pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/py-pip-audit py-pip-audit: update to 2.0.0.
details: https://anonhg.NetBSD.org/pkgsrc/rev/cc518a85b5e6
branches: trunk
changeset: 374382:cc518a85b5e6
user: wiz <wiz%pkgsrc.org@localhost>
date: Sun Feb 20 21:27:35 2022 +0000
description:
py-pip-audit: update to 2.0.0.
### Added
* CLI: The `--fix` flag has been added, allowing users to attempt to
automatically upgrade any vulnerable dependencies to the first safe version
available ([#212](https://github.com/trailofbits/pip-audit/pull/212),
[#222](https://github.com/trailofbits/pip-audit/pull/222))
* CLI: The combination of `--fix` and `--dry-run` is now supported, causing
`pip-audit` to perform the auditing step but not any resulting fix steps
([#223](https://github.com/trailofbits/pip-audit/pull/223))
* CLI: The `--require-hashes` flag has been added which can be used in
conjunction with `-r` to check that all requirements in the file have an
associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229))
* CLI: The `--index-url` flag has been added, allowing users to use custom
package indices when running with the `-r` flag
([#238](https://github.com/trailofbits/pip-audit/pull/238))
* CLI: The `--extra-index-url` flag has been added, allowing users to use
multiple package indices when running with the `-r` flag
([#238](https://github.com/trailofbits/pip-audit/pull/238))
### Changed
* `pip-audit`'s minimum Python version is now 3.7.
* CLI: The default output format is now correctly pluralized
([#221](https://github.com/trailofbits/pip-audit/pull/221))
* Output formats: The SBOM output formats (`--format=cyclonedx-xml` and
`--format=cyclonedx-json`) now use CycloneDX
[Schema 1.4](https://cyclonedx.org/docs/1.4/xml/)
([#216](https://github.com/trailofbits/pip-audit/pull/216))
* Vulnerability sources: When using PyPI as a vulnerability service, any hashes
provided in a requirements file are checked against those reported by PyPI
([#229](https://github.com/trailofbits/pip-audit/pull/229))
* Vulnerability sources: `pip-audit` now uniques each result based on its
alias set, reducing the amount of duplicate information in the default
columnar output format
([#232](https://github.com/trailofbits/pip-audit/pull/232))
* CLI: `pip-audit` now prints its output more frequently, including when
there are no discovered vulnerabilities but packages were skipped.
Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted
unconditionally
([#240](https://github.com/trailofbits/pip-audit/pull/240))
### Fixed
* CLI: A regression causing excess output during `pip audit -r`
was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226))
diffstat:
security/py-pip-audit/Makefile | 13 ++++++-------
security/py-pip-audit/PLIST | 8 +++++++-
security/py-pip-audit/distinfo | 8 ++++----
3 files changed, 17 insertions(+), 12 deletions(-)
diffs (79 lines):
diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/Makefile
--- a/security/py-pip-audit/Makefile Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/Makefile Sun Feb 20 21:27:35 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2022/01/16 23:06:31 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2022/02/20 21:27:35 wiz Exp $
-DISTNAME= pip-audit-1.1.2
+DISTNAME= pip-audit-2.0.0
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= security python
# pypi file does not include tests
@@ -15,11 +15,10 @@
LICENSE= apache-2.0
DEPENDS+= ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
-DEPENDS+= ${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
+DEPENDS+= ${PYPKGPREFIX}-cyclonedx-python-lib>=1.0.0:../../security/py-cyclonedx-python-lib
DEPENDS+= ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
-DEPENDS+= ${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
DEPENDS+= ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
+DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.27:../../devel/py-pip-api
DEPENDS+= ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
DEPENDS+= ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -36,8 +35,8 @@
${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
-# as of 1.1.1
-# 1 failed, 63 passed
+# as of 2.0.0
+# 1 failed, 115 passed
TEST_ENV+= PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
do-test:
cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/PLIST
--- a/security/py-pip-audit/PLIST Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/PLIST Sun Feb 20 21:27:35 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2021/12/12 10:04:44 wiz Exp $
+@comment $NetBSD: PLIST,v 1.4 2022/02/20 21:27:35 wiz Exp $
bin/pip-audit-${PYVERSSUFFIX}
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -42,6 +42,9 @@
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_fix.py
+${PYSITELIB}/pip_audit/_fix.pyc
+${PYSITELIB}/pip_audit/_fix.pyo
${PYSITELIB}/pip_audit/_format/__init__.py
${PYSITELIB}/pip_audit/_format/__init__.pyc
${PYSITELIB}/pip_audit/_format/__init__.pyo
@@ -72,6 +75,9 @@
${PYSITELIB}/pip_audit/_state.py
${PYSITELIB}/pip_audit/_state.pyc
${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_subprocess.py
+${PYSITELIB}/pip_audit/_subprocess.pyc
+${PYSITELIB}/pip_audit/_subprocess.pyo
${PYSITELIB}/pip_audit/_util.py
${PYSITELIB}/pip_audit/_util.pyc
${PYSITELIB}/pip_audit/_util.pyo
diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/distinfo
--- a/security/py-pip-audit/distinfo Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/distinfo Sun Feb 20 21:27:35 2022 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2022/01/16 23:06:31 wiz Exp $
+$NetBSD: distinfo,v 1.6 2022/02/20 21:27:35 wiz Exp $
-BLAKE2s (pip-audit-1.1.2.tar.gz) = b5619687d0de3db1ec091bd8a927ca94bf3a621c2f403daa1b107a1078f029b2
-SHA512 (pip-audit-1.1.2.tar.gz) = bc77a98d11ac3733427d31ed5cfcebafcbb41e73289702a1ad7f2dfb603e3bf6a82f9e81a556824eb0dd22ef45027c22d53678b01dbd6e371bf0a4324ef76bea
-Size (pip-audit-1.1.2.tar.gz) = 42811 bytes
+BLAKE2s (pip-audit-2.0.0.tar.gz) = d88d048fecf33ce95232759d6495902fd9ad169a6b3acf694db6d301d442a9da
+SHA512 (pip-audit-2.0.0.tar.gz) = 2c904a424d67b3308b52d6ef6968847987c4df026f22a8e7af6ee3bdf8170b4f62ef993bf82455fed5ecb76b29b9f35239cd27626a891000c38011b60102f56c
+Size (pip-audit-2.0.0.tar.gz) = 54237 bytes
Home |
Main Index |
Thread Index |
Old Index