You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2023/01/02 12:40:00 UTC
[libcloud] 01/02: Squashed '.github/actions/gh-action-pip-audit/' changes from 5e29e4749..e187a7bf0
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit 01affaf2bfe1b66a39197bc37908c3906a047882
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Mon Jan 2 13:39:43 2023 +0100
Squashed '.github/actions/gh-action-pip-audit/' changes from 5e29e4749..e187a7bf0
e187a7bf0 README: prep 1.0.4
b0690898d requirements: pip-audit==2.4.12
454d956b5 README: prep for 1.0.3
e02369acd requirements: pip-audit==2.4.11
1d4b22590 README: prep for v1.0.2
d634a13a3 requirements: pip-audit==2.4.8
git-subtree-dir: .github/actions/gh-action-pip-audit
git-subtree-split: e187a7bf0b854d888a1ddf8a83717c7b8e990503
---
README.md | 40 ++++++++++++++++++++--------------------
requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index 7d785025c..874f36927 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
```
Or, with a virtual environment:
@@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
virtual-environment: env/
```
@@ -72,7 +72,7 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt dev-requirements.txt
```
@@ -80,7 +80,7 @@ To audit one or more requirements-style inputs:
To audit a project that uses `pyproject.toml` for its dependencies:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
@@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
@@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
local: true
```
@@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
vulnerability-service: osv
```
@@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
summary: false
```
@@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
index-url: https://example.corporate.local/simple
```
@@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
extra-index-urls: |
https://example.corporate.local/simple
@@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
@@ -276,7 +276,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
internal-be-careful-allow-failure: true
```
@@ -295,7 +295,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
internal-be-careful-debug: true
```
@@ -312,7 +312,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
require-hashes: true
@@ -321,7 +321,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
no-deps: true
@@ -342,7 +342,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -352,7 +352,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.1
+- uses: pypa/gh-action-pip-audit@v1.0.4
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -382,7 +382,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt
- - uses: pypa/gh-action-pip-audit@v1.0.1
+ - uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements.txt
```
diff --git a/requirements.txt b/requirements.txt
index 5aeea1e98..15d6dfe88 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-pip-audit==2.4.4
+pip-audit==2.4.12