./security/py-pip-audit, Scan Python environments for known vulnerabilities

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.7.2, Package name: py311-pip-audit-2.7.2, Maintainer: pkgsrc-users

pip-audit is a prototype tool for scanning Python environments for
packages with known vulnerabilities. It uses the Python Packaging
Advisory Database via the PyPI JSON API as a source of vulnerability
reports.


Master sites:

Filesize: 49.178 KB

Version history: (Expand)


CVS history: (Expand)


   2024-02-29 22:10:21 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip-audit: updated to 2.7.2

2.7.2

Fixed

pip-audit now invokes pip with --keyring-provider=subprocess, partially fixing a \ 
regression that was introduced with another authentication fix in 2.6.2. This \ 
allows the interior pip to use keyring to perform third-party index \ 
authentication.
   2024-02-14 22:36:32 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip-audit: updated to 2.7.1

2.7.1

Fixed

Improved the error returned to users when their default temporary directory \ 
lacks execute permissions
   2024-01-14 21:33:38 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-pip-audit: update to 2.7.0.

## [2.7.0]

### Added

* `pip-audit` now includes vulnerability aliases when `--format=json` is used,
  and also includes them in other output formats if specified by adding the
  flag `--aliases`

## [2.6.3]

### Fixed

* Removed a misleading warning message that resulted in user confusion
  ([#719](https://github.com/pypa/pip-audit/pull/719))
   2023-12-30 11:35:23 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-pip-audit: update to 2.6.2.

## [2.6.2]

### Changed

* `pip-audit`'s minimum Python version is now 3.8.

### Fixed

* Fixed a hang caused by auditing requirements when resolving against
  an index that requires authentication, causing `pip` to wait indefinitely
  for credentials ([#707](https://github.com/pypa/pip-audit/pull/707))
   2023-11-07 23:38:10 by Thomas Klausner | Files touched by this commit (112)
Log message:
*: latest py-sphinx only support Python 3.9+
   2023-11-05 10:24:57 by Thomas Klausner | Files touched by this commit (1)
Log message:
py-pip-audit: make PKGNAME match directory name
   2023-10-28 21:57:26 by Thomas Klausner | Files touched by this commit (516) | Package updated
Log message:
python/wheel.mk: simplify a lot, and switch to 'installer' for installation

This follows the recommended bootstrap method (flit_core, build, installer).

However, installer installs different files than pip, so update PLISTs
for all packages using wheel.mk and bump their PKGREVISIONs.
   2023-08-01 14:36:49 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip-audit: updated to 2.6.1

2.6.1

Fixed
* Fixed a crash on Windows caused by `pip-audit`'s use of temporary files