on package resolution errors; instead, the package
is marked as skipped and an appropriate warning or fatal error (in
`--strict` mode) is produced
([#162](https://github.com/trailofbits/pip-audit/pull/162))
* CLI: When providing the `--cache-dir` flag, the command to read the pip cache
directory is no longer executed. Previously this was always executed and
could result into failure when the command fails. In CI environments, the
default `~/.cache` directory is typically not writable by the build user and
this meant that the `python -m pip cache dir` would fail before this fix,
even if the `--cache-dir` flag was provided.
([#161](https://github.com/trailofbits/pip-audit/pull/161))
## [1.0.0] - 2021-12-01
### Added
* This is the first stable release of `pip-audit`! The CLI is considered
stable from this point on, and all changes will comply with
[Semantic Versioning](https://semver.org/)
## [0.0.9] - 2021-12-01
### Added
* CLI: Skipped dependencies are now listed in the output of `pip-audit`,
for supporting output formats
([#145](https://github.com/trailofbits/pip-audit/pull/145))
* CLI: `pip-audit` now supports a "strict" mode (enabled with `-S` or
`--strict`) that fails if the audit if any individual dependency cannot be
resolved or audited. The default behavior is still to skip any individual
dependency errors ([#146](https://github.com/trailofbits/pip-audit/pull/146))
diffstat:
security/py-pip-audit/Makefile | 15 +-
security/py-pip-audit/PLIST | 128 ++++++++++++++------------
security/py-pip-audit/distinfo | 9 +-
security/py-pip-audit/patches/patch-setup.py | 15 ---
4 files changed, 79 insertions(+), 88 deletions(-)
diffs (215 lines):
diff -r 1297e767cdc2 -r 1fff236966a4 security/py-pip-audit/Makefile
--- a/security/py-pip-audit/Makefile Tue Dec 07 19:53:37 2021 +0000
+++ b/security/py-pip-audit/Makefile Tue Dec 07 20:27:07 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2021/11/16 16:04:40 wiz Exp $
+# $NetBSD: Makefile,v 1.2 2021/12/07 20:27:07 wiz Exp $
-DISTNAME= pip-audit-0.0.5
+DISTNAME= pip-audit-1.1.0
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= security python
# pypi file does not include tests
@@ -14,11 +14,12 @@
COMMENT= Scan Python environments for known vulnerabilities
LICENSE= apache-2.0
-DEPENDS+= ${PYPKGPREFIX}-cachecontrol>=0.12.6:../../devel/py-cachecontrol
+DEPENDS+= ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
+DEPENDS+= ${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
DEPENDS+= ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
DEPENDS+= ${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
DEPENDS+= ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.23:../../devel/py-pip-api
+DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
DEPENDS+= ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
DEPENDS+= ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -39,9 +40,9 @@
${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
-# as of 0.0.4
-# 2 failed, 46 passed
-# https://github.com/trailofbits/pip-audit/issues/115
+# as of 1.1.0
+# 2 failed, 59 passed
+# https://github.com/trailofbits/pip-audit/issues/195
TEST_ENV+= PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
do-test:
cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff -r 1297e767cdc2 -r 1fff236966a4 security/py-pip-audit/PLIST
--- a/security/py-pip-audit/PLIST Tue Dec 07 19:53:37 2021 +0000
+++ b/security/py-pip-audit/PLIST Tue Dec 07 20:27:07 2021 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2021/11/16 16:04:40 wiz Exp $
+@comment $NetBSD: PLIST,v 1.2 2021/12/07 20:27:07 wiz Exp $
bin/pip-audit-${PYVERSSUFFIX}
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -9,66 +9,72 @@
${PYSITELIB}/pip_audit/__init__.py
${PYSITELIB}/pip_audit/__init__.pyc
${PYSITELIB}/pip_audit/__init__.pyo
+${PYSITELIB}/pip_audit/__main__.py
+${PYSITELIB}/pip_audit/__main__.pyc
+${PYSITELIB}/pip_audit/__main__.pyo
+${PYSITELIB}/pip_audit/_audit.py
+${PYSITELIB}/pip_audit/_audit.pyc
+${PYSITELIB}/pip_audit/_audit.pyo
+${PYSITELIB}/pip_audit/_cli.py
+${PYSITELIB}/pip_audit/_cli.pyc
+${PYSITELIB}/pip_audit/_cli.pyo
+${PYSITELIB}/pip_audit/_dependency_source/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/interface.py
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyc
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyo
+${PYSITELIB}/pip_audit/_dependency_source/pip.py
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyc
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyo
+${PYSITELIB}/pip_audit/_dependency_source/requirement.py
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyc
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_format/__init__.py
+${PYSITELIB}/pip_audit/_format/__init__.pyc
+${PYSITELIB}/pip_audit/_format/__init__.pyo
+${PYSITELIB}/pip_audit/_format/columns.py
+${PYSITELIB}/pip_audit/_format/columns.pyc
+${PYSITELIB}/pip_audit/_format/columns.pyo
+${PYSITELIB}/pip_audit/_format/cyclonedx.py
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyc
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyo
+${PYSITELIB}/pip_audit/_format/interface.py
+${PYSITELIB}/pip_audit/_format/interface.pyc
+${PYSITELIB}/pip_audit/_format/interface.pyo
+${PYSITELIB}/pip_audit/_format/json.py
+${PYSITELIB}/pip_audit/_format/json.pyc
+${PYSITELIB}/pip_audit/_format/json.pyo
+${PYSITELIB}/pip_audit/_service/__init__.py
+${PYSITELIB}/pip_audit/_service/__init__.pyc
+${PYSITELIB}/pip_audit/_service/__init__.pyo
+${PYSITELIB}/pip_audit/_service/interface.py
+${PYSITELIB}/pip_audit/_service/interface.pyc
+${PYSITELIB}/pip_audit/_service/interface.pyo
+${PYSITELIB}/pip_audit/_service/osv.py
+${PYSITELIB}/pip_audit/_service/osv.pyc
+${PYSITELIB}/pip_audit/_service/osv.pyo
+${PYSITELIB}/pip_audit/_service/pypi.py
+${PYSITELIB}/pip_audit/_service/pypi.pyc
+${PYSITELIB}/pip_audit/_service/pypi.pyo
+${PYSITELIB}/pip_audit/_state.py
+${PYSITELIB}/pip_audit/_state.pyc
+${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_util.py
+${PYSITELIB}/pip_audit/_util.pyc
+${PYSITELIB}/pip_audit/_util.pyo
${PYSITELIB}/pip_audit/_version.py
${PYSITELIB}/pip_audit/_version.pyc
${PYSITELIB}/pip_audit/_version.pyo
-${PYSITELIB}/pip_audit/audit.py
-${PYSITELIB}/pip_audit/audit.pyc
-${PYSITELIB}/pip_audit/audit.pyo
-${PYSITELIB}/pip_audit/cli.py
-${PYSITELIB}/pip_audit/cli.pyc
-${PYSITELIB}/pip_audit/cli.pyo
-${PYSITELIB}/pip_audit/dependency_source/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/interface.py
-${PYSITELIB}/pip_audit/dependency_source/interface.pyc
-${PYSITELIB}/pip_audit/dependency_source/interface.pyo
-${PYSITELIB}/pip_audit/dependency_source/pip.py
-${PYSITELIB}/pip_audit/dependency_source/pip.pyc
-${PYSITELIB}/pip_audit/dependency_source/pip.pyo
-${PYSITELIB}/pip_audit/dependency_source/requirement.py
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyc
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyo
-${PYSITELIB}/pip_audit/format/__init__.py
-${PYSITELIB}/pip_audit/format/__init__.pyc
-${PYSITELIB}/pip_audit/format/__init__.pyo
-${PYSITELIB}/pip_audit/format/columns.py
-${PYSITELIB}/pip_audit/format/columns.pyc
-${PYSITELIB}/pip_audit/format/columns.pyo
-${PYSITELIB}/pip_audit/format/interface.py
-${PYSITELIB}/pip_audit/format/interface.pyc
-${PYSITELIB}/pip_audit/format/interface.pyo
-${PYSITELIB}/pip_audit/format/json.py
-${PYSITELIB}/pip_audit/format/json.pyc
-${PYSITELIB}/pip_audit/format/json.pyo
-${PYSITELIB}/pip_audit/service/__init__.py
-${PYSITELIB}/pip_audit/service/__init__.pyc
-${PYSITELIB}/pip_audit/service/__init__.pyo
-${PYSITELIB}/pip_audit/service/interface.py
-${PYSITELIB}/pip_audit/service/interface.pyc
-${PYSITELIB}/pip_audit/service/interface.pyo
-${PYSITELIB}/pip_audit/service/osv.py
-${PYSITELIB}/pip_audit/service/osv.pyc
-${PYSITELIB}/pip_audit/service/osv.pyo
-${PYSITELIB}/pip_audit/service/pypi.py
-${PYSITELIB}/pip_audit/service/pypi.pyc
-${PYSITELIB}/pip_audit/service/pypi.pyo
-${PYSITELIB}/pip_audit/state.py
-${PYSITELIB}/pip_audit/state.pyc
-${PYSITELIB}/pip_audit/state.pyo
-${PYSITELIB}/pip_audit/util.py
-${PYSITELIB}/pip_audit/util.pyc
-${PYSITELIB}/pip_audit/util.pyo
-${PYSITELIB}/pip_audit/virtual_env.py
-${PYSITELIB}/pip_audit/virtual_env.pyc
-${PYSITELIB}/pip_audit/virtual_env.pyo
+${PYSITELIB}/pip_audit/_virtual_env.py
+${PYSITELIB}/pip_audit/_virtual_env.pyc
+${PYSITELIB}/pip_audit/_virtual_env.pyo
diff -r 1297e767cdc2 -r 1fff236966a4 security/py-pip-audit/distinfo
--- a/security/py-pip-audit/distinfo Tue Dec 07 19:53:37 2021 +0000
+++ b/security/py-pip-audit/distinfo Tue Dec 07 20:27:07 2021 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.1 2021/11/16 16:04:40 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/12/07 20:27:07 wiz Exp $
-BLAKE2s (pip-audit-0.0.5.tar.gz) = c60ea00a1e24ff8e0677ae3d8d7d72b606e919475534b108de32174b2cad7826
-SHA512 (pip-audit-0.0.5.tar.gz) = 018aa04901baee74399314faa3afeebd141be91d4bba7621f5c657281458ae5a7d90db60e3059d9bfec858dc0e4251b9c56321b8d22d2533edf9db1154180a03
-Size (pip-audit-0.0.5.tar.gz) = 31766 bytes
-SHA1 (patch-setup.py) = 2171a0cc6c3b737844cce29f1c38d1099115f640
+BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
+SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
+Size (pip-audit-1.1.0.tar.gz) = 41526 bytes
diff -r 1297e767cdc2 -r 1fff236966a4 security/py-pip-audit/patches/patch-setup.py
--- a/security/py-pip-audit/patches/patch-setup.py Tue Dec 07 19:53:37 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-setup.py,v 1.1 2021/11/16 16:04:40 wiz Exp $
-
-Do not insist on one particular version of CacheControl.
-
---- setup.py.orig 2021-11-09 22:42:57.000000000 +0000
-+++ setup.py
-@@ -35,7 +35,7 @@ setup(
- "progress>=1.6",
- "resolvelib>=0.8.0",
- "html5lib>=1.1",
-- "CacheControl==0.12.10",
-+ "CacheControl>=0.12.10",
- "lockfile>=0.12.2",
- ],
- extras_require={
Home |
Main Index |
Thread Index |
Old Index