Navigation:
Browse pkgsrc
(this page) 2022-07-03 12:35:54 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: py-pip-audit: update to 2.3.4. ## [2.3.4] ### Fixed * Vulnerability fixing: the `--fix` flag now works for vulnerabilities found in requirement subdependencies. A new line is now added to the requirement file to explicitly pin the offending subdependency ([#297](https://github.com/trailofbits/pip-audit/pull/297)) ## [2.3.3] ### Changed * CLI: `pip-audit` now warns on the combination of `-s osv` and `--require-hashes`, notifying users that only the PyPI service can fully verify hashes ([#298](https://github.com/trailofbits/pip-audit/pull/298)) ### Fixed * CLI/Dependency sources: `--cache-dir=...` and other flags that affect dependency resolver behavior now work correctly when auditing a `pyproject.toml` dependency source ([#300](https://github.com/trailofbits/pip-audit/pull/300)) ## [2.3.2] - 2022-05-14 ### Changed * CLI: `pip-audit`'s progress spinner has been refactored to make it faster and more responsive ([#283](https://github.com/trailofbits/pip-audit/pull/283)) * CLI, Vulnerability sources: the error message used to report connection failures to vulnerability sources was improved ([#287](https://github.com/trailofbits/pip-audit/pull/287)) * Vulnerability sources: the OSV service is now more resilient to schema changes ([#288](https://github.com/trailofbits/pip-audit/pull/288)) * Vulnerability sources: the PyPI service provides a better error message during some cases of service degradation ([#294](https://github.com/trailofbits/pip-audit/pull/294)) ### Fixed * Vulnerability sources: a bug stemming from an incorrect assumption about OSV's schema guarantees was fixed ([#284](https://github.com/trailofbits/pip-audit/pull/284)) * Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR` and will not attempt to use the `pip` cache if present ([#290](https://github.com/trailofbits/pip-audit/pull/290)) |
| 2022-05-29 09:47:05 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip-audit: update to 2.3.1. ## [2.3.1] - 2022-05-24 ### Fixed * CLI: A bug causing the terminal's cursor to disappear on some versions of CPython was fixed ([#280](https://github.com/trailofbits/pip-audit/issues/280)) |
| 2022-05-28 10:58:27 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip-audit: update to 2.3.0. ## [2.3.0] - 2022-05-18 ### Added * CLI: The `--ignore-vuln` option has been added, allowing users to specify vulnerability IDs to ignore during the final report ([#275](https://github.com/trailofbits/pip-audit/pull/275)) * CLI: The `--no-deps` flag has been added, allowing users to skip dependency resolution entirely when `pip-audit` is used in requirements mode ([#255](https://github.com/trailofbits/pip-audit/pull/255)) |
| 2022-05-10 07:59:59 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip-audit: update to 2.2.1. ## [2.2.1] - 2022-05-02 ### Fixed * A bug introduced with a previous fix to version parsing ([#263](https://github.com/trailofbits/pip-audit/pull/263)) was fixed ([#264](https://github.com/trailofbits/pip-audit/pull/264)) ## [2.2.0] - 2022-05-02 ### Added * CLI: The `--output` option has been added, allowing users to specify a file to write output to. The default behavior of writing to `stdout` is unchanged ([#262](https://github.com/trailofbits/pip-audit/pull/262)) ### Fixed * Vulnerability sources: A bug caused by insufficient version normalization was fixed ([#263](https://github.com/trailofbits/pip-audit/pull/263)) |
| 2022-04-20 23:10:10 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip-audit: update to 2.1.1. ## [2.1.1] - 2022-03-29 ### Fixed * Dependency sources: A bug caused by ambiguous parses of source distribution files was fixed ([#249](https://github.com/trailofbits/pip-audit/pull/249)) |
| 2022-03-14 15:02:00 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip-audit: update to 2.1.0. ## [2.1.0] - 2022-03-11 ### Added * CLI: The `--skip-editable` flag has been added, allowing users to skip local packages or parsed requirements (via `-r`) that are marked as editable ([#244](https://github.com/trailofbits/pip-audit/pull/244)) * CLI: `pip-audit` can audit projects that list their dependencies in `pyproject.toml` files, via `pip-audit <dir>` ([#246](https://github.com/trailofbits/pip-audit/pull/246)) |
| 2022-02-20 22:27:35 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip-audit: update to 2.0.0. ### Added * CLI: The `--fix` flag has been added, allowing users to attempt to automatically upgrade any vulnerable dependencies to the first safe version available ([#212](https://github.com/trailofbits/pip-audit/pull/212), [#222](https://github.com/trailofbits/pip-audit/pull/222)) * CLI: The combination of `--fix` and `--dry-run` is now supported, causing `pip-audit` to perform the auditing step but not any resulting fix steps ([#223](https://github.com/trailofbits/pip-audit/pull/223)) * CLI: The `--require-hashes` flag has been added which can be used in conjunction with `-r` to check that all requirements in the file have an associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229)) * CLI: The `--index-url` flag has been added, allowing users to use custom package indices when running with the `-r` flag ([#238](https://github.com/trailofbits/pip-audit/pull/238)) * CLI: The `--extra-index-url` flag has been added, allowing users to use multiple package indices when running with the `-r` flag ([#238](https://github.com/trailofbits/pip-audit/pull/238)) ### Changed * `pip-audit`'s minimum Python version is now 3.7. * CLI: The default output format is now correctly pluralized ([#221](https://github.com/trailofbits/pip-audit/pull/221)) * Output formats: The SBOM output formats (`--format=cyclonedx-xml` and `--format=cyclonedx-json`) now use CycloneDX [Schema 1.4](https://cyclonedx.org/docs/1.4/xml/) ([#216](https://github.com/trailofbits/pip-audit/pull/216)) * Vulnerability sources: When using PyPI as a vulnerability service, any hashes provided in a requirements file are checked against those reported by PyPI ([#229](https://github.com/trailofbits/pip-audit/pull/229)) * Vulnerability sources: `pip-audit` now uniques each result based on its alias set, reducing the amount of duplicate information in the default columnar output format ([#232](https://github.com/trailofbits/pip-audit/pull/232)) * CLI: `pip-audit` now prints its output more frequently, including when there are no discovered vulnerabilities but packages were skipped. Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted unconditionally ([#240](https://github.com/trailofbits/pip-audit/pull/240)) ### Fixed * CLI: A regression causing excess output during `pip audit -r` was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226)) |
| 2022-01-17 00:06:31 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip-audit: update to 1.1.2. ## [1.1.2] - 2022-01-13 ### Fixed * A pin on one of `pip-audit`'s dependencies was fixed ([#213](https://github.com/trailofbits/pip-audit/pull/213)) |
| 2022-01-05 16:41:32 by Thomas Klausner | Files touched by this commit (289) |
Log message: python: egg.mk: add USE_PKG_RESOURCES flag This flag should be set for packages that import pkg_resources and thus need setuptools after the build step. Set this flag for packages that need it and bump PKGREVISION. |
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
New packages: