Navigation:
Browse pkgsrc
(this page) 2023-05-07 11:43:23 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: py-pip_audit: update to 2.5.5. ## [2.5.5] ### Fixed * Fixed a crash caused by auditing requirements files that refer to other requirements files ([#568](https://github.com/pypa/pip-audit/pull/568)) |
| 2023-03-29 11:51:43 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip_audit: update to 2.5.4. ## [2.5.4] ### Changed * Refactored `index-url` option to not override user pip config by default, unless specified ([#565](https://github.com/pypa/pip-audit/pull/565)) ### Fixed * Fixed bug with the `--fix` flag where new requirements were sometimes being appended to requirement files instead of patching the existing requirement ([#577](https://github.com/pypa/pip-audit/pull/577)) * Fixed a crash caused by auditing requirements files that refer to other requirements files ([#568](https://github.com/pypa/pip-audit/pull/568)) ## [2.5.3] ### Changed * Further simplified `pip-audit`'s dependency resolution to remove inconsistent behaviour when using hashed requirements or the `--no-deps` flag ([#540](https://github.com/pypa/pip-audit/pull/540)) ### Fixed * Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs ([#572](https://github.com/pypa/pip-audit/pull/572)) ## [2.5.2] ### Fixed * Fixed a loose dependency constraint for CycloneDX SBOM generation ([#558](https://github.com/pypa/pip-audit/pull/558)) |
| 2023-03-19 08:18:43 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip_audit: update to 2.5.1. ## [2.5.1] ### Fixed * Fixed a crash on Windows caused by multiple open file handles to input requirements ([#551](https://github.com/pypa/pip-audit/pull/551)) ## [2.5.0] ### Changed * Improved error messaging when a requirements input or indirect dependency has an invalid (non-PEP 440) requirements specifier ([#507](https://github.com/pypa/pip-audit/pull/507)) * `pip-audit`'s handling of dependency resolution has been significantly refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523)) ### Fixed * Fixed a potential crash on invalid unicode in subprocess streams ([#536](https://github.com/pypa/pip-audit/pull/536)) ## [2.4.15] **YANKED** ### Fixed * Fixed an issue where hash checking would fail when using third-party indices ([#462](https://github.com/pypa/pip-audit/pull/462)) * Fixed the behavior of the `--skip-editable` flag, which had regressed with an internal API change ([#499](https://github.com/pypa/pip-audit/pull/499)) * Fixed a dependency resolution bug that can potentially be triggered when multiple packages have the same subdependency ([#488](https://github.com/pypa/pip-audit/pull/488)) |
| 2023-03-16 09:48:03 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-pip-audit: updated to 2.4.14 2.4.14 Fixed * Fixed a dependency resolution failure caused by incorrect handling of a PEP 440 edge case around prerelease versions 2.4.13 Fixed * Added a lower bound on `packaging` to ensure that non-normalized versions are handled correctly 2.4.12 Fixed * Fixed `pip-audit`'s virtual environment creation and upgrade behavior, preventing spurious vulnerability reports * Users are now warned if a `pip-audit` invocation is ambiguous, e.g. if they've installed `pip-audit` globally but are asking for an audit of a loaded virtual environment 2.4.11 Fixed * Fixed a crash triggered when a package specifies an invalid version specifier for its `requires-python` version 2.4.10 Fixed * Fixed a crash triggered when no vulnerabilities are found with some configurations 2.4.9 Fixed * The `--output` flag will no longer produce an empty file in the event of a failure within `pip-audit` itself, making it easier to distinguish between audit failures being reported by `pip-audit` and `pip-audit`'s own errors * Removed pin on `packaging` now that our dependency pins it for us 2.4.8 Fixed * Pin maximum version of `packaging` dependency to avoid installing the new 22.0 version which is incompatible with `pip-requirements-parser` |
| 2022-11-30 17:50:28 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-pip-audit: updated to 2.4.7 2.4.7 Fixed * Fixed a timestamp parsing bug that occurred with some vulnerability reports provided by the OSV service |
| 2022-11-25 14:38:03 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-pip-audit: updated to 2.4.6 2.4.6 Fixed * Fixed an incorrect interaction between `--desc=auto` and `--format=json`; `--desc=auto` now includes the description in the generated JSON report, as intended * Fixed a bug in dependency resolution with third-party indices where relative URLs were not resolved correctly 2.4.5 ixed * Fixed an issue where audits done with the PyPI vulnerability service (the default) were not correctly filtered by "withdrawn" status; \ "withdrawn" vulnerabilities are now excluded * Fixed an issue where audits done with the OSV vulnerability service (`-s osv`) were not correctly filtered by "withdrawn" status; \ "withdrawn" vulnerabilities are now excluded * Fixed `pip-audit`'s handling of URL-style requirements in `--no-deps` mode (URL requirements are now treated as skipped, rather than producing an error due to a lack of pinning) |
| 2022-09-09 18:06:28 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip-audit: update to 2.4.4. ## [2.4.4] ### Changed * `pip-audit` is now a PyPA member project, and lives under [`pypa/pip-audit`](https://github.com/pypa/pip-audit)! * Improved error message for when unpinned URL requirements are found during an audit with the `--no-deps` flag ([#355](https://github.com/pypa/pip-audit/pull/355)) ### Fixed * Fixed an issue where packages on PyPI with no published versions trigger a dependency resolution failure instead of being skipped ([#357](https://github.com/pypa/pip-audit/pull/357)) * Fixed an incorrect assertion triggering for non-editable URL requirements that don't have an egg fragment ([#359](https://github.com/pypa/pip-audit/pull/359)) |
| 2022-07-31 11:57:11 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-pip-audit: update to 2.4.3. ### Fixed * Fixed a regression in requirements auditing that was introduced during the move from `pip-api` to `pip-requirements-parser` where editable installs without an egg fragment would cause audits to crash ([#331](https://github.com/trailofbits/pip-audit/pull/331)) |
| 2022-07-24 13:09:03 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
py-pip-audit: update to 2.4.2.
Fixed
CLI: the --format=markdown and --format=columns output formats
are no longer broken by long vulnerability descriptions from
the OSV and PyPI vulnerability sources (#323)
|
| 2022-07-14 15:21:27 by Thomas Klausner | Files touched by this commit (3) | |
Log message: py-pip-audit: update to 2.4.1. ## [2.4.1] ### Fixed * Fixed a breakage in hash-checking mode caused by a [change to the PyPI JSON \ API](https://discuss.python.org/t/backwards-incompatible-change-to-pypi-json-api/17154) ([#318](https://github.com/trailofbits/pip-audit/pull/318)) ## [2.4.0] ### Added * Output formats: `pip-audit` now supports a Markdown format (`--format=markdown`) which renders results as a set of Markdown tables. ([#312](https://github.com/trailofbits/pip-audit/pull/312)) |
New packages: