pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/py-pip-audit py-pip-audit: update to 2.0.0.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/cc518a85b5e6
branches:  trunk
changeset: 374382:cc518a85b5e6
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Feb 20 21:27:35 2022 +0000

description:
py-pip-audit: update to 2.0.0.

### Added

* CLI: The `--fix` flag has been added, allowing users to attempt to
  automatically upgrade any vulnerable dependencies to the first safe version
  available ([#212](https://github.com/trailofbits/pip-audit/pull/212),
  [#222](https://github.com/trailofbits/pip-audit/pull/222))

* CLI: The combination of `--fix` and `--dry-run` is now supported, causing
  `pip-audit` to perform the auditing step but not any resulting fix steps
  ([#223](https://github.com/trailofbits/pip-audit/pull/223))

* CLI: The `--require-hashes` flag has been added which can be used in
  conjunction with `-r` to check that all requirements in the file have an
  associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229))

* CLI: The `--index-url` flag has been added, allowing users to use custom
  package indices when running with the `-r` flag
  ([#238](https://github.com/trailofbits/pip-audit/pull/238))

* CLI: The `--extra-index-url` flag has been added, allowing users to use
  multiple package indices when running with the `-r` flag
  ([#238](https://github.com/trailofbits/pip-audit/pull/238))

### Changed

* `pip-audit`'s minimum Python version is now 3.7.

* CLI: The default output format is now correctly pluralized
  ([#221](https://github.com/trailofbits/pip-audit/pull/221))

* Output formats: The SBOM output formats (`--format=cyclonedx-xml` and
  `--format=cyclonedx-json`) now use CycloneDX
  [Schema 1.4](https://cyclonedx.org/docs/1.4/xml/)
  ([#216](https://github.com/trailofbits/pip-audit/pull/216))

* Vulnerability sources: When using PyPI as a vulnerability service, any hashes
  provided in a requirements file are checked against those reported by PyPI
  ([#229](https://github.com/trailofbits/pip-audit/pull/229))

* Vulnerability sources: `pip-audit` now uniques each result based on its
  alias set, reducing the amount of duplicate information in the default
  columnar output format
  ([#232](https://github.com/trailofbits/pip-audit/pull/232))

* CLI: `pip-audit` now prints its output more frequently, including when
  there are no discovered vulnerabilities but packages were skipped.
  Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted
  unconditionally
  ([#240](https://github.com/trailofbits/pip-audit/pull/240))

### Fixed

* CLI: A regression causing excess output during `pip audit -r`
  was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226))

diffstat:

 security/py-pip-audit/Makefile |  13 ++++++-------
 security/py-pip-audit/PLIST    |   8 +++++++-
 security/py-pip-audit/distinfo |   8 ++++----
 3 files changed, 17 insertions(+), 12 deletions(-)

diffs (79 lines):

diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/Makefile
--- a/security/py-pip-audit/Makefile    Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/Makefile    Sun Feb 20 21:27:35 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2022/01/16 23:06:31 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2022/02/20 21:27:35 wiz Exp $
 
-DISTNAME=      pip-audit-1.1.2
+DISTNAME=      pip-audit-2.0.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 # pypi file does not include tests
@@ -15,11 +15,10 @@
 LICENSE=       apache-2.0
 
 DEPENDS+=      ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
-DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
+DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=1.0.0:../../security/py-cyclonedx-python-lib
 DEPENDS+=      ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
-DEPENDS+=      ${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
 DEPENDS+=      ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
+DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.27:../../devel/py-pip-api
 DEPENDS+=      ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=      ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
 TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -36,8 +35,8 @@
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
        ${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
 
-# as of 1.1.1
-# 1 failed, 63 passed
+# as of 2.0.0
+# 1 failed, 115 passed
 TEST_ENV+=     PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
        cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/PLIST
--- a/security/py-pip-audit/PLIST       Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/PLIST       Sun Feb 20 21:27:35 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2021/12/12 10:04:44 wiz Exp $
+@comment $NetBSD: PLIST,v 1.4 2022/02/20 21:27:35 wiz Exp $
 bin/pip-audit-${PYVERSSUFFIX}
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -42,6 +42,9 @@
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_fix.py
+${PYSITELIB}/pip_audit/_fix.pyc
+${PYSITELIB}/pip_audit/_fix.pyo
 ${PYSITELIB}/pip_audit/_format/__init__.py
 ${PYSITELIB}/pip_audit/_format/__init__.pyc
 ${PYSITELIB}/pip_audit/_format/__init__.pyo
@@ -72,6 +75,9 @@
 ${PYSITELIB}/pip_audit/_state.py
 ${PYSITELIB}/pip_audit/_state.pyc
 ${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_subprocess.py
+${PYSITELIB}/pip_audit/_subprocess.pyc
+${PYSITELIB}/pip_audit/_subprocess.pyo
 ${PYSITELIB}/pip_audit/_util.py
 ${PYSITELIB}/pip_audit/_util.pyc
 ${PYSITELIB}/pip_audit/_util.pyo
diff -r b72c2a232b22 -r cc518a85b5e6 security/py-pip-audit/distinfo
--- a/security/py-pip-audit/distinfo    Sun Feb 20 21:23:52 2022 +0000
+++ b/security/py-pip-audit/distinfo    Sun Feb 20 21:27:35 2022 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2022/01/16 23:06:31 wiz Exp $
+$NetBSD: distinfo,v 1.6 2022/02/20 21:27:35 wiz Exp $
 
-BLAKE2s (pip-audit-1.1.2.tar.gz) = b5619687d0de3db1ec091bd8a927ca94bf3a621c2f403daa1b107a1078f029b2
-SHA512 (pip-audit-1.1.2.tar.gz) = bc77a98d11ac3733427d31ed5cfcebafcbb41e73289702a1ad7f2dfb603e3bf6a82f9e81a556824eb0dd22ef45027c22d53678b01dbd6e371bf0a4324ef76bea
-Size (pip-audit-1.1.2.tar.gz) = 42811 bytes
+BLAKE2s (pip-audit-2.0.0.tar.gz) = d88d048fecf33ce95232759d6495902fd9ad169a6b3acf694db6d301d442a9da
+SHA512 (pip-audit-2.0.0.tar.gz) = 2c904a424d67b3308b52d6ef6968847987c4df026f22a8e7af6ee3bdf8170b4f62ef993bf82455fed5ecb76b29b9f35239cd27626a891000c38011b60102f56c
+Size (pip-audit-2.0.0.tar.gz) = 54237 bytes



Home | Main Index | Thread Index | Old Index