-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add licenses for 3rd party libraries #5213
Conversation
I suppose https://github.com/pypa/pip/blob/master/tasks/vendoring/__init__.py needs updating as well :( |
Yeah. I'd prefer that the vendoring script learns how to extract licenses rather than having to do it manually. |
Let me look at that later today. |
I've added a "works for me" code. It's very rough and will need some cleaning, but I've pushed it so others can try it as well and send feedback. |
tasks/vendoring/__init__.py
Outdated
|
||
|
||
def license_fallback(vendor_dir, sdist, tar): | ||
"""A very hackish way to get LICENSE from github |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given the ugliness of this, I think maybe hardcoding the 2 license URLs would work better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in a fixup commit.
Travis CI fails on Python 2, it reports perfectly valid Python 3 only file to have SyntaxError, how much should I dance around that? |
tasks/vendoring/__init__.py
Outdated
"""Hardcoded license URLs. Check when updating if those are still needed""" | ||
for libname, url in HARDCODED_LICENSE_URLS.items(): | ||
if libname in sdist_name: | ||
*_, name = url.rpartition('/') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_, _, name = url.rpartition('/')
is Python 2 compatible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yet I wonder why? The script says it needs Python 3.5. I can do that (and probably will, however I'm not happy about it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in ee9bcbb
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is a Python 3 only script, but we don't exclude it from the Python 2 linter run, for better or worse. It's no big deal - I actually think the explicit version is clearer, anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a big deal, I agree.
What can I make to move this forward? Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd have been nice if the automation and licenses were added in separate commits -- would have made reviewing easier. :)
If you can modify the commits to do that, that'd be nice. :)
tasks/vendoring/__init__.py
Outdated
name = member.filename | ||
if 'LICENSE' in name or 'COPYING' in name: | ||
if '/test' in name: | ||
# some testing licenses in hml5lib and distlib |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
html5lib
tasks/vendoring/__init__.py
Outdated
return vendor_dir / '{}.{}'.format(libname, filename) | ||
|
||
|
||
def extract_license_mamber(vendor_dir, tar, member, name): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
member
tasks/vendoring/__init__.py
Outdated
@@ -16,6 +19,18 @@ | |||
'README.rst', | |||
) | |||
|
|||
LIBRARY_OVERRIDES = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a better name here would help?
tasks/vendoring/__init__.py
Outdated
|
||
def license_fallback(vendor_dir, sdist_name): | ||
"""Hardcoded license URLs. Check when updating if those are still needed""" | ||
for libname, url in HARDCODED_LICENSE_URLS.items(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we eliminate the loop and make this simpler? Extract the name of the library and use that for handling licenses.
if lib_name not in FALLBACK_LICENSE_URLS:
raise RuntimeError("Unable to get license for {}".format(lib_name))
url = FALLBACK_LICENSE_URLS[lib_name]
...
Aside, as a personal rule of thumb, I start using classes or split my scripts if they go over 250 lines. I'll let @pypa/pip-committers pitch in on whether that's something we want here. |
It would be nice if the vendoring script named the license files according to the package it came from or put it in that package's directory consistently. (currently there's Not a blocker though. |
That was my deliberate decision to honor the fact that some libs have their own directory and some don't. If this should be done differently (but please be explicit), I can rework it, yet I think this way it's OK. |
Note that currently my If the LICESNE files destination should differ from my implementation, tell me where to put them and I'll change it. I don't think classes/files would help readability here, but if they are requested, I can use them. |
Ok, unhanged. Works. I only see this in diff, that I'm confident is not my fault: diff --git a/src/pip/_vendor/urllib3/util/ssl_.py b/src/pip/_vendor/urllib3/util/ssl_.py
index dafc75b5..87059434 100644
--- a/src/pip/_vendor/urllib3/util/ssl_.py
+++ b/src/pip/_vendor/urllib3/util/ssl_.py
@@ -3,7 +3,7 @@ import errno
import warnings
import hmac
-from binascii import hexlify, unhexlify
+from pip._vendor.binascii import hexlify, unhexlify
from hashlib import md5, sha1, sha256
from ..exceptions import SSLError, InsecurePlatformWarning, SNIMissingWarning |
I was getting that binascii line when I ran revendor for the release. I manually fixed it then, as I wasn't able to work out what was going on at the time. Maybe I forgot to raise an issue for it - I don't remember now. But yes, it's not related to your changes. |
Reported as #5347 |
I don't really know much about this stuff and so, I'll defer to others here. |
Thank you! ^>^ |
Rebased on top of #5347 fix. Works perfectly for me. |
tasks/vendoring/__init__.py
Outdated
url = HARDCODED_LICENSE_URLS[libname] | ||
_, _, name = url.rpartition('/') | ||
dest = license_destination(vendor_dir, libname, name) | ||
r = requests.get(url, allow_redirects=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC, requests.get does the fetching, so, that would mean the download would finish and then the downloading message would show up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I.e. the log line should be before the get line? Is that what this comment is about?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dcb2e9c
tasks/vendoring/__init__.py
Outdated
if part[0].isdigit(): | ||
break | ||
parts.append(part) | ||
return'-'.join(parts) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A space after return.
Huh. CI should catch stuff like this! Anyways, that's something I'll fix later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should, right? but it's still orange.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ee66bfd
Used the following: (modified from https://github.com/pypa/pip/blob/9.0.3/pip/_vendor/vendor.txt) setuptools==39.1.0 appdirs==1.4.0 distlib==0.2.4 distro==1.0.1 html5lib==1.0b10 six==1.10.0 colorama==0.3.7 requests==2.11.1 chardet==3.0.4 idna==2.6 urllib3==1.22 certifi==2018.1.18 CacheControl==0.11.7 lockfile==0.12.2 ordereddict==1.1 progress==1.2 ipaddress==1.0.17 packaging==16.8 pyparsing==2.1.10 retrying==1.3.3 webencodings==0.5 And the vendoring script from pypa/pip#5213 Fixes pypa#1961
How can I move this forward? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM on skimming.
Will autosquash the fixups and rebase on master... Done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR.
I think I would have handled it differently and dealt with each vendored library independently (I'm not a fan of libname_from_dir
guessing what we obviously knew :) ) but it does the job.
tasks/vendoring/__init__.py
Outdated
@@ -164,7 +164,8 @@ def download_licenses(ctx, vendor_dir): | |||
log('Downloading licenses') | |||
tmp_dir = vendor_dir / '__tmp__' | |||
ctx.run( | |||
'pip download -r {0}/vendor.txt --no-binary :all: -d {1}'.format( | |||
'pip download -r {0}/vendor.txt --no-binary ' | |||
'--no-deps :all: -d {1}'.format( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
err, I was going to merge this but this ended in the wrong commit (I guess you must have amended this change into the last commit :)
And more importantly, --no-binary --no-deps :all
won't work, you need --no-binary :all --no-deps
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed.
Thanks @hroncok ! |
1723: Scheduled weekly dependency update for week 05 r=mythmon a=pyup-bot ### Update [atomicwrites](https://pypi.org/project/atomicwrites) from **1.2.1** to **1.3.0**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/atomicwrites - Repo: https://github.com/untitaker/python-atomicwrites </details> ### Update [botocore](https://pypi.org/project/botocore) from **1.12.82** to **1.12.86**. <details> <summary>Changelog</summary> ### 1.12.86 ``` ======= * api-change:``devicefarm``: Update devicefarm client to latest version * api-change:``codecommit``: Update codecommit client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version ``` ### 1.12.85 ``` ======= * api-change:``logs``: Update logs client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``sms-voice``: Update sms-voice client to latest version * api-change:``ecr``: Update ecr client to latest version ``` ### 1.12.84 ``` ======= * api-change:``worklink``: Update worklink client to latest version * api-change:``apigatewaymanagementapi``: Update apigatewaymanagementapi client to latest version * api-change:``acm-pca``: Update acm-pca client to latest version ``` ### 1.12.83 ``` ======= * api-change:``appstream``: Update appstream client to latest version * api-change:``discovery``: Update discovery client to latest version * api-change:``dms``: Update dms client to latest version * api-change:``fms``: Update fms client to latest version * api-change:``ssm``: Update ssm client to latest version ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/botocore - Changelog: https://pyup.io/changelogs/botocore/ - Repo: https://github.com/boto/botocore </details> ### Update [Faker](https://pypi.org/project/Faker) from **1.0.1** to **1.0.2**. <details> <summary>Changelog</summary> ### 1.0.2 ``` -------------------------------------------------------------------------------------- * Fix state abbreviations for ``id_ID`` to be 2-letters. Thanks dt-ap. * Fix format for ``city_with_postcode`` on ``de_DE`` locale. Thanks TZanke. * Update ``person`` providers for ``zh_CN``. Thanks TimeFinger. * Implement ``zipcode_in_state`` and aliases in ``en_US`` locale for generating a zipcode for a specified state. Thanks mattyg. * Group first names by gender on ``zh_CN`` provider. Thanks TimeFinger. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/faker - Changelog: https://pyup.io/changelogs/faker/ - Repo: https://github.com/joke2k/faker </details> ### Update [pycodestyle](https://pypi.org/project/pycodestyle) from **2.4.0** to **2.5.0**. <details> <summary>Changelog</summary> ### 2.5.0 ``` ------------------ New checks: * E117: Over-indented code blocks * W505: Maximum doc-string length only when configured with --max-doc-length Changes: * Remove support for EOL Python 2.6 and 3.3. PR 720. * Add E117 error for over-indented code blocks. * Allow W605 to be silenced by ` noqa` and fix the position reported by W605 * Allow users to omit blank lines around one-liner definitions of classes and functions * Include the function return annotation (``->``) as requiring surrounding whitespace only on Python 3 * Verify that only names can follow ``await``. Previously we allowed numbers and strings. * Add support for Python 3.7 * Fix detection of annotated argument defaults for E252 * Cprrect the position reported by W504 ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pycodestyle - Changelog: https://pyup.io/changelogs/pycodestyle/ - Docs: https://pycodestyle.readthedocs.io/ </details> ### Update [pyflakes](https://pypi.org/project/pyflakes) from **2.0.0** to **2.1.0**. <details> <summary>Changelog</summary> ### 2.1.0 ``` - Allow intentional assignment to variables named ``_`` - Recognize ``__module__`` as a valid name in class scope - ``pyflakes.checker.Checker`` supports checking of partial ``ast`` trees - Detect assign-before-use for local variables which shadow builtin names - Detect invalid ``print`` syntax using ``>>`` operator - Treat ``async for`` the same as a ``for`` loop for introducing variables - Add detection for list concatenation in ``__all__`` - Exempt ``typing.overload`` from duplicate function declaration - Importing a submodule of an ``as``-aliased ``import``-import is marked as used - Report undefined names from ``__all__`` as possibly coming from a ``*`` import - Add support for changes in Python 3.8-dev - Add support for PEP 563 (``from __future__ import annotations``) - Include Python version and platform information in ``pyflakes --version`` - Recognize ``__annotations__`` as a valid magic global in Python 3.6+ - Mark names used in PEP 484 `` type: ...`` comments as used - Add check for use of ``is`` operator with ``str``, ``bytes``, and ``int`` literals ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pyflakes - Changelog: https://pyup.io/changelogs/pyflakes/ - Repo: https://github.com/PyCQA/pyflakes </details> ### Update [setuptools](https://pypi.org/project/setuptools) from **40.6.3** to **40.7.3**. <details> <summary>Changelog</summary> ### 40.7.3 ``` ------- * 1670: In package_index, revert to using a copy of splituser from Python 3.8. Attempts to use ``urllib.parse.urlparse`` led to problems as reported in 1663 and 1668. This change serves as an alternative to 1499 and fixes 1668. ``` ### 40.7.2 ``` ------- * 1666: Restore port in URL handling in package_index. ``` ### 40.7.1 ``` ------- * 1660: On Python 2, when reading config files, downcast options from text to bytes to satisfy distutils expectations. ``` ### 40.7.0 ``` ------- * 1551: File inputs for the `license` field in `setup.cfg` files now explicitly raise an error. * 1180: Add support for non-ASCII in setup.cfg (1062). Add support for native strings on some parameters (1136). * 1499: ``setuptools.package_index`` no longer relies on the deprecated ``urllib.parse.splituser`` per Python 27485. * 1544: Added tests for PackageIndex.download (for git URLs). * 1625: In PEP 517 build_meta builder, ensure that sdists are built as gztar per the spec. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/setuptools - Changelog: https://pyup.io/changelogs/setuptools/ - Repo: https://github.com/pypa/setuptools </details> ### Update [cachetools](https://pypi.org/project/cachetools) from **3.0.0** to **3.1.0**. <details> <summary>Changelog</summary> ### 3.1.0 ``` ------------------- - Fix Python 3.8 compatibility issue. - Use ``time.monotonic`` as default timer if available. - Improve documentation regarding thread safety. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/cachetools - Changelog: https://pyup.io/changelogs/cachetools/ - Repo: https://github.com/tkem/cachetools </details> ### Update [boto3](https://pypi.org/project/boto3) from **1.9.82** to **1.9.86**. <details> <summary>Changelog</summary> ### 1.9.86 ``` ====== * api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version * api-change:``codecommit``: [``botocore``] Update codecommit client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version ``` ### 1.9.85 ``` ====== * api-change:``logs``: [``botocore``] Update logs client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``sms-voice``: [``botocore``] Update sms-voice client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version ``` ### 1.9.84 ``` ====== * api-change:``worklink``: [``botocore``] Update worklink client to latest version * api-change:``apigatewaymanagementapi``: [``botocore``] Update apigatewaymanagementapi client to latest version * api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version ``` ### 1.9.83 ``` ====== * api-change:``appstream``: [``botocore``] Update appstream client to latest version * api-change:``discovery``: [``botocore``] Update discovery client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/boto3 - Changelog: https://pyup.io/changelogs/boto3/ - Repo: https://github.com/boto/boto3 </details> ### Update [flake8](https://pypi.org/project/flake8) from **3.6.0** to **3.7.5**. <details> <summary>Changelog</summary> ### 3.7.5 ``` ------------------- You can view the `3.7.5 milestone`_ on GitLab for more details. Bugs Fixed ~~~~~~~~~~ - Fix reporting of pyflakes "referenced before assignment" error (See also `GitLab!301`_, `GitLab503`_) .. all links .. _3.7.5 milestone: https://gitlab.com/pycqa/flake8/milestones/28 .. issue links .. _GitLab503: https://gitlab.com/pycqa/flake8/issues/503 .. merge request links .. _GitLab!301: https://gitlab.com/pycqa/flake8/merge_requests/301 ``` ### 3.7.4 ``` ------------------- You can view the `3.7.4 milestone`_ on GitLab for more details. Bugs Fixed ~~~~~~~~~~ - Fix performance regression with lots of ``per-file-ignores`` and errors (See also `GitLab!299`_, `GitLab501`_) .. all links .. _3.7.4 milestone: https://gitlab.com/pycqa/flake8/milestones/27 .. issue links .. _GitLab501: https://gitlab.com/pycqa/flake8/issues/501 .. merge request links .. _GitLab!299: https://gitlab.com/pycqa/flake8/merge_requests/299 ``` ### 3.7.3 ``` ------------------- You can view the `3.7.3 milestone`_ on GitLab for more details. Bugs Fixed ~~~~~~~~~~ - Fix imports of ``typing`` in python 3.5.0 / 3.5.1 (See also `GitLab!294`_, `GitLab498`_) - Fix ``flake8 --statistics`` (See also `GitLab!295`_, `GitLab499`_) - Gracefully ignore ``flake8-per-file-ignores`` plugin if installed (See also `GitLab!297`_, `GitLab495`_) - Improve error message for malformed ``per-file-ignores`` (See also `GitLab!298`_, `GitLab489`_) .. all links .. _3.7.3 milestone: https://gitlab.com/pycqa/flake8/milestones/26 .. issue links .. _GitLab489: https://gitlab.com/pycqa/flake8/issues/489 .. _GitLab495: https://gitlab.com/pycqa/flake8/issues/495 .. _GitLab498: https://gitlab.com/pycqa/flake8/issues/498 .. _GitLab499: https://gitlab.com/pycqa/flake8/issues/499 .. merge request links .. _GitLab!294: https://gitlab.com/pycqa/flake8/merge_requests/294 .. _GitLab!295: https://gitlab.com/pycqa/flake8/merge_requests/295 .. _GitLab!297: https://gitlab.com/pycqa/flake8/merge_requests/297 .. _GitLab!298: https://gitlab.com/pycqa/flake8/merge_requests/298 ``` ### 3.7.2 ``` ------------------- You can view the `3.7.2 milestone`_ on GitLab for more details. Bugs Fixed ~~~~~~~~~~ - Fix broken ``flake8 --diff`` (regressed in 3.7.0) (See also `GitLab!292`_, `GitLab490`_) - Fix typo in plugin exception reporting (See also `GitLab!275`_, `GitLab491`_) - Fix ``AttributeError`` while attempting to use the legacy api (regressed in 3.7.0) (See also `GitLab!293`_, `GitLab497`_) .. all links .. _3.7.2 milestone: https://gitlab.com/pycqa/flake8/milestones/25 .. issue links .. _GitLab490: https://gitlab.com/pycqa/flake8/issues/490 .. _GitLab491: https://gitlab.com/pycqa/flake8/issues/491 .. _GitLab497: https://gitlab.com/pycqa/flake8/issues/497 .. merge request links .. _GitLab!292: https://gitlab.com/pycqa/flake8/merge_requests/292 .. _GitLab!275: https://gitlab.com/pycqa/flake8/merge_requests/275 .. _GitLab!293: https://gitlab.com/pycqa/flake8/merge_requests/293 ``` ### 3.7.1 ``` ------------------- You can view the `3.7.1 milestone`_ on GitLab for more details. Bugs Fixed ~~~~~~~~~~ - Fix capitalized filenames in ``per-file-ignores`` setting (See also `GitLab!290`_, `GitLab488`_) .. all links .. _3.7.1 milestone: https://gitlab.com/pycqa/flake8/milestones/24 .. issue links .. _GitLab488: https://gitlab.com/pycqa/flake8/issues/488 .. merge request links .. _GitLab!290: https://gitlab.com/pycqa/flake8/merge_requests/290 ``` ### 3.7.0 ``` ------------------- You can view the `3.7.0 milestone`_ on GitLab for more details. New Dependency Information ~~~~~~~~~~~~~~~~~~~~~~~~~~ - Add dependency on ``entrypoints`` >= 0.3, < 0.4 (See also `GitLab!264`_, `GitLab!288`_) - Pyflakes has been updated to >= 2.1.0, < 2.2.0 (See also `GitLab!283`_, `GitLab!285`_) - pycodestyle has been updated to >= 2.5.0, < 2.6.0 (See also `GitLab!287`_) Features ~~~~~~~~ - Add support for ``per-file-ignores`` (See also `GitLab!259`_, `GitLab156`_, `GitLab!281`_, `GitLab471`_) - Enable use of ``float`` and ``complex`` option types (See also `GitLab!261`_, `GitLab452`_) - Improve startup performance by switching from ``pkg_resources`` to ``entrypoints`` (See also `GitLab!264`_) - Add metadata for use through the `pre-commit`_ git hooks framework (See also `GitLab!268`_, `GitLab!284`_) - Allow physical line checks to return more than one result (See also `GitLab!269`_) - Allow `` noqa:X123`` comments without space between the colon and codes list (See also `GitLab!273`_, `GitLab470`_) - Remove broken and unused ``flake8.listen`` plugin type (See also `GitLab!274`_, `GitLab480`_) .. all links .. _3.7.0 milestone: https://gitlab.com/pycqa/flake8/milestones/23 .. _pre-commit: https://pre-commit.com/ .. issue links .. _GitLab156: https://gitlab.com/pycqa/flake8/issues/156 .. _GitLab452: https://gitlab.com/pycqa/flake8/issues/452 .. _GitLab470: https://gitlab.com/pycqa/flake8/issues/470 .. _GitLab471: https://gitlab.com/pycqa/flake8/issues/471 .. _GitLab480: https://gitlab.com/pycqa/flake8/issues/480 .. merge request links .. _GitLab!259: https://gitlab.com/pycqa/flake8/merge_requests/259 .. _GitLab!261: https://gitlab.com/pycqa/flake8/merge_requests/261 .. _GitLab!264: https://gitlab.com/pycqa/flake8/merge_requests/264 .. _GitLab!268: https://gitlab.com/pycqa/flake8/merge_requests/268 .. _GitLab!269: https://gitlab.com/pycqa/flake8/merge_requests/269 .. _GitLab!273: https://gitlab.com/pycqa/flake8/merge_requests/273 .. _GitLab!274: https://gitlab.com/pycqa/flake8/merge_requests/274 .. _GitLab!281: https://gitlab.com/pycqa/flake8/merge_requests/281 .. _GitLab!283: https://gitlab.com/pycqa/flake8/merge_requests/283 .. _GitLab!284: https://gitlab.com/pycqa/flake8/merge_requests/284 .. _GitLab!285: https://gitlab.com/pycqa/flake8/merge_requests/285 .. _GitLab!287: https://gitlab.com/pycqa/flake8/merge_requests/287 .. _GitLab!288: https://gitlab.com/pycqa/flake8/merge_requests/288 ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flake8 - Changelog: https://pyup.io/changelogs/flake8/ - Repo: https://gitlab.com/pycqa/flake8 </details> ### Update [newrelic](https://pypi.org/project/newrelic) from **4.10.0.112** to **4.12.0.113**. <details> <summary>Changelog</summary> ### 4.12.0.113 ``` This release of the Python agent extends support of Amazon's boto3 library and includes bug fixes. The agent can be installed using easy_install/pip/distribute via the Python Package Index or can be downloaded directly from the New Relic download site. Features AWS operation and request ID will now be reported in transaction traces and spans when using boto3 and botocore. The agent will now report aws.requestId and aws.operation for all calls to AWS made using botocore and boto3. DynamoDB calls are now reported under the Databases tab. The agent will now record DynamoDB query performance in the Databases tab in APM in addition to table name for the following calls: put_item get_item update_item delete_item create_table delete_table query scan Certain SQS calls will now report additional data for spans and transaction traces. The agent will now record the queue name in spans and transaction traces for the following SQS calls: send_message send_message_batch receive_message SNS publish will now report additional data for spans and transaction traces. The SNS topic, target, or the string literal PhoneNumber will be reported to New Relic inside of spans and transaction traces. The full URL path will now be recorded on span events and transaction traces when using boto3 or botocore. The agent will now record the full URL path for API calls made to AWS through the boto3 / botocore libraries. The path will be available through span events and transaction traces. Bug Fixes Using newrelic-admin to start a GunicornWebWorker with an application factory resulted in an application crash. The agent would fail to start if using the newrelic-admin command to start an aiohttp application factory with GunicornWebWorker. This issue has now been fixed. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/newrelic - Changelog: https://pyup.io/changelogs/newrelic/ - Homepage: http://newrelic.com/docs/python/new-relic-for-python </details> ### Update [psycopg2](https://pypi.org/project/psycopg2) from **2.7.6.1** to **2.7.7**. <details> <summary>Changelog</summary> ### 2.7.7 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Cleanup of the cursor results assignment code, which might have solved double free and inconsistencies in concurrent usage (:tickets:`346, 384`). - Wheel package compiled against OpenSSL 1.0.2q. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/psycopg2 - Changelog: https://pyup.io/changelogs/psycopg2/ - Homepage: http://initd.org/psycopg/ </details> ### Update [pyasn1-modules](https://pypi.org/project/pyasn1-modules) from **0.2.3** to **0.2.4**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pyasn1-modules - Changelog: https://pyup.io/changelogs/pyasn1-modules/ - Repo: https://github.com/etingof/pyasn1-modules </details> ### Update [pytest-django](https://pypi.org/project/pytest-django) from **3.4.5** to **3.4.7**. <details> <summary>Changelog</summary> ### 3.4.7 ``` ------------------ Bugfixes ^^^^^^^^ * Fix disabling/handling of unittest methods with pytest 4.2+ (700) ``` ### 3.4.6 ``` ------------------ Bugfixes ^^^^^^^^ * django_find_project: add cwd as fallback always (690) Misc ^^^^ * Enable tests for Django 2.2 and add classifier (693) * Disallow pytest 4.2.0 in ``install_requires`` (697) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest-django - Changelog: https://pyup.io/changelogs/pytest-django/ - Docs: https://pytest-django.readthedocs.io/ </details> ### Update [pytest](https://pypi.org/project/pytest) from **4.1.1** to **4.2.0**. <details> <summary>Changelog</summary> ### 4.2.0 ``` ========================= Features -------- - `3094 <https://github.com/pytest-dev/pytest/issues/3094>`_: `Class xunit-style <https://docs.pytest.org/en/latest/xunit_setup.html>`__ functions and methods now obey the scope of *autouse* fixtures. This fixes a number of surprising issues like ``setup_method`` being called before session-scoped autouse fixtures (see `517 <https://github.com/pytest-dev/pytest/issues/517>`__ for an example). - `4627 <https://github.com/pytest-dev/pytest/issues/4627>`_: Display a message at the end of the test session when running under Python 2.7 and 3.4 that pytest 5.0 will no longer support those Python versions. - `4660 <https://github.com/pytest-dev/pytest/issues/4660>`_: The number of *selected* tests now are also displayed when the ``-k`` or ``-m`` flags are used. - `4688 <https://github.com/pytest-dev/pytest/issues/4688>`_: ``pytest_report_teststatus`` hook now can also receive a ``config`` parameter. - `4691 <https://github.com/pytest-dev/pytest/issues/4691>`_: ``pytest_terminal_summary`` hook now can also receive a ``config`` parameter. Bug Fixes --------- - `3547 <https://github.com/pytest-dev/pytest/issues/3547>`_: ``--junitxml`` can emit XML compatible with Jenkins xUnit. ``junit_family`` INI option accepts ``legacy|xunit1``, which produces old style output, and ``xunit2`` that conforms more strictly to https://github.com/jenkinsci/xunit-plugin/blob/xunit-2.3.2/src/main/resources/org/jenkinsci/plugins/xunit/types/model/xsd/junit-10.xsd - `4280 <https://github.com/pytest-dev/pytest/issues/4280>`_: Improve quitting from pdb, especially with ``--trace``. Using ``q[quit]`` after ``pdb.set_trace()`` will quit pytest also. - `4402 <https://github.com/pytest-dev/pytest/issues/4402>`_: Warning summary now groups warnings by message instead of by test id. This makes the output more compact and better conveys the general idea of how much code is actually generating warnings, instead of how many tests call that code. - `4536 <https://github.com/pytest-dev/pytest/issues/4536>`_: ``monkeypatch.delattr`` handles class descriptors like ``staticmethod``/``classmethod``. - `4649 <https://github.com/pytest-dev/pytest/issues/4649>`_: Restore marks being considered keywords for keyword expressions. - `4653 <https://github.com/pytest-dev/pytest/issues/4653>`_: ``tmp_path`` fixture and other related ones provides resolved path (a.k.a real path) - `4667 <https://github.com/pytest-dev/pytest/issues/4667>`_: ``pytest_terminal_summary`` uses result from ``pytest_report_teststatus`` hook, rather than hardcoded strings. - `4669 <https://github.com/pytest-dev/pytest/issues/4669>`_: Correctly handle ``unittest.SkipTest`` exception containing non-ascii characters on Python 2. - `4680 <https://github.com/pytest-dev/pytest/issues/4680>`_: Ensure the ``tmpdir`` and the ``tmp_path`` fixtures are the same folder. - `4681 <https://github.com/pytest-dev/pytest/issues/4681>`_: Ensure ``tmp_path`` is always a real path. Trivial/Internal Changes ------------------------ - `4643 <https://github.com/pytest-dev/pytest/issues/4643>`_: Use ``a.item()`` instead of the deprecated ``np.asscalar(a)`` in ``pytest.approx``. ``np.asscalar`` has been `deprecated <https://github.com/numpy/numpy/blob/master/doc/release/1.16.0-notes.rstnew-deprecations>`__ in ``numpy 1.16.``. - `4657 <https://github.com/pytest-dev/pytest/issues/4657>`_: Copy saferepr from pylib ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest - Changelog: https://pyup.io/changelogs/pytest/ - Homepage: https://docs.pytest.org/en/latest/ </details> ### Update [pytest-mock](https://pypi.org/project/pytest-mock) from **1.10.0** to **1.10.1**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest-mock - Changelog: https://pyup.io/changelogs/pytest-mock/ - Repo: https://github.com/pytest-dev/pytest-mock/ </details> ### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.8.3** to **1.8.4**. <details> <summary>Changelog</summary> ### 1.8.4 ``` ===================================== Bugs fixed ---------- * 3707: latex: no bold checkmark (✔) available. * 5605: with the documentation language set to Chinese, English words could not be searched. * 5889: LaTeX: user ``numfig_format`` is stripped of spaces and may cause build failure * C++, fix hyperlinks for declarations involving east cv-qualifiers. * 5755: C++, fix duplicate declaration error on function templates with constraints in the return type. * C++, parse unary right fold expressions and binary fold expressions. * pycode could not handle egg files on windows * 5928: KeyError: 'DOCUTILSCONFIG' when running build * 5936: LaTeX: PDF build broken by inclusion of image taller than page height in an admonition * 5231: "make html" does not read and build "po" files in "locale" dir * 5954: ``:scale:`` image option may break PDF build if image in an admonition * 5966: mathjax has not been loaded on incremental build * 5960: LaTeX: modified PDF layout since September 2018 TeXLive update of :file:`parskip.sty` * 5948: LaTeX: duplicated labels are generated for sections * 5958: versionadded directive causes crash with Python 3.5.0 * 5995: autodoc: autodoc_mock_imports conflict with metaclass on Python 3.7 * 5871: texinfo: a section title ``.`` is not allowed ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/sphinx - Changelog: https://pyup.io/changelogs/sphinx/ - Homepage: http://sphinx-doc.org/ </details> ### Update [pip](https://pypi.org/project/pip) from **18.1** to **19.0.1**. <details> <summary>Changelog</summary> ### 19.0 ``` ================= Deprecations and Removals ------------------------- - Deprecate support for Python 3.4 (`6106 <https://github.com/pypa/pip/issues/6106>`_) - Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life and prompt users to start migrating to Python 3. (`6148 <https://github.com/pypa/pip/issues/6148>`_) - Remove the deprecated ``--process-dependency-links`` option. (`6060 <https://github.com/pypa/pip/issues/6060>`_) - Remove the deprecated SVN editable detection based on dependency links during freeze. (`5866 <https://github.com/pypa/pip/issues/5866>`_) Features -------- - Implement PEP 517 (allow projects to specify a build backend via pyproject.toml). (`5743 <https://github.com/pypa/pip/issues/5743>`_) - Implement manylinux2010 platform tag support. manylinux2010 is the successor to manylinux1. It allows carefully compiled binary wheels to be installed on compatible Linux platforms. (`5008 <https://github.com/pypa/pip/issues/5008>`_) - Improve build isolation: handle ``.pth`` files, so namespace packages are correctly supported under Python 3.2 and earlier. (`5656 <https://github.com/pypa/pip/issues/5656>`_) - Include the package name in a freeze warning if the package is not installed. (`5943 <https://github.com/pypa/pip/issues/5943>`_) - Warn when dropping an ``--[extra-]index-url`` value that points to an existing local directory. (`5827 <https://github.com/pypa/pip/issues/5827>`_) - Prefix pip's ``--log`` file lines with their timestamp. (`6141 <https://github.com/pypa/pip/issues/6141>`_) Bug Fixes --------- - Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_) - Redact the password from the URL in various log messages. (`4746 <https://github.com/pypa/pip/issues/4746>`_, `6124 <https://github.com/pypa/pip/issues/6124>`_) - Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_) - Avoid printing a stack trace when given an invalid requirement. (`5147 <https://github.com/pypa/pip/issues/5147>`_) - Present 401 warning if username/password do not work for URL (`4833 <https://github.com/pypa/pip/issues/4833>`_) - Handle ``requests.exceptions.RetryError`` raised in ``PackageFinder`` that was causing pip to fail silently when some indexes were unreachable. (`5270 <https://github.com/pypa/pip/issues/5270>`_, `5483 <https://github.com/pypa/pip/issues/5483>`_) - Handle a broken stdout pipe more gracefully (e.g. when running ``pip list | head``). (`4170 <https://github.com/pypa/pip/issues/4170>`_) - Fix crash from setting ``PIP_NO_CACHE_DIR=yes``. (`5385 <https://github.com/pypa/pip/issues/5385>`_) - Fix crash from unparseable requirements when checking installed packages. (`5839 <https://github.com/pypa/pip/issues/5839>`_) - Fix content type detection if a directory named like an archive is used as a package source. (`5838 <https://github.com/pypa/pip/issues/5838>`_) - Fix listing of outdated packages that are not dependencies of installed packages in ``pip list --outdated --not-required`` (`5737 <https://github.com/pypa/pip/issues/5737>`_) - Fix sorting ``TypeError`` in ``move_wheel_files()`` when installing some packages. (`5868 <https://github.com/pypa/pip/issues/5868>`_) - Fix support for invoking pip using ``python src/pip ...``. (`5841 <https://github.com/pypa/pip/issues/5841>`_) - Greatly reduce memory usage when installing wheels containing large files. (`5848 <https://github.com/pypa/pip/issues/5848>`_) - Editable non-VCS installs now freeze as editable. (`5031 <https://github.com/pypa/pip/issues/5031>`_) - Editable Git installs without a remote now freeze as editable. (`4759 <https://github.com/pypa/pip/issues/4759>`_) - Canonicalize sdist file names so they can be matched to a canonicalized package name passed to ``pip install``. (`5870 <https://github.com/pypa/pip/issues/5870>`_) - Properly decode special characters in SVN URL credentials. (`5968 <https://github.com/pypa/pip/issues/5968>`_) - Make ``PIP_NO_CACHE_DIR`` disable the cache also for truthy values like ``"true"``, ``"yes"``, ``"1"``, etc. (`5735 <https://github.com/pypa/pip/issues/5735>`_) Vendored Libraries ------------------ - Include license text of vendored 3rd party libraries. (`5213 <https://github.com/pypa/pip/issues/5213>`_) - Update certifi to 2018.11.29 - Update colorama to 0.4.1 - Update distlib to 0.2.8 - Update idna to 2.8 - Update packaging to 19.0 - Update pep517 to 0.5.0 - Update pkg_resources to 40.6.3 (via setuptools) - Update pyparsing to 2.3.1 - Update pytoml to 0.1.20 - Update requests to 2.21.0 - Update six to 1.12.0 - Update urllib3 to 1.24.1 Improved Documentation ---------------------- - Include the Vendoring Policy in the documentation. (`5958 <https://github.com/pypa/pip/issues/5958>`_) - Add instructions for running pip from source to Development documentation. (`5949 <https://github.com/pypa/pip/issues/5949>`_) - Remove references to removed ``egg=<name>-<version>`` functionality (`5888 <https://github.com/pypa/pip/issues/5888>`_) - Fix omission of command name in HTML usage documentation (`5984 <https://github.com/pypa/pip/issues/5984>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <[email protected]> Co-authored-by: Peter Bengtsson <[email protected]>
### Update [pip](https://pypi.org/project/pip) from **18.1** to **19.0.1**. <details> <summary>Changelog</summary> ### 19.0 ``` ================= Deprecations and Removals ------------------------- - Deprecate support for Python 3.4 (`6106 <https://github.com/pypa/pip/issues/6106>`_) - Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life and prompt users to start migrating to Python 3. (`6148 <https://github.com/pypa/pip/issues/6148>`_) - Remove the deprecated ``--process-dependency-links`` option. (`6060 <https://github.com/pypa/pip/issues/6060>`_) - Remove the deprecated SVN editable detection based on dependency links during freeze. (`5866 <https://github.com/pypa/pip/issues/5866>`_) Features -------- - Implement PEP 517 (allow projects to specify a build backend via pyproject.toml). (`5743 <https://github.com/pypa/pip/issues/5743>`_) - Implement manylinux2010 platform tag support. manylinux2010 is the successor to manylinux1. It allows carefully compiled binary wheels to be installed on compatible Linux platforms. (`5008 <https://github.com/pypa/pip/issues/5008>`_) - Improve build isolation: handle ``.pth`` files, so namespace packages are correctly supported under Python 3.2 and earlier. (`5656 <https://github.com/pypa/pip/issues/5656>`_) - Include the package name in a freeze warning if the package is not installed. (`5943 <https://github.com/pypa/pip/issues/5943>`_) - Warn when dropping an ``--[extra-]index-url`` value that points to an existing local directory. (`5827 <https://github.com/pypa/pip/issues/5827>`_) - Prefix pip's ``--log`` file lines with their timestamp. (`6141 <https://github.com/pypa/pip/issues/6141>`_) Bug Fixes --------- - Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_) - Redact the password from the URL in various log messages. (`4746 <https://github.com/pypa/pip/issues/4746>`_, `6124 <https://github.com/pypa/pip/issues/6124>`_) - Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_) - Avoid printing a stack trace when given an invalid requirement. (`5147 <https://github.com/pypa/pip/issues/5147>`_) - Present 401 warning if username/password do not work for URL (`4833 <https://github.com/pypa/pip/issues/4833>`_) - Handle ``requests.exceptions.RetryError`` raised in ``PackageFinder`` that was causing pip to fail silently when some indexes were unreachable. (`5270 <https://github.com/pypa/pip/issues/5270>`_, `5483 <https://github.com/pypa/pip/issues/5483>`_) - Handle a broken stdout pipe more gracefully (e.g. when running ``pip list | head``). (`4170 <https://github.com/pypa/pip/issues/4170>`_) - Fix crash from setting ``PIP_NO_CACHE_DIR=yes``. (`5385 <https://github.com/pypa/pip/issues/5385>`_) - Fix crash from unparseable requirements when checking installed packages. (`5839 <https://github.com/pypa/pip/issues/5839>`_) - Fix content type detection if a directory named like an archive is used as a package source. (`5838 <https://github.com/pypa/pip/issues/5838>`_) - Fix listing of outdated packages that are not dependencies of installed packages in ``pip list --outdated --not-required`` (`5737 <https://github.com/pypa/pip/issues/5737>`_) - Fix sorting ``TypeError`` in ``move_wheel_files()`` when installing some packages. (`5868 <https://github.com/pypa/pip/issues/5868>`_) - Fix support for invoking pip using ``python src/pip ...``. (`5841 <https://github.com/pypa/pip/issues/5841>`_) - Greatly reduce memory usage when installing wheels containing large files. (`5848 <https://github.com/pypa/pip/issues/5848>`_) - Editable non-VCS installs now freeze as editable. (`5031 <https://github.com/pypa/pip/issues/5031>`_) - Editable Git installs without a remote now freeze as editable. (`4759 <https://github.com/pypa/pip/issues/4759>`_) - Canonicalize sdist file names so they can be matched to a canonicalized package name passed to ``pip install``. (`5870 <https://github.com/pypa/pip/issues/5870>`_) - Properly decode special characters in SVN URL credentials. (`5968 <https://github.com/pypa/pip/issues/5968>`_) - Make ``PIP_NO_CACHE_DIR`` disable the cache also for truthy values like ``"true"``, ``"yes"``, ``"1"``, etc. (`5735 <https://github.com/pypa/pip/issues/5735>`_) Vendored Libraries ------------------ - Include license text of vendored 3rd party libraries. (`5213 <https://github.com/pypa/pip/issues/5213>`_) - Update certifi to 2018.11.29 - Update colorama to 0.4.1 - Update distlib to 0.2.8 - Update idna to 2.8 - Update packaging to 19.0 - Update pep517 to 0.5.0 - Update pkg_resources to 40.6.3 (via setuptools) - Update pyparsing to 2.3.1 - Update pytoml to 0.1.20 - Update requests to 2.21.0 - Update six to 1.12.0 - Update urllib3 to 1.24.1 Improved Documentation ---------------------- - Include the Vendoring Policy in the documentation. (`5958 <https://github.com/pypa/pip/issues/5958>`_) - Add instructions for running pip from source to Development documentation. (`5949 <https://github.com/pypa/pip/issues/5949>`_) - Remove references to removed ``egg=<name>-<version>`` functionality (`5888 <https://github.com/pypa/pip/issues/5888>`_) - Fix omission of command name in HTML usage documentation (`5984 <https://github.com/pypa/pip/issues/5984>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> ### Update [tox](https://pypi.org/project/tox) from **3.6.1** to **3.7.0**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/tox - Docs: https://tox.readthedocs.org/ </details> ### Update [PyYAML](https://pypi.org/project/PyYAML) from **4.2b1** to **4.2b4**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pyyaml - Homepage: http://pyyaml.org/wiki/PyYAML </details>
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Given the vendor.txt file, I could download all sdists and extract
those from them. Only 2 were mising, added from GitHub:
https://github.com/gsnedders/python-webencodings/blob/v0.5.1/LICENSE
https://github.com/avakar/pytoml/blob/v0.1.14/LICENSE
See pypa/pipenv#1961