You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2023/01/15 15:05:00 UTC
[libcloud] branch trunk updated (6e23b1f33 -> b6016ea17)
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
from 6e23b1f33 Update checkout GHA action to avoid nodejs 12 warning.
new 3bc7b0bbf Squashed '.github/actions/gh-action-pip-audit/' changes from e187a7bf0..9075e938d
new b6016ea17 Merge commit '3bc7b0bbf71e05a2333dfbe71643140d64fde39d' into trunk
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/actions/gh-action-pip-audit/README.md | 40 +++++++++++-----------
.../actions/gh-action-pip-audit/requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
[libcloud] 02/02: Merge commit '3bc7b0bbf71e05a2333dfbe71643140d64fde39d' into trunk
Posted by to...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit b6016ea17f439f4c23e50d65ef9a82e4a8e1eb4d
Merge: 6e23b1f33 3bc7b0bbf
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Sun Jan 15 16:04:45 2023 +0100
Merge commit '3bc7b0bbf71e05a2333dfbe71643140d64fde39d' into trunk
.github/actions/gh-action-pip-audit/README.md | 40 +++++++++++-----------
.../actions/gh-action-pip-audit/requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
[libcloud] 01/02: Squashed '.github/actions/gh-action-pip-audit/' changes from e187a7bf0..9075e938d
Posted by to...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit 3bc7b0bbf71e05a2333dfbe71643140d64fde39d
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Sun Jan 15 16:04:44 2023 +0100
Squashed '.github/actions/gh-action-pip-audit/' changes from e187a7bf0..9075e938d
9075e938d README: prep 1.0.5
0007f0863 requirements: pip-audit >= 2.4.13
c5b051c6b requirements: relax pip-audit version constraint
git-subtree-dir: .github/actions/gh-action-pip-audit
git-subtree-split: 9075e938de7d8a1c24076730a0c7644cf934826c
---
README.md | 40 ++++++++++++++++++++--------------------
requirements.txt | 2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index 874f36927..c7f790d3b 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.4
+ - uses: pypa/gh-action-pip-audit@v1.0.5
```
Or, with a virtual environment:
@@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- - uses: pypa/gh-action-pip-audit@v1.0.4
+ - uses: pypa/gh-action-pip-audit@v1.0.5
with:
virtual-environment: env/
```
@@ -72,7 +72,7 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
inputs: requirements.txt dev-requirements.txt
```
@@ -80,7 +80,7 @@ To audit one or more requirements-style inputs:
To audit a project that uses `pyproject.toml` for its dependencies:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
@@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
@@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
local: true
```
@@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
vulnerability-service: osv
```
@@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
@@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
summary: false
```
@@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
index-url: https://example.corporate.local/simple
```
@@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
extra-index-urls: |
https://example.corporate.local/simple
@@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
@@ -276,7 +276,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.4
+ - uses: pypa/gh-action-pip-audit@v1.0.5
with:
internal-be-careful-allow-failure: true
```
@@ -295,7 +295,7 @@ Example
Example:
```yaml
- - uses: pypa/gh-action-pip-audit@v1.0.4
+ - uses: pypa/gh-action-pip-audit@v1.0.5
with:
internal-be-careful-debug: true
```
@@ -312,7 +312,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
inputs: requirements.txt
require-hashes: true
@@ -321,7 +321,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
inputs: requirements.txt
no-deps: true
@@ -342,7 +342,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -352,7 +352,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:
```yaml
-- uses: pypa/gh-action-pip-audit@v1.0.4
+- uses: pypa/gh-action-pip-audit@v1.0.5
with:
# must be populated earlier in the CI
virtual-environment: env/
@@ -382,7 +382,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt
- - uses: pypa/gh-action-pip-audit@v1.0.4
+ - uses: pypa/gh-action-pip-audit@v1.0.5
with:
inputs: requirements.txt
```
diff --git a/requirements.txt b/requirements.txt
index 15d6dfe88..931128f8f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-pip-audit==2.4.12
+pip-audit ~= 2.0, >= 2.4.13