Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

requirement: Check requirements using the canonical name when fixing #577

Merged
merged 8 commits into from
Mar 29, 2023
Merged

requirement: Check requirements using the canonical name when fixing #577

merged 8 commits into from
Mar 29, 2023

Conversation

tetsuo-cpp
Copy link
Contributor

@tetsuo-cpp tetsuo-cpp commented Mar 24, 2023
edited
Loading

Closes #578

@tetsuo-cpp tetsuo-cpp marked this pull request as draft March 24, 2023 09:26
@tetsuo-cpp
Copy link
Contributor Author

Still needs unit tests and changelog.

@tetsuo-cpp tetsuo-cpp mentioned this pull request Mar 24, 2023
Open
@tetsuo-cpp tetsuo-cpp marked this pull request as ready for review March 24, 2023 13:35
woodruffw
woodruffw reviewed Mar 25, 2023
View reviewed changes
pip_audit/_dependency_source/requirement.py Outdated
if isinstance(req, InstallRequirement) and req.name == fix_version.dep.name:
if (
isinstance(req, InstallRequirement)
and req.name == fix_version.dep.canonical_name
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does req.name also need to be canonicalized here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

75fa6d0

Yep, good catch.

@tetsuo-cpp tetsuo-cpp requested a review from di March 28, 2023 12:20
@woodruffw woodruffw merged commit 35573a4 into main Mar 29, 2023
@woodruffw woodruffw deleted the alex/canonical-name-fix branch March 29, 2023 01:17
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 30, 2023
@0-wiz-0
py-pip_audit: update to 2.5.4.
4bcd4e6 
## [2.5.4]

### Changed

* Refactored `index-url` option to not override user pip config by default,
  unless specified ([#565](pypa/pip-audit#565))

### Fixed

* Fixed bug with the `--fix` flag where new requirements were sometimes being
  appended to requirement files instead of patching the existing requirement
  ([#577](pypa/pip-audit#577))

* Fixed a crash caused by auditing requirements files that refer to other
  requirements files ([#568](pypa/pip-audit#568))

## [2.5.3]

### Changed

* Further simplified `pip-audit`'s dependency resolution to remove inconsistent
  behaviour when using hashed requirements or the `--no-deps` flag
  ([#540](pypa/pip-audit#540))

### Fixed

* Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs
  ([#572](pypa/pip-audit#572))

## [2.5.2]

### Fixed

* Fixed a loose dependency constraint for CycloneDX SBOM generation
  ([#558](pypa/pip-audit#558))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

@di di Awaiting requested review from di

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Duplicate dependencies are sometimes added to requirements file with --fix
2 participants
@tetsuo-cpp @woodruffw