-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Respect --cache-dir
and other flags when auditing project directories
#300
Conversation
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Confirmed locally that |
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Unused and not needed. Signed-off-by: William Woodruff <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
.PHONY: all | ||
all: | ||
@echo "Run my targets individually!" | ||
|
||
.PHONY: run |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's happening here? I see make run
is getting removed.
Yep. I realized that the only place it was being used was in the CI and that it wasn’t much better of a UX than directly running the command from within the virtual environment. But I can revert that, if you were using it locally!
Sent from mobile. Please excuse my brevity.
… On Jun 14, 2022, at 6:16 PM, Alex Cameron ***@***.***> wrote:
@tetsuo-cpp approved this pull request.
LGTM!
In Makefile:
> .PHONY: all
all:
@echo "Run my targets individually!"
-.PHONY: run
What's happening here? I see make run is getting removed.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were assigned.
|
All good! I wasn't using it, just curious. |
## [2.3.4] ### Fixed * Vulnerability fixing: the `--fix` flag now works for vulnerabilities found in requirement subdependencies. A new line is now added to the requirement file to explicitly pin the offending subdependency ([#297](pypa/pip-audit#297)) ## [2.3.3] ### Changed * CLI: `pip-audit` now warns on the combination of `-s osv` and `--require-hashes`, notifying users that only the PyPI service can fully verify hashes ([#298](pypa/pip-audit#298)) ### Fixed * CLI/Dependency sources: `--cache-dir=...` and other flags that affect dependency resolver behavior now work correctly when auditing a `pyproject.toml` dependency source ([#300](pypa/pip-audit#300)) ## [2.3.2] - 2022-05-14 ### Changed * CLI: `pip-audit`'s progress spinner has been refactored to make it faster and more responsive ([#283](pypa/pip-audit#283)) * CLI, Vulnerability sources: the error message used to report connection failures to vulnerability sources was improved ([#287](pypa/pip-audit#287)) * Vulnerability sources: the OSV service is now more resilient to schema changes ([#288](pypa/pip-audit#288)) * Vulnerability sources: the PyPI service provides a better error message during some cases of service degradation ([#294](pypa/pip-audit#294)) ### Fixed * Vulnerability sources: a bug stemming from an incorrect assumption about OSV's schema guarantees was fixed ([#284](pypa/pip-audit#284)) * Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR` and will not attempt to use the `pip` cache if present ([#290](pypa/pip-audit#290))
Fixes #299.