woodruffw
commented
2 years ago ~Still WIP while I cut the diff down a bit (there's a bug, and I can make the indentation match to make the changes smaller).~
Closed woodruffw closed 2 years ago
woodruffw
commented
2 years ago ~Still WIP while I cut the diff down a bit (there's a bug, and I can make the indentation match to make the changes smaller).~
CLAassistant
commented
2 years ago
All committers have signed the CLA.
This refactors
pip-audit-bulkinto a Python script, which will hopefully be more readable and maintainable.It also makes some changes to the outputs:
The audits under the
audits/directory are still JSON, but the top-level structure is now the direct list of vulnerabilities. All extraneous keys and non-vulnerable dep information has been removed.The new "skipped" file lists subdependencies of each requirements file that are skipped by
pip-audit. This usually indicates a mismatch between theresourcename in the Homebrew formula and the actual PyPI package name, and should be fixable.Signed-off-by: William Woodruff william@trailofbits.com