pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/py-pip-audit



Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Dec  7 20:27:07 UTC 2021

Modified Files:
        pkgsrc/security/py-pip-audit: Makefile PLIST distinfo
Removed Files:
        pkgsrc/security/py-pip-audit/patches: patch-setup.py

Log Message:
py-pip-audit: update to 1.1.0.

## [1.1.0]

### Added

* CLI: The `--path <PATH>` flag has been added, allowing users to limit
  dependency discovery to one or more paths (specified separately)
  when `pip-audit` is invoked in environment mode
  ([#148](https://github.com/trailofbits/pip-audit/pull/148))

* CLI: The `pip-audit` CLI can now be accessed through `python -m pip_audit`.
  All functionality is identical to the functionality provided by the
  `pip-audit` entrypoint
  ([#173](https://github.com/trailofbits/pip-audit/pull/173))

* CLI: The `--verbose` flag has been added, allowing users to receive more
  more verbose output from `pip-audit`. Supplying the `--verbose` flag
  overrides the `PIP_AUDIT_LOGLEVEL` environment variable and is equivalent to
  setting it to `debug`
  ([#185](https://github.com/trailofbits/pip-audit/pull/185))

### Changed

* CLI: `pip-audit` now clears its spinner bar from the terminal upon
  completion, preventing visual confusion
  ([#174](https://github.com/trailofbits/pip-audit/pull/174))

### Fixed

* Dependency sources: a crash caused by `platform.python_version` returning
  an version string that couldn't be parsed as a PEP-440 version was fixed
  ([#175](https://github.com/trailofbits/pip-audit/pull/175))

* Dependency sources: a crash caused by incorrect assumptions about
  the structure of source distributions was fixed
  ([#166](https://github.com/trailofbits/pip-audit/pull/166))

* Vulnerability sources: a performance issue on Windows caused by cache failures
  was fixed ([#178](https://github.com/trailofbits/pip-audit/pull/178))

## [1.0.1] - 2021-12-02

### Fixed

* CLI: The `--desc` flag no longer requires a following argument. If passed
  as a bare option, `--desc` is equivalent to `--desc on`
  ([#153](https://github.com/trailofbits/pip-audit/pull/153))

* Dependency resolution: The PyPI-based dependency resolver no longer throws
  an uncaught exception on package resolution errors; instead, the package
  is marked as skipped and an appropriate warning or fatal error (in
  `--strict` mode) is produced
  ([#162](https://github.com/trailofbits/pip-audit/pull/162))

* CLI: When providing the `--cache-dir` flag, the command to read the pip cache
  directory is no longer executed. Previously this was always executed and
  could result into failure when the command fails. In CI environments, the
  default `~/.cache` directory is typically not writable by the build user and
  this meant that the `python -m pip cache dir` would fail before this fix,
  even if the `--cache-dir` flag was provided.
  ([#161](https://github.com/trailofbits/pip-audit/pull/161))

## [1.0.0] - 2021-12-01

### Added

* This is the first stable release of `pip-audit`! The CLI is considered
  stable from this point on, and all changes will comply with
  [Semantic Versioning](https://semver.org/)

## [0.0.9] - 2021-12-01

### Added

* CLI: Skipped dependencies are now listed in the output of `pip-audit`,
  for supporting output formats
  ([#145](https://github.com/trailofbits/pip-audit/pull/145))
* CLI: `pip-audit` now supports a "strict" mode (enabled with `-S` or
  `--strict`) that fails if the audit if any individual dependency cannot be
  resolved or audited. The default behavior is still to skip any individual
  dependency errors ([#146](https://github.com/trailofbits/pip-audit/pull/146))


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/py-pip-audit/Makefile \
    pkgsrc/security/py-pip-audit/PLIST pkgsrc/security/py-pip-audit/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/security/py-pip-audit/patches/patch-setup.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-pip-audit/Makefile
diff -u pkgsrc/security/py-pip-audit/Makefile:1.1 pkgsrc/security/py-pip-audit/Makefile:1.2
--- pkgsrc/security/py-pip-audit/Makefile:1.1   Tue Nov 16 16:04:40 2021
+++ pkgsrc/security/py-pip-audit/Makefile       Tue Dec  7 20:27:07 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2021/11/16 16:04:40 wiz Exp $
+# $NetBSD: Makefile,v 1.2 2021/12/07 20:27:07 wiz Exp $
 
-DISTNAME=      pip-audit-0.0.5
+DISTNAME=      pip-audit-1.1.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 # pypi file does not include tests
@@ -14,11 +14,12 @@ HOMEPAGE=   https://pypi.org/project/pip-a
 COMMENT=       Scan Python environments for known vulnerabilities
 LICENSE=       apache-2.0
 
-DEPENDS+=      ${PYPKGPREFIX}-cachecontrol>=0.12.6:../../devel/py-cachecontrol
+DEPENDS+=      ${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
+DEPENDS+=      ${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
 DEPENDS+=      ${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
 DEPENDS+=      ${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
 DEPENDS+=      ${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.23:../../devel/py-pip-api
+DEPENDS+=      ${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
 DEPENDS+=      ${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=      ${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
 TEST_DEPENDS+= ${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -39,9 +40,9 @@ post-install:
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
        ${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
 
-# as of 0.0.4
-# 2 failed, 46 passed
-# https://github.com/trailofbits/pip-audit/issues/115
+# as of 1.1.0
+# 2 failed, 59 passed
+# https://github.com/trailofbits/pip-audit/issues/195
 TEST_ENV+=     PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
        cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
Index: pkgsrc/security/py-pip-audit/PLIST
diff -u pkgsrc/security/py-pip-audit/PLIST:1.1 pkgsrc/security/py-pip-audit/PLIST:1.2
--- pkgsrc/security/py-pip-audit/PLIST:1.1      Tue Nov 16 16:04:40 2021
+++ pkgsrc/security/py-pip-audit/PLIST  Tue Dec  7 20:27:07 2021
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2021/11/16 16:04:40 wiz Exp $
+@comment $NetBSD: PLIST,v 1.2 2021/12/07 20:27:07 wiz Exp $
 bin/pip-audit-${PYVERSSUFFIX}
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -9,66 +9,72 @@ ${PYSITELIB}/${EGG_INFODIR}/top_level.tx
 ${PYSITELIB}/pip_audit/__init__.py
 ${PYSITELIB}/pip_audit/__init__.pyc
 ${PYSITELIB}/pip_audit/__init__.pyo
+${PYSITELIB}/pip_audit/__main__.py
+${PYSITELIB}/pip_audit/__main__.pyc
+${PYSITELIB}/pip_audit/__main__.pyo
+${PYSITELIB}/pip_audit/_audit.py
+${PYSITELIB}/pip_audit/_audit.pyc
+${PYSITELIB}/pip_audit/_audit.pyo
+${PYSITELIB}/pip_audit/_cli.py
+${PYSITELIB}/pip_audit/_cli.pyc
+${PYSITELIB}/pip_audit/_cli.pyo
+${PYSITELIB}/pip_audit/_dependency_source/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/interface.py
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyc
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyo
+${PYSITELIB}/pip_audit/_dependency_source/pip.py
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyc
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyo
+${PYSITELIB}/pip_audit/_dependency_source/requirement.py
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyc
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_format/__init__.py
+${PYSITELIB}/pip_audit/_format/__init__.pyc
+${PYSITELIB}/pip_audit/_format/__init__.pyo
+${PYSITELIB}/pip_audit/_format/columns.py
+${PYSITELIB}/pip_audit/_format/columns.pyc
+${PYSITELIB}/pip_audit/_format/columns.pyo
+${PYSITELIB}/pip_audit/_format/cyclonedx.py
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyc
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyo
+${PYSITELIB}/pip_audit/_format/interface.py
+${PYSITELIB}/pip_audit/_format/interface.pyc
+${PYSITELIB}/pip_audit/_format/interface.pyo
+${PYSITELIB}/pip_audit/_format/json.py
+${PYSITELIB}/pip_audit/_format/json.pyc
+${PYSITELIB}/pip_audit/_format/json.pyo
+${PYSITELIB}/pip_audit/_service/__init__.py
+${PYSITELIB}/pip_audit/_service/__init__.pyc
+${PYSITELIB}/pip_audit/_service/__init__.pyo
+${PYSITELIB}/pip_audit/_service/interface.py
+${PYSITELIB}/pip_audit/_service/interface.pyc
+${PYSITELIB}/pip_audit/_service/interface.pyo
+${PYSITELIB}/pip_audit/_service/osv.py
+${PYSITELIB}/pip_audit/_service/osv.pyc
+${PYSITELIB}/pip_audit/_service/osv.pyo
+${PYSITELIB}/pip_audit/_service/pypi.py
+${PYSITELIB}/pip_audit/_service/pypi.pyc
+${PYSITELIB}/pip_audit/_service/pypi.pyo
+${PYSITELIB}/pip_audit/_state.py
+${PYSITELIB}/pip_audit/_state.pyc
+${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_util.py
+${PYSITELIB}/pip_audit/_util.pyc
+${PYSITELIB}/pip_audit/_util.pyo
 ${PYSITELIB}/pip_audit/_version.py
 ${PYSITELIB}/pip_audit/_version.pyc
 ${PYSITELIB}/pip_audit/_version.pyo
-${PYSITELIB}/pip_audit/audit.py
-${PYSITELIB}/pip_audit/audit.pyc
-${PYSITELIB}/pip_audit/audit.pyo
-${PYSITELIB}/pip_audit/cli.py
-${PYSITELIB}/pip_audit/cli.pyc
-${PYSITELIB}/pip_audit/cli.pyo
-${PYSITELIB}/pip_audit/dependency_source/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/interface.py
-${PYSITELIB}/pip_audit/dependency_source/interface.pyc
-${PYSITELIB}/pip_audit/dependency_source/interface.pyo
-${PYSITELIB}/pip_audit/dependency_source/pip.py
-${PYSITELIB}/pip_audit/dependency_source/pip.pyc
-${PYSITELIB}/pip_audit/dependency_source/pip.pyo
-${PYSITELIB}/pip_audit/dependency_source/requirement.py
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyc
-${PYSITELIB}/pip_audit/dependency_source/requirement.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/__init__.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/pypi_provider.pyo
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.py
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyc
-${PYSITELIB}/pip_audit/dependency_source/resolvelib/resolvelib.pyo
-${PYSITELIB}/pip_audit/format/__init__.py
-${PYSITELIB}/pip_audit/format/__init__.pyc
-${PYSITELIB}/pip_audit/format/__init__.pyo
-${PYSITELIB}/pip_audit/format/columns.py
-${PYSITELIB}/pip_audit/format/columns.pyc
-${PYSITELIB}/pip_audit/format/columns.pyo
-${PYSITELIB}/pip_audit/format/interface.py
-${PYSITELIB}/pip_audit/format/interface.pyc
-${PYSITELIB}/pip_audit/format/interface.pyo
-${PYSITELIB}/pip_audit/format/json.py
-${PYSITELIB}/pip_audit/format/json.pyc
-${PYSITELIB}/pip_audit/format/json.pyo
-${PYSITELIB}/pip_audit/service/__init__.py
-${PYSITELIB}/pip_audit/service/__init__.pyc
-${PYSITELIB}/pip_audit/service/__init__.pyo
-${PYSITELIB}/pip_audit/service/interface.py
-${PYSITELIB}/pip_audit/service/interface.pyc
-${PYSITELIB}/pip_audit/service/interface.pyo
-${PYSITELIB}/pip_audit/service/osv.py
-${PYSITELIB}/pip_audit/service/osv.pyc
-${PYSITELIB}/pip_audit/service/osv.pyo
-${PYSITELIB}/pip_audit/service/pypi.py
-${PYSITELIB}/pip_audit/service/pypi.pyc
-${PYSITELIB}/pip_audit/service/pypi.pyo
-${PYSITELIB}/pip_audit/state.py
-${PYSITELIB}/pip_audit/state.pyc
-${PYSITELIB}/pip_audit/state.pyo
-${PYSITELIB}/pip_audit/util.py
-${PYSITELIB}/pip_audit/util.pyc
-${PYSITELIB}/pip_audit/util.pyo
-${PYSITELIB}/pip_audit/virtual_env.py
-${PYSITELIB}/pip_audit/virtual_env.pyc
-${PYSITELIB}/pip_audit/virtual_env.pyo
+${PYSITELIB}/pip_audit/_virtual_env.py
+${PYSITELIB}/pip_audit/_virtual_env.pyc
+${PYSITELIB}/pip_audit/_virtual_env.pyo
Index: pkgsrc/security/py-pip-audit/distinfo
diff -u pkgsrc/security/py-pip-audit/distinfo:1.1 pkgsrc/security/py-pip-audit/distinfo:1.2
--- pkgsrc/security/py-pip-audit/distinfo:1.1   Tue Nov 16 16:04:40 2021
+++ pkgsrc/security/py-pip-audit/distinfo       Tue Dec  7 20:27:07 2021
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.1 2021/11/16 16:04:40 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/12/07 20:27:07 wiz Exp $
 
-BLAKE2s (pip-audit-0.0.5.tar.gz) = c60ea00a1e24ff8e0677ae3d8d7d72b606e919475534b108de32174b2cad7826
-SHA512 (pip-audit-0.0.5.tar.gz) = 018aa04901baee74399314faa3afeebd141be91d4bba7621f5c657281458ae5a7d90db60e3059d9bfec858dc0e4251b9c56321b8d22d2533edf9db1154180a03
-Size (pip-audit-0.0.5.tar.gz) = 31766 bytes
-SHA1 (patch-setup.py) = 2171a0cc6c3b737844cce29f1c38d1099115f640
+BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
+SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
+Size (pip-audit-1.1.0.tar.gz) = 41526 bytes



Home | Main Index | Thread Index | Old Index