Skip to content

Commit

Permalink
py-pip-audit: update to 1.1.0.
Browse files Browse the repository at this point in the history 
## [1.1.0]

### Added

* CLI: The `--path <PATH>` flag has been added, allowing users to limit
  dependency discovery to one or more paths (specified separately)
  when `pip-audit` is invoked in environment mode
  ([#148](pypa/pip-audit#148))

* CLI: The `pip-audit` CLI can now be accessed through `python -m pip_audit`.
  All functionality is identical to the functionality provided by the
  `pip-audit` entrypoint
  ([#173](pypa/pip-audit#173))

* CLI: The `--verbose` flag has been added, allowing users to receive more
  more verbose output from `pip-audit`. Supplying the `--verbose` flag
  overrides the `PIP_AUDIT_LOGLEVEL` environment variable and is equivalent to
  setting it to `debug`
  ([#185](pypa/pip-audit#185))

### Changed

* CLI: `pip-audit` now clears its spinner bar from the terminal upon
  completion, preventing visual confusion
  ([#174](pypa/pip-audit#174))

### Fixed

* Dependency sources: a crash caused by `platform.python_version` returning
  an version string that couldn't be parsed as a PEP-440 version was fixed
  ([#175](pypa/pip-audit#175))

* Dependency sources: a crash caused by incorrect assumptions about
  the structure of source distributions was fixed
  ([#166](pypa/pip-audit#166))

* Vulnerability sources: a performance issue on Windows caused by cache failures
  was fixed ([#178](pypa/pip-audit#178))

## [1.0.1] - 2021-12-02

### Fixed

* CLI: The `--desc` flag no longer requires a following argument. If passed
  as a bare option, `--desc` is equivalent to `--desc on`
  ([#153](pypa/pip-audit#153))

* Dependency resolution: The PyPI-based dependency resolver no longer throws
  an uncaught exception on package resolution errors; instead, the package
  is marked as skipped and an appropriate warning or fatal error (in
  `--strict` mode) is produced
  ([#162](pypa/pip-audit#162))

* CLI: When providing the `--cache-dir` flag, the command to read the pip cache
  directory is no longer executed. Previously this was always executed and
  could result into failure when the command fails. In CI environments, the
  default `~/.cache` directory is typically not writable by the build user and
  this meant that the `python -m pip cache dir` would fail before this fix,
  even if the `--cache-dir` flag was provided.
  ([#161](pypa/pip-audit#161))

## [1.0.0] - 2021-12-01

### Added

* This is the first stable release of `pip-audit`! The CLI is considered
  stable from this point on, and all changes will comply with
  [Semantic Versioning](https://semver.org/)

## [0.0.9] - 2021-12-01

### Added

* CLI: Skipped dependencies are now listed in the output of `pip-audit`,
  for supporting output formats
  ([#145](pypa/pip-audit#145))
* CLI: `pip-audit` now supports a "strict" mode (enabled with `-S` or
  `--strict`) that fails if the audit if any individual dependency cannot be
  resolved or audited. The default behavior is still to skip any individual
  dependency errors ([#146](pypa/pip-audit#146))
  • Loading branch information
wiz committed Dec 7, 2021
1 parent acfd03b commit a531a3f
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 88 deletions.
15 changes: 8 additions & 7 deletions security/py-pip-audit/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.1 2021/11/16 16:04:40 wiz Exp $
# $NetBSD: Makefile,v 1.2 2021/12/07 20:27:07 wiz Exp $

DISTNAME= pip-audit-0.0.5
DISTNAME= pip-audit-1.1.0
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= security python
# pypi file does not include tests
Expand All @@ -14,11 +14,12 @@ HOMEPAGE= https://pypi.org/project/pip-audit/
COMMENT= Scan Python environments for known vulnerabilities
LICENSE= apache-2.0

DEPENDS+= ${PYPKGPREFIX}-cachecontrol>=0.12.6:../../devel/py-cachecontrol
DEPENDS+= ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
DEPENDS+= ${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
DEPENDS+= ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
DEPENDS+= ${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
DEPENDS+= ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.23:../../devel/py-pip-api
DEPENDS+= ${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
DEPENDS+= ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
DEPENDS+= ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
Expand All @@ -39,9 +40,9 @@ post-install:
${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test

# as of 0.0.4
# 2 failed, 46 passed
# https://github.com/trailofbits/pip-audit/issues/115
# as of 1.1.0
# 2 failed, 59 passed
# https://github.com/trailofbits/pip-audit/issues/195
TEST_ENV+= PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
do-test:
cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
Expand Down
128 changes: 67 additions & 61 deletions security/py-pip-audit/PLIST
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.1 2021/11/16 16:04:40 wiz Exp $
@comment $NetBSD: PLIST,v 1.2 2021/12/07 20:27:07 wiz Exp $
bin/pip-audit-${PYVERSSUFFIX}
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
Expand All @@ -9,66 +9,72 @@ ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
${PYSITELIB}/pip_audit/__init__.py
${PYSITELIB}/pip_audit/__init__.pyc
${PYSITELIB}/pip_audit/__init__.pyo
${PYSITELIB}/pip_audit/__main__.py
${PYSITELIB}/pip_audit/__main__.pyc
${PYSITELIB}/pip_audit/__main__.pyo
${PYSITELIB}/pip_audit/_audit.py
${PYSITELIB}/pip_audit/_audit.pyc
${PYSITELIB}/pip_audit/_audit.pyo
${PYSITELIB}/pip_audit/_cli.py
${PYSITELIB}/pip_audit/_cli.pyc
${PYSITELIB}/pip_audit/_cli.pyo
${PYSITELIB}/pip_audit/_dependency_source/__init__.py
${PYSITELIB}/pip_audit/_dependency_source/__init__.pyc
${PYSITELIB}/pip_audit/_dependency_source/__init__.pyo
${PYSITELIB}/pip_audit/_dependency_source/interface.py
${PYSITELIB}/pip_audit/_dependency_source/interface.pyc
${PYSITELIB}/pip_audit/_dependency_source/interface.pyo
${PYSITELIB}/pip_audit/_dependency_source/pip.py
${PYSITELIB}/pip_audit/_dependency_source/pip.pyc
${PYSITELIB}/pip_audit/_dependency_source/pip.pyo
${PYSITELIB}/pip_audit/_dependency_source/requirement.py
${PYSITELIB}/pip_audit/_dependency_source/requirement.pyc
${PYSITELIB}/pip_audit/_dependency_source/requirement.pyo
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.py
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyc
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyo
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.py
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyc
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
${PYSITELIB}/pip_audit/_format/__init__.py
${PYSITELIB}/pip_audit/_format/__init__.pyc
${PYSITELIB}/pip_audit/_format/__init__.pyo
${PYSITELIB}/pip_audit/_format/columns.py
${PYSITELIB}/pip_audit/_format/columns.pyc
${PYSITELIB}/pip_audit/_format/columns.pyo
${PYSITELIB}/pip_audit/_format/cyclonedx.py
${PYSITELIB}/pip_audit/_format/cyclonedx.pyc
${PYSITELIB}/pip_audit/_format/cyclonedx.pyo
${PYSITELIB}/pip_audit/_format/interface.py
${PYSITELIB}/pip_audit/_format/interface.pyc
${PYSITELIB}/pip_audit/_format/interface.pyo
${PYSITELIB}/pip_audit/_format/json.py
${PYSITELIB}/pip_audit/_format/json.pyc
${PYSITELIB}/pip_audit/_format/json.pyo
${PYSITELIB}/pip_audit/_service/__init__.py
${PYSITELIB}/pip_audit/_service/__init__.pyc
${PYSITELIB}/pip_audit/_service/__init__.pyo
${PYSITELIB}/pip_audit/_service/interface.py
${PYSITELIB}/pip_audit/_service/interface.pyc
${PYSITELIB}/pip_audit/_service/interface.pyo
${PYSITELIB}/pip_audit/_service/osv.py
${PYSITELIB}/pip_audit/_service/osv.pyc
${PYSITELIB}/pip_audit/_service/osv.pyo
${PYSITELIB}/pip_audit/_service/pypi.py
${PYSITELIB}/pip_audit/_service/pypi.pyc
${PYSITELIB}/pip_audit/_service/pypi.pyo
${PYSITELIB}/pip_audit/_state.py
${PYSITELIB}/pip_audit/_state.pyc
${PYSITELIB}/pip_audit/_state.pyo
${PYSITELIB}/pip_audit/_util.py
${PYSITELIB}/pip_audit/_util.pyc
${PYSITELIB}/pip_audit/_util.pyo
${PYSITELIB}/pip_audit/_version.py
${PYSITELIB}/pip_audit/_version.pyc
${PYSITELIB}/pip_audit/_version.pyo
${PYSITELIB}/pip_audit/audit.py
${PYSITELIB}/pip_audit/audit.pyc
${PYSITELIB}/pip_audit/audit.pyo
${PYSITELIB}/pip_audit/cli.py
${PYSITELIB}/pip_audit/cli.pyc
${PYSITELIB}/pip_audit/cli.pyo
${PYSITELIB}/pip_audit/dependency_source/__init__.py
${PYSITELIB}/pip_audit/dependency_source/__init__.pyc
${PYSITELIB}/pip_audit/dependency_source/__init__.pyo
${PYSITELIB}/pip_audit/dependency_source/interface.py
${PYSITELIB}/pip_audit/dependency_source/interface.pyc
${PYSITELIB}/pip_audit/dependency_source/interface.pyo
${PYSITELIB}/pip_audit/dependency_source/pip.py
${PYSITELIB}/pip_audit/dependency_source/pip.pyc
${PYSITELIB}/pip_audit/dependency_source/pip.pyo
${PYSITELIB}/pip_audit/dependency_source/requirement.py
${PYSITELIB}/pip_audit/dependency_source/requirement.pyc
${PYSITELIB}/pip_audit/dependency_source/requirement.pyo
${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.py
${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyc
${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyo
${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.py
${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyc
${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyo
${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.py
${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyc
${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyo
${PYSITELIB}/pip_audit/format/__init__.py
${PYSITELIB}/pip_audit/format/__init__.pyc
${PYSITELIB}/pip_audit/format/__init__.pyo
${PYSITELIB}/pip_audit/format/columns.py
${PYSITELIB}/pip_audit/format/columns.pyc
${PYSITELIB}/pip_audit/format/columns.pyo
${PYSITELIB}/pip_audit/format/interface.py
${PYSITELIB}/pip_audit/format/interface.pyc
${PYSITELIB}/pip_audit/format/interface.pyo
${PYSITELIB}/pip_audit/format/json.py
${PYSITELIB}/pip_audit/format/json.pyc
${PYSITELIB}/pip_audit/format/json.pyo
${PYSITELIB}/pip_audit/service/__init__.py
${PYSITELIB}/pip_audit/service/__init__.pyc
${PYSITELIB}/pip_audit/service/__init__.pyo
${PYSITELIB}/pip_audit/service/interface.py
${PYSITELIB}/pip_audit/service/interface.pyc
${PYSITELIB}/pip_audit/service/interface.pyo
${PYSITELIB}/pip_audit/service/osv.py
${PYSITELIB}/pip_audit/service/osv.pyc
${PYSITELIB}/pip_audit/service/osv.pyo
${PYSITELIB}/pip_audit/service/pypi.py
${PYSITELIB}/pip_audit/service/pypi.pyc
${PYSITELIB}/pip_audit/service/pypi.pyo
${PYSITELIB}/pip_audit/state.py
${PYSITELIB}/pip_audit/state.pyc
${PYSITELIB}/pip_audit/state.pyo
${PYSITELIB}/pip_audit/util.py
${PYSITELIB}/pip_audit/util.pyc
${PYSITELIB}/pip_audit/util.pyo
${PYSITELIB}/pip_audit/virtual_env.py
${PYSITELIB}/pip_audit/virtual_env.pyc
${PYSITELIB}/pip_audit/virtual_env.pyo
${PYSITELIB}/pip_audit/_virtual_env.py
${PYSITELIB}/pip_audit/_virtual_env.pyc
${PYSITELIB}/pip_audit/_virtual_env.pyo
9 changes: 4 additions & 5 deletions security/py-pip-audit/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
$NetBSD: distinfo,v 1.1 2021/11/16 16:04:40 wiz Exp $
$NetBSD: distinfo,v 1.2 2021/12/07 20:27:07 wiz Exp $

BLAKE2s (pip-audit-0.0.5.tar.gz) = c60ea00a1e24ff8e0677ae3d8d7d72b606e919475534b108de32174b2cad7826
SHA512 (pip-audit-0.0.5.tar.gz) = 018aa04901baee74399314faa3afeebd141be91d4bba7621f5c657281458ae5a7d90db60e3059d9bfec858dc0e4251b9c56321b8d22d2533edf9db1154180a03
Size (pip-audit-0.0.5.tar.gz) = 31766 bytes
SHA1 (patch-setup.py) = 2171a0cc6c3b737844cce29f1c38d1099115f640
BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
Size (pip-audit-1.1.0.tar.gz) = 41526 bytes
15 changes: 0 additions & 15 deletions security/py-pip-audit/patches/patch-setup.py
View file

This file was deleted.

0 comments on commit a531a3f

Please sign in to comment.