[pkgsrc/trunk]: pkgsrc/security/py-pip-audit py-pip-audit: update to 2.3.4.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/py-pip-audit py-pip-audit: update to 2.3.4.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Sun, 03 Jul 2022 11:56:11 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9c6ec7e3141a
branches:  trunk
changeset: 381251:9c6ec7e3141a
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Jul 03 10:35:54 2022 +0000

description:
py-pip-audit: update to 2.3.4.

## [2.3.4]

### Fixed

* Vulnerability fixing: the `--fix` flag now works for vulnerabilities found in
  requirement subdependencies. A new line is now added to the requirement file
  to explicitly pin the offending subdependency
  ([#297](https://github.com/trailofbits/pip-audit/pull/297))

## [2.3.3]

### Changed

* CLI: `pip-audit` now warns on the combination of `-s osv` and
  `--require-hashes`, notifying users that only the PyPI service
  can fully verify hashes
  ([#298](https://github.com/trailofbits/pip-audit/pull/298))

### Fixed

* CLI/Dependency sources: `--cache-dir=...` and other flags that affect
  dependency resolver behavior now work correctly when auditing a
  `pyproject.toml` dependency source
  ([#300](https://github.com/trailofbits/pip-audit/pull/300))

## [2.3.2] - 2022-05-14

### Changed

* CLI: `pip-audit`'s progress spinner has been refactored to make it
  faster and more responsive
  ([#283](https://github.com/trailofbits/pip-audit/pull/283))

* CLI, Vulnerability sources: the error message used to report
  connection failures to vulnerability sources was improved
  ([#287](https://github.com/trailofbits/pip-audit/pull/287))

* Vulnerability sources: the OSV service is now more resilient
  to schema changes ([#288](https://github.com/trailofbits/pip-audit/pull/288))

* Vulnerability sources: the PyPI service provides a better
  error message during some cases of service degradation
  ([#294](https://github.com/trailofbits/pip-audit/pull/294))

### Fixed

* Vulnerability sources: a bug stemming from an incorrect assumption
  about OSV's schema guarantees was fixed
  ([#284](https://github.com/trailofbits/pip-audit/pull/284))

* Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR`
  and will not attempt to use the `pip` cache if present
  ([#290](https://github.com/trailofbits/pip-audit/pull/290))

diffstat:

 security/py-pip-audit/Makefile |  13 +++++++------
 security/py-pip-audit/distinfo |   8 ++++----
 2 files changed, 11 insertions(+), 10 deletions(-)

diffs (52 lines):

diff -r b629ab70c067 -r 9c6ec7e3141a security/py-pip-audit/Makefile
--- a/security/py-pip-audit/Makefile    Sun Jul 03 10:27:09 2022 +0000
+++ b/security/py-pip-audit/Makefile    Sun Jul 03 10:35:54 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2022/05/29 07:47:05 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2022/07/03 10:35:54 wiz Exp $
 
-DISTNAME=      pip-audit-2.3.1
+DISTNAME=      pip-audit-2.3.4
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 # pypi file does not include tests
@@ -16,12 +16,13 @@
 
 TOOL_DEPENDS+= ${PYPKGPREFIX}-flit_core-[0-9]*:../../devel/py-flit_core
 DEPENDS+=      ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
-DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=1.0.0:../../security/py-cyclonedx-python-lib
+DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=2.0.0:../../security/py-cyclonedx-python-lib
 DEPENDS+=      ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
 DEPENDS+=      ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
 DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.28:../../devel/py-pip-api
-DEPENDS+=      ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=      ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
+DEPENDS+=      ${PYPKGPREFIX}-rich>=12.4:../../comms/py-rich
+DEPENDS+=      ${PYPKGPREFIX}-toml>=0.10:../../textproc/py-toml
 TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
 TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test
 
@@ -33,8 +34,8 @@
        cd ${DESTDIR}${PREFIX}/bin && \
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
 
-# as of 2.3.0
-# 1 failed, 133 passed
+# as of 2.3.4
+# 1 failed, 149 passed
 TEST_ENV+=     PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
        cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff -r b629ab70c067 -r 9c6ec7e3141a security/py-pip-audit/distinfo
--- a/security/py-pip-audit/distinfo    Sun Jul 03 10:27:09 2022 +0000
+++ b/security/py-pip-audit/distinfo    Sun Jul 03 10:35:54 2022 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.11 2022/05/29 07:47:05 wiz Exp $
+$NetBSD: distinfo,v 1.12 2022/07/03 10:35:54 wiz Exp $
 
-BLAKE2s (pip-audit-2.3.1.tar.gz) = 419c83f36da01b5c64e773859be182b8aa5f4b6e6cb3df4690748d87dd5eda53
-SHA512 (pip-audit-2.3.1.tar.gz) = 2fc9de538a852efc5714bed6aff43273aaaf85e53312187f4c420d63a231656e7f8114b856adf7ca1f56ae1006323e39450e2a070a055839a23593bd0f5f01c7
-Size (pip-audit-2.3.1.tar.gz) = 59275 bytes
+BLAKE2s (pip-audit-2.3.4.tar.gz) = 40f6ad530e2993ea90b987e00f133a92b66123e336be43008f1bd0f4ea633b33
+SHA512 (pip-audit-2.3.4.tar.gz) = f0d8886d198bf0c6a13cdbb007cb1ffe6bb22ac51d96dafd1eec05beedd970fae5937fe5db78c7bf5c8f1efb6068d3c7f5cda67ef4b5bb5a3741674c0a0b5ab7
+Size (pip-audit-2.3.4.tar.gz) = 63854 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated print/cups to 2.4.2
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/py-pip-audit to 2.3.4
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated print/cups to 2.4.2
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/py-pip-audit to 2.3.4
Indexes:

Home | Main Index | Thread Index | Old Index