Subject: CVS commit: pkgsrc/security/py-pip-audit
From: Thomas Klausner
Date: 2022-02-20 22:27:35
Message id: 20220220212735.65C27FB24@cvs.NetBSD.org
Log Message:
py-pip-audit: update to 2.0.0.

### Added

* CLI: The `--fix` flag has been added, allowing users to attempt to
  automatically upgrade any vulnerable dependencies to the first safe version
  available ([#212](https://github.com/trailofbits/pip-audit/pull/212),
  [#222](https://github.com/trailofbits/pip-audit/pull/222))

* CLI: The combination of `--fix` and `--dry-run` is now supported, causing
  `pip-audit` to perform the auditing step but not any resulting fix steps
  ([#223](https://github.com/trailofbits/pip-audit/pull/223))

* CLI: The `--require-hashes` flag has been added which can be used in
  conjunction with `-r` to check that all requirements in the file have an
  associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229))

* CLI: The `--index-url` flag has been added, allowing users to use custom
  package indices when running with the `-r` flag
  ([#238](https://github.com/trailofbits/pip-audit/pull/238))

* CLI: The `--extra-index-url` flag has been added, allowing users to use
  multiple package indices when running with the `-r` flag
  ([#238](https://github.com/trailofbits/pip-audit/pull/238))

### Changed

* `pip-audit`'s minimum Python version is now 3.7.

* CLI: The default output format is now correctly pluralized
  ([#221](https://github.com/trailofbits/pip-audit/pull/221))

* Output formats: The SBOM output formats (`--format=cyclonedx-xml` and
  `--format=cyclonedx-json`) now use CycloneDX
  [Schema 1.4](https://cyclonedx.org/docs/1.4/xml/)
  ([#216](https://github.com/trailofbits/pip-audit/pull/216))

* Vulnerability sources: When using PyPI as a vulnerability service, any hashes
  provided in a requirements file are checked against those reported by PyPI
  ([#229](https://github.com/trailofbits/pip-audit/pull/229))

* Vulnerability sources: `pip-audit` now uniques each result based on its
  alias set, reducing the amount of duplicate information in the default
  columnar output format
  ([#232](https://github.com/trailofbits/pip-audit/pull/232))

* CLI: `pip-audit` now prints its output more frequently, including when
  there are no discovered vulnerabilities but packages were skipped.
  Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted
  unconditionally
  ([#240](https://github.com/trailofbits/pip-audit/pull/240))

### Fixed

* CLI: A regression causing excess output during `pip audit -r`
  was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226))
Files:
RevisionActionfile
1.9modifypkgsrc/security/py-pip-audit/Makefile
1.4modifypkgsrc/security/py-pip-audit/PLIST
1.6modifypkgsrc/security/py-pip-audit/distinfo