pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/py-pip-audit



Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Jul  3 10:35:54 UTC 2022

Modified Files:
        pkgsrc/security/py-pip-audit: Makefile distinfo

Log Message:
py-pip-audit: update to 2.3.4.

## [2.3.4]

### Fixed

* Vulnerability fixing: the `--fix` flag now works for vulnerabilities found in
  requirement subdependencies. A new line is now added to the requirement file
  to explicitly pin the offending subdependency
  ([#297](https://github.com/trailofbits/pip-audit/pull/297))

## [2.3.3]

### Changed

* CLI: `pip-audit` now warns on the combination of `-s osv` and
  `--require-hashes`, notifying users that only the PyPI service
  can fully verify hashes
  ([#298](https://github.com/trailofbits/pip-audit/pull/298))

### Fixed

* CLI/Dependency sources: `--cache-dir=...` and other flags that affect
  dependency resolver behavior now work correctly when auditing a
  `pyproject.toml` dependency source
  ([#300](https://github.com/trailofbits/pip-audit/pull/300))

## [2.3.2] - 2022-05-14

### Changed

* CLI: `pip-audit`'s progress spinner has been refactored to make it
  faster and more responsive
  ([#283](https://github.com/trailofbits/pip-audit/pull/283))

* CLI, Vulnerability sources: the error message used to report
  connection failures to vulnerability sources was improved
  ([#287](https://github.com/trailofbits/pip-audit/pull/287))

* Vulnerability sources: the OSV service is now more resilient
  to schema changes ([#288](https://github.com/trailofbits/pip-audit/pull/288))

* Vulnerability sources: the PyPI service provides a better
  error message during some cases of service degradation
  ([#294](https://github.com/trailofbits/pip-audit/pull/294))

### Fixed

* Vulnerability sources: a bug stemming from an incorrect assumption
  about OSV's schema guarantees was fixed
  ([#284](https://github.com/trailofbits/pip-audit/pull/284))

* Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR`
  and will not attempt to use the `pip` cache if present
  ([#290](https://github.com/trailofbits/pip-audit/pull/290))


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/security/py-pip-audit/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/py-pip-audit/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-pip-audit/Makefile
diff -u pkgsrc/security/py-pip-audit/Makefile:1.14 pkgsrc/security/py-pip-audit/Makefile:1.15
--- pkgsrc/security/py-pip-audit/Makefile:1.14  Sun May 29 07:47:05 2022
+++ pkgsrc/security/py-pip-audit/Makefile       Sun Jul  3 10:35:54 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2022/05/29 07:47:05 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2022/07/03 10:35:54 wiz Exp $
 
-DISTNAME=      pip-audit-2.3.1
+DISTNAME=      pip-audit-2.3.4
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 # pypi file does not include tests
@@ -16,12 +16,13 @@ LICENSE=    apache-2.0
 
 TOOL_DEPENDS+= ${PYPKGPREFIX}-flit_core-[0-9]*:../../devel/py-flit_core
 DEPENDS+=      ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
-DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=1.0.0:../../security/py-cyclonedx-python-lib
+DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=2.0.0:../../security/py-cyclonedx-python-lib
 DEPENDS+=      ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
 DEPENDS+=      ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
 DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.28:../../devel/py-pip-api
-DEPENDS+=      ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=      ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
+DEPENDS+=      ${PYPKGPREFIX}-rich>=12.4:../../comms/py-rich
+DEPENDS+=      ${PYPKGPREFIX}-toml>=0.10:../../textproc/py-toml
 TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
 TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test
 
@@ -33,8 +34,8 @@ post-install:
        cd ${DESTDIR}${PREFIX}/bin && \
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
 
-# as of 2.3.0
-# 1 failed, 133 passed
+# as of 2.3.4
+# 1 failed, 149 passed
 TEST_ENV+=     PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
        cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}

Index: pkgsrc/security/py-pip-audit/distinfo
diff -u pkgsrc/security/py-pip-audit/distinfo:1.11 pkgsrc/security/py-pip-audit/distinfo:1.12
--- pkgsrc/security/py-pip-audit/distinfo:1.11  Sun May 29 07:47:05 2022
+++ pkgsrc/security/py-pip-audit/distinfo       Sun Jul  3 10:35:54 2022
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.11 2022/05/29 07:47:05 wiz Exp $
+$NetBSD: distinfo,v 1.12 2022/07/03 10:35:54 wiz Exp $
 
-BLAKE2s (pip-audit-2.3.1.tar.gz) = 419c83f36da01b5c64e773859be182b8aa5f4b6e6cb3df4690748d87dd5eda53
-SHA512 (pip-audit-2.3.1.tar.gz) = 2fc9de538a852efc5714bed6aff43273aaaf85e53312187f4c420d63a231656e7f8114b856adf7ca1f56ae1006323e39450e2a070a055839a23593bd0f5f01c7
-Size (pip-audit-2.3.1.tar.gz) = 59275 bytes
+BLAKE2s (pip-audit-2.3.4.tar.gz) = 40f6ad530e2993ea90b987e00f133a92b66123e336be43008f1bd0f4ea633b33
+SHA512 (pip-audit-2.3.4.tar.gz) = f0d8886d198bf0c6a13cdbb007cb1ffe6bb22ac51d96dafd1eec05beedd970fae5937fe5db78c7bf5c8f1efb6068d3c7f5cda67ef4b5bb5a3741674c0a0b5ab7
+Size (pip-audit-2.3.4.tar.gz) = 63854 bytes



Home | Main Index | Thread Index | Old Index