py-pip-audit: add an upstream patch

[Thomas Klausner <tk%giga.or.at@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <tk%giga.or.at@localhost>
Pushed By:	wiz
Date:		Tue Nov 9 22:53:25 2021 +0100
Changeset:	edb2fd654d3391c580096fd414039cfee32cfd66

Modified Files:
	py-pip-audit/distinfo
	py-pip-audit/patches/patch-setup.py
Added Files:
	py-pip-audit/patches/patch-mypy.ini
	py-pip-audit/patches/patch-pip__audit_cli.py
	py-pip-audit/patches/patch-pip__audit_dependency__source_resolvelib_pypi__provider.py

Log Message:
py-pip-audit: add an upstream patch

Now this works for me (tm)

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=edb2fd654d3391c580096fd414039cfee32cfd66

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 py-pip-audit/distinfo                              |  5 ++-
 py-pip-audit/patches/patch-mypy.ini                | 14 +++++++
 py-pip-audit/patches/patch-pip__audit_cli.py       | 46 ++++++++++++++++++++++
 ...dependency__source_resolvelib_pypi__provider.py | 46 ++++++++++++++++++++++
 py-pip-audit/patches/patch-setup.py                |  5 +--
 5 files changed, 112 insertions(+), 4 deletions(-)

diffs:
diff --git a/py-pip-audit/distinfo b/py-pip-audit/distinfo
index c053b6e8fe..724f3b750f 100644
--- a/py-pip-audit/distinfo
+++ b/py-pip-audit/distinfo
@@ -3,5 +3,8 @@ $NetBSD: distinfo,v 1.40 2021/10/26 10:18:45 nia Exp $
 BLAKE2s (pip-audit-0.0.4.tar.gz) = 07e726eb27ca453638d64a84490a1a4fc934e819868c1fb50bd0a3bd2c023174
 SHA512 (pip-audit-0.0.4.tar.gz) = 3192547e0c7bccda1c69ff20d7a23175f29260a05d882769f474577485da086f98dbe05af5c3e8c3eaed9b033cb251315832b84ed864986183fae8e157006bda
 Size (pip-audit-0.0.4.tar.gz) = 31496 bytes
+SHA1 (patch-mypy.ini) = 63b86e4ab5735d44ebf0d695cf9e228181fb6b26
+SHA1 (patch-pip__audit_cli.py) = 23f15f2bf7afe7c0a9bb0abb77cfdf07438af011
+SHA1 (patch-pip__audit_dependency__source_resolvelib_pypi__provider.py) = f703cfbd4f8abbc51bb1effe291564267b062203
 SHA1 (patch-pip__audit_service_pypi.py) = e9d290bd6b318e1ce0850b9e8de397b5da771620
-SHA1 (patch-setup.py) = af06b6796795e581e23fa0d89aa2d77e0832e784
+SHA1 (patch-setup.py) = 7460564df5eeef3d22f1314d9b554df0d74e8942
diff --git a/py-pip-audit/patches/patch-mypy.ini b/py-pip-audit/patches/patch-mypy.ini
new file mode 100644
index 0000000000..5fd8e5476b
--- /dev/null
+++ b/py-pip-audit/patches/patch-mypy.ini
@@ -0,0 +1,14 @@
+$NetBSD$
+
+https://github.com/trailofbits/pip-audit/issues/115
+
+--- mypy.ini.orig	2021-11-09 16:11:51.000000000 +0000
++++ mypy.ini
+@@ -2,3 +2,7 @@
+ warn_return_any = True
+ warn_unused_configs = True
+ warn_unused_ignores = True
++warn_no_return = True
++strict_equality = True
++allow_redefinition = True
++check_untyped_defs = True
diff --git a/py-pip-audit/patches/patch-pip__audit_cli.py b/py-pip-audit/patches/patch-pip__audit_cli.py
new file mode 100644
index 0000000000..70aaf3bda7
--- /dev/null
+++ b/py-pip-audit/patches/patch-pip__audit_cli.py
@@ -0,0 +1,46 @@
+$NetBSD$
+
+https://github.com/trailofbits/pip-audit/issues/115
+
+--- pip_audit/cli.py.orig	2021-11-09 16:11:51.000000000 +0000
++++ pip_audit/cli.py
+@@ -13,7 +13,12 @@ from typing import List, Optional
+ 
+ from pip_audit import __version__
+ from pip_audit.audit import AuditOptions, Auditor
+-from pip_audit.dependency_source import PipSource, RequirementSource, ResolveLibResolver
++from pip_audit.dependency_source import (
++    DependencySource,
++    PipSource,
++    RequirementSource,
++    ResolveLibResolver,
++)
+ from pip_audit.format import ColumnsFormat, JsonFormat, VulnerabilityFormat
+ from pip_audit.service import OsvService, PyPIService, VulnerabilityService
+ from pip_audit.state import AuditSpinner
+@@ -105,7 +110,7 @@ class ProgressSpinnerChoice(str, enum.En
+         return self.value
+ 
+ 
+-def audit():
++def audit() -> None:
+     """
+     The primary entrypoint for `pip-audit`.
+     """
+@@ -182,6 +187,7 @@ def audit():
+     with ExitStack() as stack:
+         state = stack.enter_context(AuditSpinner()) if args.progress_spinner else None
+ 
++        source: DependencySource
+         if args.requirements is not None:
+             req_files: List[Path] = [Path(req.name) for req in args.requirements]
+             source = RequirementSource(req_files, ResolveLibResolver(state), state)
+@@ -195,7 +201,7 @@ def audit():
+         vuln_count = 0
+         for (spec, vulns) in auditor.audit(source):
+             if state is not None:
+-                state.update_state(f"Auditing {spec.package} ({spec.version})")
++                state.update_state(f"Auditing {spec.name} ({spec.version})")
+             result[spec] = vulns
+             if len(vulns) > 0:
+                 pkg_count += 1
diff --git a/py-pip-audit/patches/patch-pip__audit_dependency__source_resolvelib_pypi__provider.py b/py-pip-audit/patches/patch-pip__audit_dependency__source_resolvelib_pypi__provider.py
new file mode 100644
index 0000000000..f375899e1c
--- /dev/null
+++ b/py-pip-audit/patches/patch-pip__audit_dependency__source_resolvelib_pypi__provider.py
@@ -0,0 +1,46 @@
+$NetBSD$
+
+https://github.com/trailofbits/pip-audit/issues/115
+
+--- pip_audit/dependency_source/resolvelib/pypi_provider.py.orig	2021-11-09 16:11:51.000000000 +0000
++++ pip_audit/dependency_source/resolvelib/pypi_provider.py
+@@ -13,7 +13,7 @@ from operator import attrgetter
+ from platform import python_version
+ from tarfile import TarFile
+ from tempfile import TemporaryDirectory
+-from typing import List, Optional, Set
++from typing import BinaryIO, List, Optional, Set, cast
+ from urllib.parse import urlparse
+ from zipfile import ZipFile
+ 
+@@ -42,8 +42,8 @@ class Candidate:
+         self,
+         name: str,
+         version: Version,
+-        url: Optional[str] = None,
+-        extras: bool = None,
++        url: str,
++        extras: Set[str],
+         is_wheel: bool = True,
+         state: Optional[AuditState] = None,
+     ) -> None:
+@@ -89,7 +89,7 @@ class Candidate:
+         """
+         Computes the dependency set for this candidate.
+         """
+-        deps = self.metadata.get_all("Requires-Dist", [])
++        deps: List[str] = self.metadata.get_all("Requires-Dist", [])
+         extras = self.extras if self.extras else [""]
+ 
+         for d in deps:
+@@ -125,7 +125,9 @@ class Candidate:
+             for n in z.namelist():
+                 if n.endswith(".dist-info/METADATA"):
+                     p = BytesParser()
+-                    return p.parse(z.open(n), headersonly=True)
++                    # NOTE: MyPy bug? ZipFile.open is treated as IO[bytes], which
++                    # should be unified with BinaryIO but isn't.
++                    return p.parse(cast(BinaryIO, z.open(n)), headersonly=True)
+ 
+         # If we didn't find the metadata, return an empty dict
+         return EmailMessage()  # pragma: no cover
diff --git a/py-pip-audit/patches/patch-setup.py b/py-pip-audit/patches/patch-setup.py
index 7e580461d5..d4ddf9b9f9 100644
--- a/py-pip-audit/patches/patch-setup.py
+++ b/py-pip-audit/patches/patch-setup.py
@@ -5,10 +5,9 @@ https://github.com/trailofbits/pip-audit/pull/114/files
 
 Do not insist on one particular version of CacheControl.
 
---- setup.py.orig	2021-11-09 16:12:41.000000000 +0000
+--- setup.py.orig	2021-11-09 16:11:51.000000000 +0000
 +++ setup.py
-@@ -30,12 +30,12 @@ setup(
-     install_requires=[
+@@ -31,11 +31,11 @@ setup(
          "pip-api>=0.0.23",
          "packaging>=21.0.0",
          # TODO: Remove this once 3.7 is our minimally supported version.