-
Per the discussion at https://discuss.python.org/t/pip-installation-reports/12316, there seems to be an interest in generating detailed reports on the artifacts installed into an environment, with per…
-
### Expected behaviour
When I ran
```
$ pip-audit -r /path/to/requirements.txt
```
where the `requirements.txt` has dependency on the latest version of `opencv-python`
```
opencv-python==4.7.…
-
As a project maintainer, I'd like to be able to use `pip-audit` to audit the sub-dependencies of my project (likely by somehow evaluating my local source tree prior to building a distribution artifact…
-
Most package managers have a *-audit tool: pip-audit, cargo-audit, npm-audit, etc. that pull security advisories from public databases (OSV, CVEs, package-specific databases, etc)
Dependabot and reno…
-
root@esgfmeta-test-v4:docker exec -it -u root metagrid_local_django /bin/bash
root@2184f178b41a:/app# pip-audit
Found 6 known vulnerabilities in 5 packages
Name Version ID …
-
We have to work on the new version of Bear with new components:
- Copier instead cookiecutter
- Mkdocs page with dedicated documentation
- Commitizen
- Better usage of Ruff
- Better implementatio…
-
The `CONDA_PREFIX` is not leading to my conda env (called `ssa`) being used with uv.
I have an activated conda env:
```
-> % echo $CONDA_PREFIX
/home//miniconda3/envs/ssa
```
I run `uv syn…
-
自动代码审计的YAML的规则,需要在哪里找到呢
还有使用GPT闪退返回代码为
Traceback (most recent call last):
File "c:\Users\2tina\Desktop\code代码\main.py", line 235, in audit_single_file
response = openai.ChatCompletion.create…
-
The `syft` tool supports generating a SBOM for a container image and has support for Python packages. We should check to see if we can leverage this to support container images in `pip-audit`.
cc: …
-
### Apache Airflow version
Other Airflow 2 version (please specify below)
### If "Other Airflow 2 version" selected, which one?
2.10.2
### What happened?
After upgrading from 2.10.0 to 2.10.2 in …