Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safety 2 use without a subprocess #5476

Closed
wants to merge 200 commits into from
Closed

Safety 2 use without a subprocess #5476

wants to merge 200 commits into from

Conversation

yeisonvargasf
Copy link
Contributor

@yeisonvargasf yeisonvargasf commented Nov 16, 2022
edited
Loading

The issue

  • The pipenv new Safety implementation is using a subprocess.

  • There isn't a non-verbose output.

This pull request is related to #5218

The fix

  • pipenv check uses Safety directly, replacing the Safety implementation with a subprocess.

  • Added a new minimal output, a non-verbose output.

@oz123
Copy link
Contributor

oz123 commented Nov 18, 2022

@yeisonvargasf your vendoring stage is failing because you started off with an outdated branch.

Please cherry-pick this commit onto your branch;

6f88313

@oz123 oz123 requested review from oz123 and matteius and removed request for oz123 November 18, 2022 09:39
@oz123
Copy link
Contributor

oz123 commented Nov 18, 2022

@yeisonvargasf can you please rebase your changes on top of the current main branch?

matteius and others added 23 commits November 18, 2022 18:34
@matteius @yeisonvargasf
Vendor new safety (pypa#5217)
8301f54 
* Vendor safety==2.1.1 cleanly with ruamel.

* Apply more minimal patch to safety.
@yeisonvargasf
Improving pipenv check command with the new Safety options (pypa#5355)
69adebe
@matteius @yeisonvargasf
add back release vendoring import -- unintentionally removed.
d24efe2
@matteius @yeisonvargasf
Release v2022.8.5
646d518
@matteius @yeisonvargasf
Apply linter.
b2a9bba
@matteius @yeisonvargasf
Mark dev version for main.
acea124
@matteius @yeisonvargasf
Remove old way of generting requirements.
1fb3ae6
@matteius @yeisonvargasf
test corrections.
65a4f8d
@matteius @yeisonvargasf
Add news fragment.
6d76493
@oz123 @yeisonvargasf
update README
52c7a8c 
 * Bump python version required
 * Add install instructions for gentoo
 * Update usage output from `pipenv --help`
@matteius @yeisonvargasf
Improve handling of CI varaible for build systems that set it to a st…
96f4c02 
…ring like azure.
@matteius @yeisonvargasf
Add news fragment.
ca54a6f
@matteius @yeisonvargasf
refactor based on PR feedback.
3aa96be
@matteius @yeisonvargasf
refactor based on PR feedback.
b5d9cf7
@bakhtiary @yeisonvargasf
fix bug when auto completing install and uninstall
d71e89d
@bakhtiary @yeisonvargasf
add news of the bugfix
290ba9d
@bakhtiary @yeisonvargasf
run pre-commit and apply the corresponding linter fixes
b4f7b15
@matteius @yeisonvargasf
Convert this test off pip-shims, it became flakey recently.
f8215cc
@matteius @yeisonvargasf
Add news fragment.
49087c7
@matteius @yeisonvargasf
Add missing vendoring files that get generated when running vendoring.
8f3d6d4
@matteius @yeisonvargasf
PR feedback.
0c90f78
@matteius @yeisonvargasf
Remove other spots that did not use the internal pip version to exect…
278e7d1 
…ue pipenv commands.
@matteius @yeisonvargasf
Add news fragment.
905951f
matteius and others added 20 commits November 18, 2022 18:38
@matteius @yeisonvargasf
Remove pip_shims renames.
50f7285
@matteius @yeisonvargasf
Safer import of pkg_resources.
09ae472
@matteius @yeisonvargasf
correct remaining project level imports.
6205c87
@matteius @yeisonvargasf
Address test failures with the new requirementslib changes.
facc92a
@matteius @yeisonvargasf
Show what the new requirementslib changes look like.
247db96
@matteius @yeisonvargasf
Vendor in requirementslib 2.0.2
298b454
@matteius @yeisonvargasf
Fix pep517 import issue.
4e6447f
@matteius @yeisonvargasf
re-apply vendoring from main.
f2d5d48
@matteius @yeisonvargasf
we acttually dont vendor zipp anymore.
89775df
@matteius @yeisonvargasf
Check pt improvements to vendoring and re-vendor.
bf58c24
@matteius @yeisonvargasf
Add missing liceneses that vendoring pulled in.
5e86159
@matteius @yeisonvargasf
Closest to correct vendoring of ruamel.
cba53e1
@matteius @yeisonvargasf
Fix lint
c58c34a
@matteius @yeisonvargasf
Fix lint
d994e09
@yeisonvargasf
Use safety without a subprocess and add minimal output option.
cfd9205
@yeisonvargasf
Improve minimal output style
3e3d809
@yeisonvargasf
Fix isort formatting.
837b3c6
@yeisonvargasf
Fix black formatting.
4c6cbcc
@oz123 @yeisonvargasf
CI: pin python version for vendoring
d0cf90d 
Invoke does not support Python3.11
@yeisonvargasf
Style and test fixes.
602bd0c
@yeisonvargasf yeisonvargasf force-pushed the safety2-without-subprocess branch from d529381 to 602bd0c Compare November 19, 2022 00:21
@yeisonvargasf
Copy link
Contributor Author

Thanks, @oz123! I rebased my changes on top of the current main branch.

The PR base branch is the @matteius branch; do we need to change the base branch to main?

On the other hand, running the tests in my local environment fails because Safety detects a vulnerability in the tested environment. Could you help to review that?

After the test issue is solved, we'll need vendoring the latest Safety version that PyUp will release next week; it fixes an issue related to ruamel and its use in pipenv check.

@oz123
Copy link
Contributor

oz123 commented Nov 19, 2022

@yeisonvargasf we don't have base branch, it's just main. Currently, your PR isn't mergeable. Please rebase again.

@yeisonvargasf yeisonvargasf changed the base branch from vendor-latest-safety2 to main November 19, 2022 13:42
@matteius
Copy link
Member

@yeisonvargasf I don't know if you could go back to the way this branch was before the attempted rebase? It probably would have worked smoother to have merged main branch changes into this fork/branch instead of how this rebase was done.

@matteius
Copy link
Member

I can update my branch with the latest main changes now if that helps, you can continue to target that branch, but right now the commit history here seems corrupted from the rebasing, perhaps you can cherry-pick your original commits to a new branch off my updated branch?

@matteius
Copy link
Member

I have pushed the updated changes from main to my branch vendor-latest-safety2

@yeisonvargasf yeisonvargasf changed the base branch from main to vendor-latest-safety2 November 19, 2022 14:03
@yeisonvargasf
Copy link
Contributor Author

I think the same, so sure, @matteius; I'll create a new branch and make a new PR with the vendor-latest-safety2 as a target.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matteius matteius matteius left review comments

@oz123 oz123 Awaiting requested review from oz123

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.