py-pip-audit: update to 2.0.0.

### Added * CLI: The `--fix` flag has been added, allowing users to attempt to automatically upgrade any vulnerable dependencies to the first safe version available ([#212](https://github.com/trailofbits/pip-audit/pull/212), [#222](https://github.com/trailofbits/pip-audit/pull/222)) * CLI: The combination of `--fix` and `--dry-run` is now supported, causing `pip-audit` to perform the auditing step but not any resulting fix steps ([#223](https://github.com/trailofbits/pip-audit/pull/223)) * CLI: The `--require-hashes` flag has been added which can be used in conjunction with `-r` to check that all requirements in the file have an associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229)) * CLI: The `--index-url` flag has been added, allowing users to use custom package indices when running with the `-r` flag ([#238](https://github.com/trailofbits/pip-audit/pull/238)) * CLI: The `--extra-index-url` flag has been added, allowing users to use multiple package indices when running with the `-r` flag ([#238](https://github.com/trailofbits/pip-audit/pull/238)) ### Changed * `pip-audit`'s minimum Python version is now 3.7. * CLI: The default output format is now correctly pluralized ([#221](https://github.com/trailofbits/pip-audit/pull/221)) * Output formats: The SBOM output formats (`--format=cyclonedx-xml` and `--format=cyclonedx-json`) now use CycloneDX [Schema 1.4](https://cyclonedx.org/docs/1.4/xml/) ([#216](https://github.com/trailofbits/pip-audit/pull/216)) * Vulnerability sources: When using PyPI as a vulnerability service, any hashes provided in a requirements file are checked against those reported by PyPI ([#229](https://github.com/trailofbits/pip-audit/pull/229)) * Vulnerability sources: `pip-audit` now uniques each result based on its alias set, reducing the amount of duplicate information in the default columnar output format ([#232](https://github.com/trailofbits/pip-audit/pull/232)) * CLI: `pip-audit` now prints its output more frequently, including when there are no discovered vulnerabilities but packages were skipped. Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted unconditionally ([#240](https://github.com/trailofbits/pip-audit/pull/240)) ### Fixed * CLI: A regression causing excess output during `pip audit -r` was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226))
author: wiz <wiz@pkgsrc.org> 2022-02-20 21:27:35 +0000
committer: wiz <wiz@pkgsrc.org> 2022-02-20 21:27:35 +0000
commit: 978a1264ee35d9356dd7d88f6b808079bce2c10d (patch)
tree: 2757c10e1ea1a0cdc8163438f899a301070b0639 /security
parent: e867ca167fc904081c8442d04af08d4071e4bf81 (diff)
download: pkgsrc-978a1264ee35d9356dd7d88f6b808079bce2c10d.tar.gz
3 files changed, 17 insertions, 12 deletions
diff --git a/security/py-pip-audit/Makefile b/security/py-pip-audit/Makefile
index 71d866baa3f..00dd7b6666f 100644
--- a/security/py-pip-audit/Makefile
+++ b/security/py-pip-audit/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2022/01/16 23:06:31 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2022/02/20 21:27:35 wiz Exp $
 
-DISTNAME=	pip-audit-1.1.2
+DISTNAME=	pip-audit-2.0.0
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	security python
 # pypi file does not include tests
@@ -15,11 +15,10 @@ COMMENT=	Scan Python environments for known vulnerabilities
 LICENSE=	apache-2.0
 
 DEPENDS+=	${PYPKGPREFIX}-cachecontrol>=0.12.10:../../devel/py-cachecontrol
-DEPENDS+=	${PYPKGPREFIX}-cyclonedx-python-lib>=0.11.1:../../security/py-cyclonedx-python-lib
+DEPENDS+=	${PYPKGPREFIX}-cyclonedx-python-lib>=1.0.0:../../security/py-cyclonedx-python-lib
 DEPENDS+=	${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
-DEPENDS+=	${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
 DEPENDS+=	${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
-DEPENDS+=	${PYPKGPREFIX}-pip-api>=0.0.25:../../devel/py-pip-api
+DEPENDS+=	${PYPKGPREFIX}-pip-api>=0.0.27:../../devel/py-pip-api
 DEPENDS+=	${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
 DEPENDS+=	${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
 TEST_DEPENDS+=	${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
@@ -36,8 +35,8 @@ post-install:
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
 	${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
 
-# as of 1.1.1
-# 1 failed, 63 passed
+# as of 2.0.0
+# 1 failed, 115 passed
 TEST_ENV+=	PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
 	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
diff --git a/security/py-pip-audit/PLIST b/security/py-pip-audit/PLIST
index 57443e1976a..067938c210a 100644
--- a/security/py-pip-audit/PLIST
+++ b/security/py-pip-audit/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2021/12/12 10:04:44 wiz Exp $
+@comment $NetBSD: PLIST,v 1.4 2022/02/20 21:27:35 wiz Exp $
 bin/pip-audit-${PYVERSSUFFIX}
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -42,6 +42,9 @@ ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
 ${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_fix.py
+${PYSITELIB}/pip_audit/_fix.pyc
+${PYSITELIB}/pip_audit/_fix.pyo
 ${PYSITELIB}/pip_audit/_format/__init__.py
 ${PYSITELIB}/pip_audit/_format/__init__.pyc
 ${PYSITELIB}/pip_audit/_format/__init__.pyo
@@ -72,6 +75,9 @@ ${PYSITELIB}/pip_audit/_service/pypi.pyo
 ${PYSITELIB}/pip_audit/_state.py
 ${PYSITELIB}/pip_audit/_state.pyc
 ${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_subprocess.py
+${PYSITELIB}/pip_audit/_subprocess.pyc
+${PYSITELIB}/pip_audit/_subprocess.pyo
 ${PYSITELIB}/pip_audit/_util.py
 ${PYSITELIB}/pip_audit/_util.pyc
 ${PYSITELIB}/pip_audit/_util.pyo
diff --git a/security/py-pip-audit/distinfo b/security/py-pip-audit/distinfo
index 6380a2c948e..3a985cb24dc 100644
--- a/security/py-pip-audit/distinfo
+++ b/security/py-pip-audit/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2022/01/16 23:06:31 wiz Exp $
+$NetBSD: distinfo,v 1.6 2022/02/20 21:27:35 wiz Exp $
 
-BLAKE2s (pip-audit-1.1.2.tar.gz) = b5619687d0de3db1ec091bd8a927ca94bf3a621c2f403daa1b107a1078f029b2
-SHA512 (pip-audit-1.1.2.tar.gz) = bc77a98d11ac3733427d31ed5cfcebafcbb41e73289702a1ad7f2dfb603e3bf6a82f9e81a556824eb0dd22ef45027c22d53678b01dbd6e371bf0a4324ef76bea
-Size (pip-audit-1.1.2.tar.gz) = 42811 bytes
+BLAKE2s (pip-audit-2.0.0.tar.gz) = d88d048fecf33ce95232759d6495902fd9ad169a6b3acf694db6d301d442a9da
+SHA512 (pip-audit-2.0.0.tar.gz) = 2c904a424d67b3308b52d6ef6968847987c4df026f22a8e7af6ee3bdf8170b4f62ef993bf82455fed5ecb76b29b9f35239cd27626a891000c38011b60102f56c
+Size (pip-audit-2.0.0.tar.gz) = 54237 bytes
author	wiz <wiz@pkgsrc.org>	2022-02-20 21:27:35 +0000
committer	wiz <wiz@pkgsrc.org>	2022-02-20 21:27:35 +0000
commit	978a1264ee35d9356dd7d88f6b808079bce2c10d (patch)
tree	2757c10e1ea1a0cdc8163438f899a301070b0639 /security
parent	e867ca167fc904081c8442d04af08d4071e4bf81 (diff)
download	pkgsrc-978a1264ee35d9356dd7d88f6b808079bce2c10d.tar.gz