You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2023/01/02 12:39:59 UTC
[libcloud] branch trunk updated (952ecf0d6 -> 1979fb48c)
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
from 952ecf0d6 Try fixing failing workflow.
new 01affaf2b Squashed '.github/actions/gh-action-pip-audit/' changes from 5e29e4749..e187a7bf0
new 1979fb48c Merge commit '01affaf2bfe1b66a39197bc37908c3906a047882' into trunk
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/actions/gh-action-pip-audit/README.md | 40 +++++++++++-----------
.../actions/gh-action-pip-audit/requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
[libcloud] 02/02: Merge commit '01affaf2bfe1b66a39197bc37908c3906a047882' into trunk
Posted by to...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit 1979fb48cf6f9f5849678bf48ede04a00bb1a16e
Merge: 952ecf0d6 01affaf2b
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Mon Jan 2 13:39:43 2023 +0100
Merge commit '01affaf2bfe1b66a39197bc37908c3906a047882' into trunk
.github/actions/gh-action-pip-audit/README.md | 40 +++++++++++-----------
.../actions/gh-action-pip-audit/requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
[libcloud] 01/02: Squashed '.github/actions/gh-action-pip-audit/' changes from 5e29e4749..e187a7bf0
Posted by to...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit 01affaf2bfe1b66a39197bc37908c3906a047882
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Mon Jan 2 13:39:43 2023 +0100
Squashed '.github/actions/gh-action-pip-audit/' changes from 5e29e4749..e187a7bf0
e187a7bf0 README: prep 1.0.4
b0690898d requirements: pip-audit==2.4.12
454d956b5 README: prep for 1.0.3
e02369acd requirements: pip-audit==2.4.11
1d4b22590 README: prep for v1.0.2
d634a13a3 requirements: pip-audit==2.4.8
git-subtree-dir: .github/actions/gh-action-pip-audit
git-subtree-split: e187a7bf0b854d888a1ddf8a83717c7b8e990503
---
README.md | 40 ++++++++++++++++++++--------------------
requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index 7d785025c..874f36927 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
```
Or, with a virtual environment:
@@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
virtual-environment: env/
```
@@ -72,7 +72,7 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt dev-requirements.txt
```
@@ -80,7 +80,7 @@ To audit one or more requirements-style inputs:
To audit a project that uses `pyproject.toml` for its dependencies:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
@@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
@@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
local: true
```
@@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
vulnerability-service: osv
```
@@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
summary: false
```
@@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
index-url: https://example.corporate.local/simple
```
@@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
extra-index-urls: |
https://example.corporate.local/simple
@@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
@@ -276,7 +276,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
internal-be-careful-allow-failure: true
```
@@ -295,7 +295,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
internal-be-careful-debug: true
```
@@ -312,7 +312,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
require-hashes: true
@@ -321,7 +321,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
no-deps: true
@@ -342,7 +342,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -352,7 +352,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -382,7 +382,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
```
diff --git a/requirements.txt b/requirements.txt
index 5aeea1e98..15d6dfe88 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-pip-audit==2.4.4
+pip-audit==2.4.12