From b9a3e1846d9100303f48357874a0edf66c3e973b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 1 Dec 2021 17:56:32 -0500 Subject: [PATCH 1/3] _cli: Fix the behavior of the `--desc` flag The `--desc` option's parameter is optional, and has the following semantics: * No `--desc` whatsoever: `"auto"` * Bare `--desc` (no parameter): `"on"` * `--desc `: whatever choice is given --- pip_audit/_cli.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pip_audit/_cli.py b/pip_audit/_cli.py index 17781df0..ec0eb555 100644 --- a/pip_audit/_cli.py +++ b/pip_audit/_cli.py @@ -194,6 +194,8 @@ def audit() -> None: "--desc", type=VulnerabilityDescriptionChoice, choices=VulnerabilityDescriptionChoice, + nargs="?", + const=VulnerabilityDescriptionChoice.On, default=VulnerabilityDescriptionChoice.Auto, help="include a description for each vulnerability; " "`auto` defaults to `on` for the `json` format. This flag has no " From 324f842910ac5196b2f41b56df5a868c410ce8a0 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 1 Dec 2021 18:00:08 -0500 Subject: [PATCH 2/3] CHANGELOG: record fix --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 224d4aad..7fd18b54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,10 @@ All versions prior to 0.0.9 are untracked. ### Fixed +* CLI: The `--desc` flag no longer requires a following argument. If passed + as a bare option, `--desc` is equivalent to `--desc on` + ([#153](https://github.com/trailofbits/pip-audit/pull/153)) + ### Removed ## [1.0.0] - 2021-12-1 From 94c498a72f3c31ce4f12f3e45b3a6de322df634a Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 1 Dec 2021 18:01:08 -0500 Subject: [PATCH 3/3] README: update `pip-audit --help` --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2f60ff40..3f9c0cae 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ python -m pip install pip-audit ``` usage: pip-audit [-h] [-V] [-l] [-r REQUIREMENTS] [-f FORMAT] [-s SERVICE] - [-d] [-S] [--desc {on,off,auto}] [--cache-dir CACHE_DIR] + [-d] [-S] [--desc [{on,off,auto}]] [--cache-dir CACHE_DIR] [--progress-spinner {on,off}] [--timeout TIMEOUT] audit the Python environment for dependencies with known vulnerabilities @@ -51,7 +51,8 @@ optional arguments: auditing step (default: False) -S, --strict fail the entire audit if dependency collection fails on any dependency (default: False) - --desc {on,off,auto} include a description for each vulnerability; `auto` + --desc [{on,off,auto}] + include a description for each vulnerability; `auto` defaults to `on` for the `json` format. This flag has no effect on the `cyclonedx-json` or `cyclonedx-xml` formats. (default: auto) @@ -96,7 +97,7 @@ Flask 0.5 PYSEC-2018-66 0.12.3 Audit dependencies including descriptions: ``` -$ pip-audit --desc on +$ pip-audit --desc Found 2 known vulnerabilities in 1 packages Name Version ID Fix Versions Description ---- ------- -------------- ------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------