From a531a3ffeb2d2cf8e5b124d53a380cee105b1464 Mon Sep 17 00:00:00 2001
From: wiz <wiz@pkgsrc.org>
Date: Tue, 7 Dec 2021 20:27:07 +0000
Subject: [PATCH] py-pip-audit: update to 1.1.0.

## [1.1.0]

### Added

* CLI: The `--path <PATH>` flag has been added, allowing users to limit
  dependency discovery to one or more paths (specified separately)
  when `pip-audit` is invoked in environment mode
  ([#148](https://github.com/trailofbits/pip-audit/pull/148))

* CLI: The `pip-audit` CLI can now be accessed through `python -m pip_audit`.
  All functionality is identical to the functionality provided by the
  `pip-audit` entrypoint
  ([#173](https://github.com/trailofbits/pip-audit/pull/173))

* CLI: The `--verbose` flag has been added, allowing users to receive more
  more verbose output from `pip-audit`. Supplying the `--verbose` flag
  overrides the `PIP_AUDIT_LOGLEVEL` environment variable and is equivalent to
  setting it to `debug`
  ([#185](https://github.com/trailofbits/pip-audit/pull/185))

### Changed

* CLI: `pip-audit` now clears its spinner bar from the terminal upon
  completion, preventing visual confusion
  ([#174](https://github.com/trailofbits/pip-audit/pull/174))

### Fixed

* Dependency sources: a crash caused by `platform.python_version` returning
  an version string that couldn't be parsed as a PEP-440 version was fixed
  ([#175](https://github.com/trailofbits/pip-audit/pull/175))

* Dependency sources: a crash caused by incorrect assumptions about
  the structure of source distributions was fixed
  ([#166](https://github.com/trailofbits/pip-audit/pull/166))

* Vulnerability sources: a performance issue on Windows caused by cache failures
  was fixed ([#178](https://github.com/trailofbits/pip-audit/pull/178))

## [1.0.1] - 2021-12-02

### Fixed

* CLI: The `--desc` flag no longer requires a following argument. If passed
  as a bare option, `--desc` is equivalent to `--desc on`
  ([#153](https://github.com/trailofbits/pip-audit/pull/153))

* Dependency resolution: The PyPI-based dependency resolver no longer throws
  an uncaught exception on package resolution errors; instead, the package
  is marked as skipped and an appropriate warning or fatal error (in
  `--strict` mode) is produced
  ([#162](https://github.com/trailofbits/pip-audit/pull/162))

* CLI: When providing the `--cache-dir` flag, the command to read the pip cache
  directory is no longer executed. Previously this was always executed and
  could result into failure when the command fails. In CI environments, the
  default `~/.cache` directory is typically not writable by the build user and
  this meant that the `python -m pip cache dir` would fail before this fix,
  even if the `--cache-dir` flag was provided.
  ([#161](https://github.com/trailofbits/pip-audit/pull/161))

## [1.0.0] - 2021-12-01

### Added

* This is the first stable release of `pip-audit`! The CLI is considered
  stable from this point on, and all changes will comply with
  [Semantic Versioning](https://semver.org/)

## [0.0.9] - 2021-12-01

### Added

* CLI: Skipped dependencies are now listed in the output of `pip-audit`,
  for supporting output formats
  ([#145](https://github.com/trailofbits/pip-audit/pull/145))
* CLI: `pip-audit` now supports a "strict" mode (enabled with `-S` or
  `--strict`) that fails if the audit if any individual dependency cannot be
  resolved or audited. The default behavior is still to skip any individual
  dependency errors ([#146](https://github.com/trailofbits/pip-audit/pull/146))
---
 security/py-pip-audit/Makefile               |  15 ++-
 security/py-pip-audit/PLIST                  | 128 ++++++++++---------
 security/py-pip-audit/distinfo               |   9 +-
 security/py-pip-audit/patches/patch-setup.py |  15 ---
 4 files changed, 79 insertions(+), 88 deletions(-)
 delete mode 100644 security/py-pip-audit/patches/patch-setup.py

diff --git a/security/py-pip-audit/Makefile b/security/py-pip-audit/Makefile
index ac49a3b232e6..fac19e90352f 100644
--- a/security/py-pip-audit/Makefile
+++ b/security/py-pip-audit/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2021/11/16 16:04:40 wiz Exp $
+# $NetBSD: Makefile,v 1.2 2021/12/07 20:27:07 wiz Exp $
 
-DISTNAME=	pip-audit-0.0.5
+DISTNAME=	pip-audit-1.1.0
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	security python
 # pypi file does not include tests
@@ -14,11 +14,12 @@ HOMEPAGE=	https://pypi.org/project/pip-audit/
 COMMENT=	Scan Python environments for known vulnerabilities
 LICENSE=	apache-2.0
 
-DEPENDS+=	${PYPKGPREFIX}-cachecontrol>=0.12.6:../../devel/py-cachecontrol
+DEPENDS+=	${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
+DEPENDS+=	${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
 DEPENDS+=	${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
 DEPENDS+=	${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
 DEPENDS+=	${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+=	${PYPKGPREFIX}-pip-api>=0.0.23:../../devel/py-pip-api
+DEPENDS+=	${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
 DEPENDS+=	${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=	${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
 TEST_DEPENDS+=	${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -39,9 +40,9 @@ post-install:
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
 	${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
 
-# as of 0.0.4
-# 2 failed, 46 passed
-# https://github.com/trailofbits/pip-audit/issues/115
+# as of 1.1.0
+# 2 failed, 59 passed
+# https://github.com/trailofbits/pip-audit/issues/195
 TEST_ENV+=	PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
 	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff --git a/security/py-pip-audit/PLIST b/security/py-pip-audit/PLIST
index 5d39d023c24b..07a44fb5200d 100644
--- a/security/py-pip-audit/PLIST
+++ b/security/py-pip-audit/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2021/11/16 16:04:40 wiz Exp $
+@comment $NetBSD: PLIST,v 1.2 2021/12/07 20:27:07 wiz Exp $
 bin/pip-audit-${PYVERSSUFFIX}
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -9,66 +9,72 @@ ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
 ${PYSITELIB}/pip_audit/__init__.py
 ${PYSITELIB}/pip_audit/__init__.pyc
 ${PYSITELIB}/pip_audit/__init__.pyo
+${PYSITELIB}/pip_audit/__main__.py
+${PYSITELIB}/pip_audit/__main__.pyc
+${PYSITELIB}/pip_audit/__main__.pyo
+${PYSITELIB}/pip_audit/_audit.py
+${PYSITELIB}/pip_audit/_audit.pyc
+${PYSITELIB}/pip_audit/_audit.pyo
+${PYSITELIB}/pip_audit/_cli.py
+${PYSITELIB}/pip_audit/_cli.pyc
+${PYSITELIB}/pip_audit/_cli.pyo
+${PYSITELIB}/pip_audit/_dependency_source/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/interface.py
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyc
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyo
+${PYSITELIB}/pip_audit/_dependency_source/pip.py
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyc
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyo
+${PYSITELIB}/pip_audit/_dependency_source/requirement.py
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyc
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_format/__init__.py
+${PYSITELIB}/pip_audit/_format/__init__.pyc
+${PYSITELIB}/pip_audit/_format/__init__.pyo
+${PYSITELIB}/pip_audit/_format/columns.py
+${PYSITELIB}/pip_audit/_format/columns.pyc
+${PYSITELIB}/pip_audit/_format/columns.pyo
+${PYSITELIB}/pip_audit/_format/cyclonedx.py
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyc
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyo
+${PYSITELIB}/pip_audit/_format/interface.py
+${PYSITELIB}/pip_audit/_format/interface.pyc
+${PYSITELIB}/pip_audit/_format/interface.pyo
+${PYSITELIB}/pip_audit/_format/json.py
+${PYSITELIB}/pip_audit/_format/json.pyc
+${PYSITELIB}/pip_audit/_format/json.pyo
+${PYSITELIB}/pip_audit/_service/__init__.py
+${PYSITELIB}/pip_audit/_service/__init__.pyc
+${PYSITELIB}/pip_audit/_service/__init__.pyo
+${PYSITELIB}/pip_audit/_service/interface.py
+${PYSITELIB}/pip_audit/_service/interface.pyc
+${PYSITELIB}/pip_audit/_service/interface.pyo
+${PYSITELIB}/pip_audit/_service/osv.py
+${PYSITELIB}/pip_audit/_service/osv.pyc
+${PYSITELIB}/pip_audit/_service/osv.pyo
+${PYSITELIB}/pip_audit/_service/pypi.py
+${PYSITELIB}/pip_audit/_service/pypi.pyc
+${PYSITELIB}/pip_audit/_service/pypi.pyo
+${PYSITELIB}/pip_audit/_state.py
+${PYSITELIB}/pip_audit/_state.pyc
+${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_util.py
+${PYSITELIB}/pip_audit/_util.pyc
+${PYSITELIB}/pip_audit/_util.pyo
 ${PYSITELIB}/pip_audit/_version.py
 ${PYSITELIB}/pip_audit/_version.pyc
 ${PYSITELIB}/pip_audit/_version.pyo
-${PYSITELIB}/pip_audit/audit.py
-${PYSITELIB}/pip_audit/audit.pyc
-${PYSITELIB}/pip_audit/audit.pyo
-${PYSITELIB}/pip_audit/cli.py
-${PYSITELIB}/pip_audit/cli.pyc
-${PYSITELIB}/pip_audit/cli.pyo
-${PYSITELIB}/pip_audit/dependency_source/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/interface.py
-${PYSITELIB}/pip_audit/dependency_source/interface.pyc
-${PYSITELIB}/pip_audit/dependency_source/interface.pyo
-${PYSITELIB}/pip_audit/dependency_source/pip.py
-${PYSITELIB}/pip_audit/dependency_source/pip.pyc
-${PYSITELIB}/pip_audit/dependency_source/pip.pyo
-${PYSITELIB}/pip_audit/dependency_source/requirement.py
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyc
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyo
-${PYSITELIB}/pip_audit/format/__init__.py
-${PYSITELIB}/pip_audit/format/__init__.pyc
-${PYSITELIB}/pip_audit/format/__init__.pyo
-${PYSITELIB}/pip_audit/format/columns.py
-${PYSITELIB}/pip_audit/format/columns.pyc
-${PYSITELIB}/pip_audit/format/columns.pyo
-${PYSITELIB}/pip_audit/format/interface.py
-${PYSITELIB}/pip_audit/format/interface.pyc
-${PYSITELIB}/pip_audit/format/interface.pyo
-${PYSITELIB}/pip_audit/format/json.py
-${PYSITELIB}/pip_audit/format/json.pyc
-${PYSITELIB}/pip_audit/format/json.pyo
-${PYSITELIB}/pip_audit/service/__init__.py
-${PYSITELIB}/pip_audit/service/__init__.pyc
-${PYSITELIB}/pip_audit/service/__init__.pyo
-${PYSITELIB}/pip_audit/service/interface.py
-${PYSITELIB}/pip_audit/service/interface.pyc
-${PYSITELIB}/pip_audit/service/interface.pyo
-${PYSITELIB}/pip_audit/service/osv.py
-${PYSITELIB}/pip_audit/service/osv.pyc
-${PYSITELIB}/pip_audit/service/osv.pyo
-${PYSITELIB}/pip_audit/service/pypi.py
-${PYSITELIB}/pip_audit/service/pypi.pyc
-${PYSITELIB}/pip_audit/service/pypi.pyo
-${PYSITELIB}/pip_audit/state.py
-${PYSITELIB}/pip_audit/state.pyc
-${PYSITELIB}/pip_audit/state.pyo
-${PYSITELIB}/pip_audit/util.py
-${PYSITELIB}/pip_audit/util.pyc
-${PYSITELIB}/pip_audit/util.pyo
-${PYSITELIB}/pip_audit/virtual_env.py
-${PYSITELIB}/pip_audit/virtual_env.pyc
-${PYSITELIB}/pip_audit/virtual_env.pyo
+${PYSITELIB}/pip_audit/_virtual_env.py
+${PYSITELIB}/pip_audit/_virtual_env.pyc
+${PYSITELIB}/pip_audit/_virtual_env.pyo
diff --git a/security/py-pip-audit/distinfo b/security/py-pip-audit/distinfo
index a4cf85e67c14..3f0adbd54161 100644
--- a/security/py-pip-audit/distinfo
+++ b/security/py-pip-audit/distinfo
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.1 2021/11/16 16:04:40 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/12/07 20:27:07 wiz Exp $
 
-BLAKE2s (pip-audit-0.0.5.tar.gz) = c60ea00a1e24ff8e0677ae3d8d7d72b606e919475534b108de32174b2cad7826
-SHA512 (pip-audit-0.0.5.tar.gz) = 018aa04901baee74399314faa3afeebd141be91d4bba7621f5c657281458ae5a7d90db60e3059d9bfec858dc0e4251b9c56321b8d22d2533edf9db1154180a03
-Size (pip-audit-0.0.5.tar.gz) = 31766 bytes
-SHA1 (patch-setup.py) = 2171a0cc6c3b737844cce29f1c38d1099115f640
+BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
+SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
+Size (pip-audit-1.1.0.tar.gz) = 41526 bytes
diff --git a/security/py-pip-audit/patches/patch-setup.py b/security/py-pip-audit/patches/patch-setup.py
deleted file mode 100644
index 2ee3d10f219a..000000000000
--- a/security/py-pip-audit/patches/patch-setup.py
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-setup.py,v 1.1 2021/11/16 16:04:40 wiz Exp $
-
-Do not insist on one particular version of CacheControl.
-
---- setup.py.orig	2021-11-09 22:42:57.000000000 +0000
-+++ setup.py
-@@ -35,7 +35,7 @@ setup(
-         "progress>=1.6",
-         "resolvelib>=0.8.0",
-         "html5lib>=1.1",
--        "CacheControl==0.12.10",
-+        "CacheControl>=0.12.10",
-         "lockfile>=0.12.2",
-     ],
-     extras_require={