-
Currently `requirements.txt` parsing does not resolve the full dependency graph.
One option here may be to integrate `pip-audit` into this tool (though that introduces an external dependency from a…
-
**Is your feature request related to a problem? Please describe.**
Private repositories might have alternative certificates.
Easily using an extra or alternative index, such as with --extra-index…
-
```
(cryptography) ~/p/cryptography ❯❯❯ uv --version
uv 0.1.13
```
We have a mixed Python+Rust codebase. Our dev process involves running `pip install .`, which I'm attempting to migrate to `uv …
alex updated
2 months ago
-
Encountered this:
```
❯ uv venv
Using Python 3.12.3 interpreter at: /opt/homebrew/opt/python@3.12/bin/python3.12
Creating virtualenv at: .venv
Activate with: source .venv/bin/activate
❯ uv pip…
-
When we are ready to open source and release DIFFER, we'll want to add several CI checks for production code, including:
**`pip-audit`**
```yaml
# update .github/workflows/ci.yml
pip-audit:
…
-
https://github.com/trailofbits/gh-action-pip-audit
-
Our main commands, especially pip-compile, should have a json output format that can be in downstream applications such as auditing, dependabot-like application and our own testing.
-
The vast vast majority of Python packages use `>=` in their requirements.txt not `==`. But `pip-audit` is not flagging vulnerabilities when `>=` used.
E.g., take this example requirements.txt:
> l…
-
Thanks for building `pip-requirements-parser`! I'm really happy with it.
I noticed that if I parse a requirements file and then print it out with `dumps`, any leading whitespace before a requiremen…
-
**What's the problem this feature will solve?**
This feature will enable third party tools to intercept package installations that could provide features such as:
- audit installed code for security…