Parse and upgrade pip requirements.txt

[timtebeek]

What problem are you trying to solve?

Bring to light any vulnerabilities and potential upgrades in pip requirements.txt files.

What precondition(s) should be checked before applying this recipe?

requirements.txt in a Python project

Have you considered any alternatives or workarounds?

Perhaps there's existing parsers to which we can delegate.

Any additional context

• https://pip.pypa.io/en/latest/user_guide/#requirements-files
• https://pip.pypa.io/en/latest/reference/requirements-file-format/#requirements-file-format

Example

# This is a comment, to show how #-prefixed lines are ignored.
# It is possible to specify requirements as plain names.
pytest
pytest-cov
beautifulsoup4

# The syntax supported here is the same as that of requirement specifiers.
docopt == 0.6.1
requests [security] >= 2.8.1, == 2.8.* ; python_version < "2.7"
urllib3 @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip

# It is possible to refer to other requirement files or constraints files.
-r other-requirements.txt
-c constraints.txt

# It is possible to refer to specific local distribution paths.
./downloads/numpy-1.9.2-cp34-none-win32.whl

# It is possible to refer to URLs.
http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl