diff --git a/src/python_inspector/resolution.py b/src/python_inspector/resolution.py index 8ee9dabc..c9e2f3b9 100644 --- a/src/python_inspector/resolution.py +++ b/src/python_inspector/resolution.py @@ -7,8 +7,10 @@ # See https://aboutcode.org for more information about nexB OSS projects. # +import ast import operator import os +import re import tarfile from typing import Dict from typing import Generator @@ -281,7 +283,7 @@ def get_requirements_from_python_manifest( """ Return a list of parsed requirements from the ``sdist_location`` sdist location """ - # Look in requirements file if and only if thy are refered in setup.py or setup.cfg + # Look in requirements file if and only if they are refered in setup.py or setup.cfg # And no deps have been yielded by requirements file. requirements = list( get_reqs_from_requirements_file_in_sdist( @@ -299,11 +301,48 @@ def get_requirements_from_python_manifest( ) else: - # We should not raise exception here as we may have a setup.py that does not - # have any dependencies. We should not fail in this case. - raise Exception( - f"Unable to collect setup.py dependencies securely: {setup_py_location}" - ) + # Do not raise exception here as we may have a setup.py that does not + # have any dependencies. + with (open(setup_py_location)) as sf: + file_contents = sf.read() + node = ast.parse(file_contents) + setup_fct = [ + elem + for elem in ast.walk(node) + if ( + isinstance(elem, ast.Expr) + and isinstance(elem.value, ast.Call) + and isinstance(elem.value.func, ast.Name) + and elem.value.func.id == "setup" + ) + ] + if len(setup_fct) == 0: + raise Exception( + f"Unable to collect setup.py dependencies securely: {setup_py_location}" + ) + if len(setup_fct) > 1: + print( + f"Warning: identified multiple definitions of 'setup()' in {setup_py_location}, " + "defaulting to the first occurrence" + ) + setup_fct = setup_fct[0] + install_requires = [ + k.value for k in setup_fct.value.keywords if k.arg == "install_requires" + ] + if len(install_requires) == 0: + raise Exception( + f"Unable to collect setup.py dependencies securely: {setup_py_location}" + ) + if len(install_requires) > 1: + print( + f"Warning: identified multiple definitions of 'install_requires' in " + "{setup_py_location}, defaulting to the first occurrence" + ) + install_requires = install_requires[0].elts + if len(install_requires) != 0: + raise Exception( + f"Unable to collect setup.py dependencies securely: {setup_py_location}" + ) DEFAULT_ENVIRONMENT = utils_pypi.Environment.from_pyver_and_os( diff --git a/tests/data/azure-devops.req-310-expected.json b/tests/data/azure-devops.req-310-expected.json index 5306706e..27e2885f 100644 --- a/tests/data/azure-devops.req-310-expected.json +++ b/tests/data/azure-devops.req-310-expected.json @@ -945,12 +945,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "39.0.0", + "version": "39.0.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.6+ and PyPy3 7.2+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2023-01-02T03:31:52", + "release_date": "2023-02-07T19:40:44", "parties": [ { "type": "person", @@ -983,11 +983,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": "https://github.com/pyca/cryptography", - "download_url": "https://files.pythonhosted.org/packages/7a/46/8b58d6b8244ff613ecb983b9428d1168dd0b014a34e13fb19737b9ba1fc1/cryptography-39.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "size": 4172511, + "download_url": "https://files.pythonhosted.org/packages/bb/03/20b85e10571c919fd4862465c53ae40b6494fa7f82fd74131f401ce504f6/cryptography-39.0.1-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "size": 4183626, "sha1": null, - "md5": "16571f6085127885160e7e3c5d51e360", - "sha256": "1a6915075c6d3a5e1215eab5d99bcec0da26036ff2102a1038401d6ef5bef25b", + "md5": "f9d2f40e36ef1db745d2127cb3af366f", + "sha256": "e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/pyca/cryptography/", @@ -1008,20 +1008,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/39.0.0/json", + "api_data_url": "https://pypi.org/pypi/cryptography/39.0.1/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@39.0.0" + "purl": "pkg:pypi/cryptography@39.0.1" }, { "type": "pypi", "namespace": null, "name": "cryptography", - "version": "39.0.0", + "version": "39.0.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.6+ and PyPy3 7.2+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2023-01-02T03:36:08", + "release_date": "2023-02-07T19:41:00", "parties": [ { "type": "person", @@ -1054,11 +1054,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": "https://github.com/pyca/cryptography", - "download_url": "https://files.pythonhosted.org/packages/12/e3/c46c274cf466b24e5d44df5d5cd31a31ff23e57f074a2bb30931a8c9b01a/cryptography-39.0.0.tar.gz", - "size": 603406, + "download_url": "https://files.pythonhosted.org/packages/6a/f5/a729774d087e50fffd1438b3877a91e9281294f985bda0fd15bf99016c78/cryptography-39.0.1.tar.gz", + "size": 603634, "sha1": null, - "md5": "12d0c6df42f600637a97904f84988ae2", - "sha256": "f964c7dcf7802d133e8dbd1565914fa0194f9d683d82411989889ecd701e8adf", + "md5": "f660591f3e629f2722e218d5f2ca35e5", + "sha256": "d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/pyca/cryptography/", @@ -1079,9 +1079,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/39.0.0/json", + "api_data_url": "https://pypi.org/pypi/cryptography/39.0.1/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@39.0.0" + "purl": "pkg:pypi/cryptography@39.0.1" }, { "type": "pypi", @@ -2125,12 +2125,12 @@ "type": "pypi", "namespace": null, "name": "typing-extensions", - "version": "4.4.0", + "version": "4.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see PEP 698)\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see PEP 696)\n - The `infer_variance=` argument to `TypeVar` (see PEP 695)\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see PEP 681)\n - `get_overloads`\n - `LiteralString` (see PEP 675)\n - `Never`\n - `NotRequired` (see PEP 655)\n - `reveal_type`\n - `Required` (see PEP 655)\n - `Self` (see PEP 673)\n - `TypeVarTuple` (see PEP 646; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `Unpack` (see PEP 646)\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see PEP 612)\n - `ParamSpec` (see PEP 612; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `ParamSpecArgs` (see PEP 612)\n - `ParamSpecKwargs` (see PEP 612)\n - `TypeAlias` (see PEP 613)\n - `TypeGuard` (see PEP 647)\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see PEP 593)\n\n- In `typing` since Python 3.8\n\n - `final` (see PEP 591)\n - `Final` (see PEP 591)\n - `Literal` (see PEP 586)\n - `Protocol` (see PEP 544)\n - `runtime_checkable` (see PEP 544)\n - `TypedDict` (see PEP 589)\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see PEP 526)\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs 695 and 696)\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs 695 and 696, which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain PEP 612 special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", - "release_date": "2022-10-06T22:40:00", + "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see [PEP 698](https://peps.python.org/pep-0698/))\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see [PEP 696](https://peps.python.org/pep-0696/))\n - The `infer_variance=` argument to `TypeVar` (see [PEP 695](https://peps.python.org/pep-0695/))\n - The `@deprecated` decorator (see [PEP 702](https://peps.python.org/pep-0702/))\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see [PEP 681](https://peps.python.org/pep-0681/))\n - `get_overloads`\n - `LiteralString` (see [PEP 675](https://peps.python.org/pep-0675/))\n - `Never`\n - `NotRequired` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `reveal_type`\n - `Required` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `Self` (see [PEP 673](https://peps.python.org/pep-0673/))\n - `TypeVarTuple` (see [PEP 646](https://peps.python.org/pep-0646/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `Unpack` (see [PEP 646](https://peps.python.org/pep-0646/))\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpec` (see [PEP 612](https://peps.python.org/pep-0612/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `ParamSpecArgs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpecKwargs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `TypeAlias` (see [PEP 613](https://peps.python.org/pep-0613/))\n - `TypeGuard` (see [PEP 647](https://peps.python.org/pep-0647/))\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see [PEP 593](https://peps.python.org/pep-0593/))\n\n- In `typing` since Python 3.8\n\n - `final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Literal` (see [PEP 586](https://peps.python.org/pep-0586/))\n - `Protocol` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `runtime_checkable` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `TypedDict` (see [PEP 589](https://peps.python.org/pep-0589/))\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see [PEP 526](https://peps.python.org/pep-0526/))\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/))\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/), which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain [PEP 612](https://peps.python.org/pep-0612/) special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", + "release_date": "2023-02-15T00:17:53", "parties": [ { "type": "person", @@ -2160,17 +2160,18 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Topic :: Software Development" ], "homepage_url": "", - "download_url": "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl", - "size": 26662, + "download_url": "https://files.pythonhosted.org/packages/31/25/5abcd82372d3d4a3932e1fa8c3dbf9efac10cc7c0d16e78467460571b404/typing_extensions-4.5.0-py3-none-any.whl", + "size": 27736, "sha1": null, - "md5": "f9df449d3052bf105d5c09460857ab77", - "sha256": "16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e", + "md5": "159820157d72b39382de7c13ff173897", + "sha256": "fb33085c39dd998ac16d1431ebc293a8b3eedd00fd4a32de0ff79002c19511b4", "sha512": null, "bug_tracking_url": "https://github.com/python/typing_extensions/issues", "code_view_url": null, @@ -2189,20 +2190,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/typing-extensions/4.4.0/json", + "api_data_url": "https://pypi.org/pypi/typing-extensions/4.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/typing-extensions@4.4.0" + "purl": "pkg:pypi/typing-extensions@4.5.0" }, { "type": "pypi", "namespace": null, "name": "typing-extensions", - "version": "4.4.0", + "version": "4.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see PEP 698)\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see PEP 696)\n - The `infer_variance=` argument to `TypeVar` (see PEP 695)\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see PEP 681)\n - `get_overloads`\n - `LiteralString` (see PEP 675)\n - `Never`\n - `NotRequired` (see PEP 655)\n - `reveal_type`\n - `Required` (see PEP 655)\n - `Self` (see PEP 673)\n - `TypeVarTuple` (see PEP 646; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `Unpack` (see PEP 646)\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see PEP 612)\n - `ParamSpec` (see PEP 612; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `ParamSpecArgs` (see PEP 612)\n - `ParamSpecKwargs` (see PEP 612)\n - `TypeAlias` (see PEP 613)\n - `TypeGuard` (see PEP 647)\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see PEP 593)\n\n- In `typing` since Python 3.8\n\n - `final` (see PEP 591)\n - `Final` (see PEP 591)\n - `Literal` (see PEP 586)\n - `Protocol` (see PEP 544)\n - `runtime_checkable` (see PEP 544)\n - `TypedDict` (see PEP 589)\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see PEP 526)\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs 695 and 696)\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs 695 and 696, which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain PEP 612 special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", - "release_date": "2022-10-06T22:40:03", + "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see [PEP 698](https://peps.python.org/pep-0698/))\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see [PEP 696](https://peps.python.org/pep-0696/))\n - The `infer_variance=` argument to `TypeVar` (see [PEP 695](https://peps.python.org/pep-0695/))\n - The `@deprecated` decorator (see [PEP 702](https://peps.python.org/pep-0702/))\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see [PEP 681](https://peps.python.org/pep-0681/))\n - `get_overloads`\n - `LiteralString` (see [PEP 675](https://peps.python.org/pep-0675/))\n - `Never`\n - `NotRequired` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `reveal_type`\n - `Required` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `Self` (see [PEP 673](https://peps.python.org/pep-0673/))\n - `TypeVarTuple` (see [PEP 646](https://peps.python.org/pep-0646/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `Unpack` (see [PEP 646](https://peps.python.org/pep-0646/))\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpec` (see [PEP 612](https://peps.python.org/pep-0612/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `ParamSpecArgs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpecKwargs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `TypeAlias` (see [PEP 613](https://peps.python.org/pep-0613/))\n - `TypeGuard` (see [PEP 647](https://peps.python.org/pep-0647/))\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see [PEP 593](https://peps.python.org/pep-0593/))\n\n- In `typing` since Python 3.8\n\n - `final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Literal` (see [PEP 586](https://peps.python.org/pep-0586/))\n - `Protocol` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `runtime_checkable` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `TypedDict` (see [PEP 589](https://peps.python.org/pep-0589/))\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see [PEP 526](https://peps.python.org/pep-0526/))\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/))\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/), which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain [PEP 612](https://peps.python.org/pep-0612/) special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", + "release_date": "2023-02-15T00:17:55", "parties": [ { "type": "person", @@ -2232,17 +2233,18 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Topic :: Software Development" ], "homepage_url": "", - "download_url": "https://files.pythonhosted.org/packages/e3/a7/8f4e456ef0adac43f452efc2d0e4b242ab831297f1bac60ac815d37eb9cf/typing_extensions-4.4.0.tar.gz", - "size": 49708, + "download_url": "https://files.pythonhosted.org/packages/d3/20/06270dac7316220643c32ae61694e451c98f8caf4c8eab3aa80a2bedf0df/typing_extensions-4.5.0.tar.gz", + "size": 52399, "sha1": null, - "md5": "5cfcb56ea6fc4972c3600c0030f4d136", - "sha256": "1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa", + "md5": "03a01698ace869506cab825697dfb7e1", + "sha256": "5cb5f4a79139d699607b3ef622a1dedafa84e115ab0024e0d9c044a9479ca7cb", "sha512": null, "bug_tracking_url": "https://github.com/python/typing_extensions/issues", "code_view_url": null, @@ -2261,9 +2263,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/typing-extensions/4.4.0/json", + "api_data_url": "https://pypi.org/pypi/typing-extensions/4.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/typing-extensions@4.4.0" + "purl": "pkg:pypi/typing-extensions@4.5.0" }, { "type": "pypi", @@ -2408,7 +2410,7 @@ "dependencies": [ "pkg:pypi/requests@2.28.2", "pkg:pypi/six@1.16.0", - "pkg:pypi/typing-extensions@4.4.0" + "pkg:pypi/typing-extensions@4.5.0" ] }, { @@ -2421,7 +2423,7 @@ "package": "pkg:pypi/azure-storage-blob@12.13.1", "dependencies": [ "pkg:pypi/azure-core@1.26.3", - "pkg:pypi/cryptography@39.0.0", + "pkg:pypi/cryptography@39.0.1", "pkg:pypi/msrest@0.6.21" ] }, @@ -2444,7 +2446,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@39.0.0", + "package": "pkg:pypi/cryptography@39.0.1", "dependencies": [ "pkg:pypi/cffi@1.15.1" ] @@ -2497,7 +2499,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/typing-extensions@4.4.0", + "package": "pkg:pypi/typing-extensions@4.5.0", "dependencies": [] }, { diff --git a/tests/data/azure-devops.req-38-expected.json b/tests/data/azure-devops.req-38-expected.json index bf68133f..6c0ce905 100644 --- a/tests/data/azure-devops.req-38-expected.json +++ b/tests/data/azure-devops.req-38-expected.json @@ -945,12 +945,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "39.0.0", + "version": "39.0.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.6+ and PyPy3 7.2+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2023-01-02T03:31:52", + "release_date": "2023-02-07T19:40:44", "parties": [ { "type": "person", @@ -983,11 +983,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": "https://github.com/pyca/cryptography", - "download_url": "https://files.pythonhosted.org/packages/7a/46/8b58d6b8244ff613ecb983b9428d1168dd0b014a34e13fb19737b9ba1fc1/cryptography-39.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "size": 4172511, + "download_url": "https://files.pythonhosted.org/packages/bb/03/20b85e10571c919fd4862465c53ae40b6494fa7f82fd74131f401ce504f6/cryptography-39.0.1-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "size": 4183626, "sha1": null, - "md5": "16571f6085127885160e7e3c5d51e360", - "sha256": "1a6915075c6d3a5e1215eab5d99bcec0da26036ff2102a1038401d6ef5bef25b", + "md5": "f9d2f40e36ef1db745d2127cb3af366f", + "sha256": "e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/pyca/cryptography/", @@ -1008,20 +1008,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/39.0.0/json", + "api_data_url": "https://pypi.org/pypi/cryptography/39.0.1/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@39.0.0" + "purl": "pkg:pypi/cryptography@39.0.1" }, { "type": "pypi", "namespace": null, "name": "cryptography", - "version": "39.0.0", + "version": "39.0.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.6+ and PyPy3 7.2+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2023-01-02T03:36:08", + "release_date": "2023-02-07T19:41:00", "parties": [ { "type": "person", @@ -1054,11 +1054,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": "https://github.com/pyca/cryptography", - "download_url": "https://files.pythonhosted.org/packages/12/e3/c46c274cf466b24e5d44df5d5cd31a31ff23e57f074a2bb30931a8c9b01a/cryptography-39.0.0.tar.gz", - "size": 603406, + "download_url": "https://files.pythonhosted.org/packages/6a/f5/a729774d087e50fffd1438b3877a91e9281294f985bda0fd15bf99016c78/cryptography-39.0.1.tar.gz", + "size": 603634, "sha1": null, - "md5": "12d0c6df42f600637a97904f84988ae2", - "sha256": "f964c7dcf7802d133e8dbd1565914fa0194f9d683d82411989889ecd701e8adf", + "md5": "f660591f3e629f2722e218d5f2ca35e5", + "sha256": "d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/pyca/cryptography/", @@ -1079,9 +1079,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/39.0.0/json", + "api_data_url": "https://pypi.org/pypi/cryptography/39.0.1/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@39.0.0" + "purl": "pkg:pypi/cryptography@39.0.1" }, { "type": "pypi", @@ -2125,12 +2125,12 @@ "type": "pypi", "namespace": null, "name": "typing-extensions", - "version": "4.4.0", + "version": "4.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see PEP 698)\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see PEP 696)\n - The `infer_variance=` argument to `TypeVar` (see PEP 695)\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see PEP 681)\n - `get_overloads`\n - `LiteralString` (see PEP 675)\n - `Never`\n - `NotRequired` (see PEP 655)\n - `reveal_type`\n - `Required` (see PEP 655)\n - `Self` (see PEP 673)\n - `TypeVarTuple` (see PEP 646; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `Unpack` (see PEP 646)\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see PEP 612)\n - `ParamSpec` (see PEP 612; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `ParamSpecArgs` (see PEP 612)\n - `ParamSpecKwargs` (see PEP 612)\n - `TypeAlias` (see PEP 613)\n - `TypeGuard` (see PEP 647)\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see PEP 593)\n\n- In `typing` since Python 3.8\n\n - `final` (see PEP 591)\n - `Final` (see PEP 591)\n - `Literal` (see PEP 586)\n - `Protocol` (see PEP 544)\n - `runtime_checkable` (see PEP 544)\n - `TypedDict` (see PEP 589)\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see PEP 526)\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs 695 and 696)\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs 695 and 696, which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain PEP 612 special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", - "release_date": "2022-10-06T22:40:00", + "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see [PEP 698](https://peps.python.org/pep-0698/))\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see [PEP 696](https://peps.python.org/pep-0696/))\n - The `infer_variance=` argument to `TypeVar` (see [PEP 695](https://peps.python.org/pep-0695/))\n - The `@deprecated` decorator (see [PEP 702](https://peps.python.org/pep-0702/))\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see [PEP 681](https://peps.python.org/pep-0681/))\n - `get_overloads`\n - `LiteralString` (see [PEP 675](https://peps.python.org/pep-0675/))\n - `Never`\n - `NotRequired` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `reveal_type`\n - `Required` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `Self` (see [PEP 673](https://peps.python.org/pep-0673/))\n - `TypeVarTuple` (see [PEP 646](https://peps.python.org/pep-0646/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `Unpack` (see [PEP 646](https://peps.python.org/pep-0646/))\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpec` (see [PEP 612](https://peps.python.org/pep-0612/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `ParamSpecArgs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpecKwargs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `TypeAlias` (see [PEP 613](https://peps.python.org/pep-0613/))\n - `TypeGuard` (see [PEP 647](https://peps.python.org/pep-0647/))\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see [PEP 593](https://peps.python.org/pep-0593/))\n\n- In `typing` since Python 3.8\n\n - `final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Literal` (see [PEP 586](https://peps.python.org/pep-0586/))\n - `Protocol` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `runtime_checkable` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `TypedDict` (see [PEP 589](https://peps.python.org/pep-0589/))\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see [PEP 526](https://peps.python.org/pep-0526/))\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/))\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/), which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain [PEP 612](https://peps.python.org/pep-0612/) special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", + "release_date": "2023-02-15T00:17:53", "parties": [ { "type": "person", @@ -2160,17 +2160,18 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Topic :: Software Development" ], "homepage_url": "", - "download_url": "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl", - "size": 26662, + "download_url": "https://files.pythonhosted.org/packages/31/25/5abcd82372d3d4a3932e1fa8c3dbf9efac10cc7c0d16e78467460571b404/typing_extensions-4.5.0-py3-none-any.whl", + "size": 27736, "sha1": null, - "md5": "f9df449d3052bf105d5c09460857ab77", - "sha256": "16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e", + "md5": "159820157d72b39382de7c13ff173897", + "sha256": "fb33085c39dd998ac16d1431ebc293a8b3eedd00fd4a32de0ff79002c19511b4", "sha512": null, "bug_tracking_url": "https://github.com/python/typing_extensions/issues", "code_view_url": null, @@ -2189,20 +2190,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/typing-extensions/4.4.0/json", + "api_data_url": "https://pypi.org/pypi/typing-extensions/4.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/typing-extensions@4.4.0" + "purl": "pkg:pypi/typing-extensions@4.5.0" }, { "type": "pypi", "namespace": null, "name": "typing-extensions", - "version": "4.4.0", + "version": "4.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see PEP 698)\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see PEP 696)\n - The `infer_variance=` argument to `TypeVar` (see PEP 695)\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see PEP 681)\n - `get_overloads`\n - `LiteralString` (see PEP 675)\n - `Never`\n - `NotRequired` (see PEP 655)\n - `reveal_type`\n - `Required` (see PEP 655)\n - `Self` (see PEP 673)\n - `TypeVarTuple` (see PEP 646; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `Unpack` (see PEP 646)\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see PEP 612)\n - `ParamSpec` (see PEP 612; the `typing_extensions` version supports the `default=` argument from PEP 696)\n - `ParamSpecArgs` (see PEP 612)\n - `ParamSpecKwargs` (see PEP 612)\n - `TypeAlias` (see PEP 613)\n - `TypeGuard` (see PEP 647)\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see PEP 593)\n\n- In `typing` since Python 3.8\n\n - `final` (see PEP 591)\n - `Final` (see PEP 591)\n - `Literal` (see PEP 586)\n - `Protocol` (see PEP 544)\n - `runtime_checkable` (see PEP 544)\n - `TypedDict` (see PEP 589)\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see PEP 526)\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs 695 and 696)\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs 695 and 696, which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain PEP 612 special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", - "release_date": "2022-10-06T22:40:03", + "description": "Backported and Experimental Type Hints for Python 3.7+\n# Typing Extensions\n\n[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing)\n\n## Overview\n\nThe `typing_extensions` module serves two related purposes:\n\n- Enable use of new type system features on older Python versions. For example,\n `typing.TypeGuard` is new in Python 3.10, but `typing_extensions` allows\n users on previous Python versions to use it too.\n- Enable experimentation with new type system PEPs before they are accepted and\n added to the `typing` module.\n\nNew features may be added to `typing_extensions` as soon as they are specified\nin a PEP that has been added to the [python/peps](https://github.com/python/peps)\nrepository. If the PEP is accepted, the feature will then be added to `typing`\nfor the next CPython release. No typing PEP has been rejected so far, so we\nhaven't yet figured out how to deal with that possibility.\n\nStarting with version 4.0.0, `typing_extensions` uses\n[Semantic Versioning](https://semver.org/). The\nmajor version is incremented for all backwards-incompatible changes.\nTherefore, it's safe to depend\non `typing_extensions` like this: `typing_extensions >=x.y, <(x+1)`,\nwhere `x.y` is the first version that includes all features you need.\n\n`typing_extensions` supports Python versions 3.7 and higher. In the future,\nsupport for older Python versions will be dropped some time after that version\nreaches end of life.\n\n## Included items\n\nThis module currently contains the following:\n\n- Experimental features\n\n - `override` (see [PEP 698](https://peps.python.org/pep-0698/))\n - The `default=` argument to `TypeVar`, `ParamSpec`, and `TypeVarTuple` (see [PEP 696](https://peps.python.org/pep-0696/))\n - The `infer_variance=` argument to `TypeVar` (see [PEP 695](https://peps.python.org/pep-0695/))\n - The `@deprecated` decorator (see [PEP 702](https://peps.python.org/pep-0702/))\n\n- In `typing` since Python 3.11\n\n - `assert_never`\n - `assert_type`\n - `clear_overloads`\n - `@dataclass_transform()` (see [PEP 681](https://peps.python.org/pep-0681/))\n - `get_overloads`\n - `LiteralString` (see [PEP 675](https://peps.python.org/pep-0675/))\n - `Never`\n - `NotRequired` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `reveal_type`\n - `Required` (see [PEP 655](https://peps.python.org/pep-0655/))\n - `Self` (see [PEP 673](https://peps.python.org/pep-0673/))\n - `TypeVarTuple` (see [PEP 646](https://peps.python.org/pep-0646/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `Unpack` (see [PEP 646](https://peps.python.org/pep-0646/))\n\n- In `typing` since Python 3.10\n\n - `Concatenate` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpec` (see [PEP 612](https://peps.python.org/pep-0612/); the `typing_extensions` version supports the `default=` argument from [PEP 696](https://peps.python.org/pep-0696/))\n - `ParamSpecArgs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `ParamSpecKwargs` (see [PEP 612](https://peps.python.org/pep-0612/))\n - `TypeAlias` (see [PEP 613](https://peps.python.org/pep-0613/))\n - `TypeGuard` (see [PEP 647](https://peps.python.org/pep-0647/))\n - `is_typeddict`\n\n- In `typing` since Python 3.9\n\n - `Annotated` (see [PEP 593](https://peps.python.org/pep-0593/))\n\n- In `typing` since Python 3.8\n\n - `final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Final` (see [PEP 591](https://peps.python.org/pep-0591/))\n - `Literal` (see [PEP 586](https://peps.python.org/pep-0586/))\n - `Protocol` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `runtime_checkable` (see [PEP 544](https://peps.python.org/pep-0544/))\n - `TypedDict` (see [PEP 589](https://peps.python.org/pep-0589/))\n - `get_origin` (`typing_extensions` provides this function only in Python 3.7+)\n - `get_args` (`typing_extensions` provides this function only in Python 3.7+)\n\n- In `typing` since Python 3.7\n\n - `OrderedDict`\n\n- In `typing` since Python 3.5 or 3.6 (see [the typing documentation](https://docs.python.org/3.10/library/typing.html) for details)\n\n - `AsyncContextManager`\n - `AsyncGenerator`\n - `AsyncIterable`\n - `AsyncIterator`\n - `Awaitable`\n - `ChainMap`\n - `ClassVar` (see [PEP 526](https://peps.python.org/pep-0526/))\n - `ContextManager`\n - `Coroutine`\n - `Counter`\n - `DefaultDict`\n - `Deque`\n - `NewType`\n - `NoReturn`\n - `overload`\n - `Text`\n - `Type`\n - `TYPE_CHECKING`\n - `get_type_hints`\n\n- The following have always been present in `typing`, but the `typing_extensions` versions provide\n additional features:\n\n - `Any` (supports inheritance since Python 3.11)\n - `NamedTuple` (supports multiple inheritance with `Generic` since Python 3.11)\n - `TypeVar` (see PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/))\n\n# Other Notes and Limitations\n\nCertain objects were changed after they were added to `typing`, and\n`typing_extensions` provides a backport even on newer Python versions:\n\n- `TypedDict` does not store runtime information\n about which (if any) keys are non-required in Python 3.8, and does not\n honor the `total` keyword with old-style `TypedDict()` in Python\n 3.9.0 and 3.9.1. `TypedDict` also does not support multiple inheritance\n with `typing.Generic` on Python <3.11.\n- `get_origin` and `get_args` lack support for `Annotated` in\n Python 3.8 and lack support for `ParamSpecArgs` and `ParamSpecKwargs`\n in 3.9.\n- `@final` was changed in Python 3.11 to set the `.__final__` attribute.\n- `@overload` was changed in Python 3.11 to make function overloads\n introspectable at runtime. In order to access overloads with\n `typing_extensions.get_overloads()`, you must use\n `@typing_extensions.overload`.\n- `NamedTuple` was changed in Python 3.11 to allow for multiple inheritance\n with `typing.Generic`.\n- Since Python 3.11, it has been possible to inherit from `Any` at\n runtime. `typing_extensions.Any` also provides this capability.\n- `TypeVar` gains two additional parameters, `default=` and `infer_variance=`,\n in the draft PEPs [695](https://peps.python.org/pep-0695/) and [696](https://peps.python.org/pep-0696/), which are being considered for inclusion\n in Python 3.12.\n\nThere are a few types whose interface was modified between different\nversions of typing. For example, `typing.Sequence` was modified to\nsubclass `typing.Reversible` as of Python 3.5.3.\n\nThese changes are _not_ backported to prevent subtle compatibility\nissues when mixing the differing implementations of modified classes.\n\nCertain types have incorrect runtime behavior due to limitations of older\nversions of the typing module:\n\n- `ParamSpec` and `Concatenate` will not work with `get_args` and\n `get_origin`. Certain [PEP 612](https://peps.python.org/pep-0612/) special cases in user-defined\n `Generic`s are also not available.\n\nThese types are only guaranteed to work for static type checking.\n\n## Running tests\n\nTo run tests, navigate into the appropriate source directory and run\n`test_typing_extensions.py`.", + "release_date": "2023-02-15T00:17:55", "parties": [ { "type": "person", @@ -2232,17 +2233,18 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Topic :: Software Development" ], "homepage_url": "", - "download_url": "https://files.pythonhosted.org/packages/e3/a7/8f4e456ef0adac43f452efc2d0e4b242ab831297f1bac60ac815d37eb9cf/typing_extensions-4.4.0.tar.gz", - "size": 49708, + "download_url": "https://files.pythonhosted.org/packages/d3/20/06270dac7316220643c32ae61694e451c98f8caf4c8eab3aa80a2bedf0df/typing_extensions-4.5.0.tar.gz", + "size": 52399, "sha1": null, - "md5": "5cfcb56ea6fc4972c3600c0030f4d136", - "sha256": "1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa", + "md5": "03a01698ace869506cab825697dfb7e1", + "sha256": "5cb5f4a79139d699607b3ef622a1dedafa84e115ab0024e0d9c044a9479ca7cb", "sha512": null, "bug_tracking_url": "https://github.com/python/typing_extensions/issues", "code_view_url": null, @@ -2261,9 +2263,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/typing-extensions/4.4.0/json", + "api_data_url": "https://pypi.org/pypi/typing-extensions/4.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/typing-extensions@4.4.0" + "purl": "pkg:pypi/typing-extensions@4.5.0" }, { "type": "pypi", @@ -2408,7 +2410,7 @@ "dependencies": [ "pkg:pypi/requests@2.28.2", "pkg:pypi/six@1.16.0", - "pkg:pypi/typing-extensions@4.4.0" + "pkg:pypi/typing-extensions@4.5.0" ] }, { @@ -2421,7 +2423,7 @@ "package": "pkg:pypi/azure-storage-blob@12.13.1", "dependencies": [ "pkg:pypi/azure-core@1.26.3", - "pkg:pypi/cryptography@39.0.0", + "pkg:pypi/cryptography@39.0.1", "pkg:pypi/msrest@0.6.21" ] }, @@ -2444,7 +2446,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@39.0.0", + "package": "pkg:pypi/cryptography@39.0.1", "dependencies": [ "pkg:pypi/cffi@1.15.1" ] @@ -2497,7 +2499,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/typing-extensions@4.4.0", + "package": "pkg:pypi/typing-extensions@4.5.0", "dependencies": [] }, { diff --git a/tests/data/pinned-pdt-requirements.txt-expected.json b/tests/data/pinned-pdt-requirements.txt-expected.json index c533ff56..a001530a 100644 --- a/tests/data/pinned-pdt-requirements.txt-expected.json +++ b/tests/data/pinned-pdt-requirements.txt-expected.json @@ -2831,12 +2831,12 @@ "type": "pypi", "namespace": null, "name": "openpyxl", - "version": "3.1.0", + "version": "3.1.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "A Python library to read/write Excel 2010 xlsx/xlsm files\n.. image:: https://coveralls.io/repos/bitbucket/openpyxl/openpyxl/badge.svg?branch=default\n :target: https://coveralls.io/bitbucket/openpyxl/openpyxl?branch=default\n :alt: coverage status\n\nIntroduction\n------------\n\nopenpyxl is a Python library to read/write Excel 2010 xlsx/xlsm/xltx/xltm files.\n\nIt was born from lack of existing library to read/write natively from Python\nthe Office Open XML format.\n\nAll kudos to the PHPExcel team as openpyxl was initially based on PHPExcel.\n\n\nSecurity\n--------\n\nBy default openpyxl does not guard against quadratic blowup or billion laughs\nxml attacks. To guard against these attacks install defusedxml.\n\nMailing List\n------------\n\nThe user list can be found on http://groups.google.com/group/openpyxl-users\n\n\nSample code::\n\n from openpyxl import Workbook\n wb = Workbook()\n\n # grab the active worksheet\n ws = wb.active\n\n # Data can be assigned directly to cells\n ws['A1'] = 42\n\n # Rows can also be appended\n ws.append([1, 2, 3])\n\n # Python types will automatically be converted\n import datetime\n ws['A2'] = datetime.datetime.now()\n\n # Save the file\n wb.save(\"sample.xlsx\")\n\n\nDocumentation\n-------------\n\nThe documentation is at: https://openpyxl.readthedocs.io\n\n* installation methods\n* code examples\n* instructions for contributing\n\nRelease notes: https://openpyxl.readthedocs.io/en/stable/changes.html", - "release_date": "2023-01-31T14:40:28", + "release_date": "2023-02-13T16:51:26", "parties": [ { "type": "person", @@ -2860,11 +2860,11 @@ "Programming Language :: Python :: 3.9" ], "homepage_url": "https://openpyxl.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/0d/89/f78a9a895e221ec8b13ae7f9495f340a0fb43563b13e2891b5df134f20ea/openpyxl-3.1.0-py2.py3-none-any.whl", - "size": 250043, + "download_url": "https://files.pythonhosted.org/packages/9e/57/1d3c2ce7f6f783be9b21569fc468a9f3660e35cc17017abfbbc26d3bd061/openpyxl-3.1.1-py2.py3-none-any.whl", + "size": 249839, "sha1": null, - "md5": "66351b61736b19d3c88cd108908447d1", - "sha256": "24d7d361025d186ba91eff58135d50855cf035a84371b891e58fb6eb5125660f", + "md5": "864e1e1ea061fe056ade64f4e7bbaf22", + "sha256": "a0266e033e65f33ee697254b66116a5793c15fc92daf64711080000df4cfe0a8", "sha512": null, "bug_tracking_url": "https://foss.heptapod.net/openpyxl/openpyxl/-/issues", "code_view_url": "https://foss.heptapod.net/openpyxl/openpyxl", @@ -2884,20 +2884,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.0/json", + "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.1/json", "datasource_id": null, - "purl": "pkg:pypi/openpyxl@3.1.0" + "purl": "pkg:pypi/openpyxl@3.1.1" }, { "type": "pypi", "namespace": null, "name": "openpyxl", - "version": "3.1.0", + "version": "3.1.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "A Python library to read/write Excel 2010 xlsx/xlsm files\n.. image:: https://coveralls.io/repos/bitbucket/openpyxl/openpyxl/badge.svg?branch=default\n :target: https://coveralls.io/bitbucket/openpyxl/openpyxl?branch=default\n :alt: coverage status\n\nIntroduction\n------------\n\nopenpyxl is a Python library to read/write Excel 2010 xlsx/xlsm/xltx/xltm files.\n\nIt was born from lack of existing library to read/write natively from Python\nthe Office Open XML format.\n\nAll kudos to the PHPExcel team as openpyxl was initially based on PHPExcel.\n\n\nSecurity\n--------\n\nBy default openpyxl does not guard against quadratic blowup or billion laughs\nxml attacks. To guard against these attacks install defusedxml.\n\nMailing List\n------------\n\nThe user list can be found on http://groups.google.com/group/openpyxl-users\n\n\nSample code::\n\n from openpyxl import Workbook\n wb = Workbook()\n\n # grab the active worksheet\n ws = wb.active\n\n # Data can be assigned directly to cells\n ws['A1'] = 42\n\n # Rows can also be appended\n ws.append([1, 2, 3])\n\n # Python types will automatically be converted\n import datetime\n ws['A2'] = datetime.datetime.now()\n\n # Save the file\n wb.save(\"sample.xlsx\")\n\n\nDocumentation\n-------------\n\nThe documentation is at: https://openpyxl.readthedocs.io\n\n* installation methods\n* code examples\n* instructions for contributing\n\nRelease notes: https://openpyxl.readthedocs.io/en/stable/changes.html", - "release_date": "2023-01-31T14:40:31", + "release_date": "2023-02-13T16:51:28", "parties": [ { "type": "person", @@ -2921,11 +2921,11 @@ "Programming Language :: Python :: 3.9" ], "homepage_url": "https://openpyxl.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/3d/73/bb87810cdde809f69fef11d31e77297894e58710d47626dc5e5b3ff8f92a/openpyxl-3.1.0.tar.gz", - "size": 186306, + "download_url": "https://files.pythonhosted.org/packages/10/bf/950ea7896f3c42ab04073cd2903f0a190ba77ef28bdf76191f6f86373712/openpyxl-3.1.1.tar.gz", + "size": 185802, "sha1": null, - "md5": "b7ba597b801b9a102f27599b2fa227b3", - "sha256": "eccedbe1cdd8b2494057e73959b496821141038dbb7eb9266ea59e3f34208231", + "md5": "0b1a5d776707ef471810f61c7bf77a2d", + "sha256": "f06d44e2c973781068bce5ecf860a09bcdb1c7f5ce1facd5e9aa82c92c93ae72", "sha512": null, "bug_tracking_url": "https://foss.heptapod.net/openpyxl/openpyxl/-/issues", "code_view_url": "https://foss.heptapod.net/openpyxl/openpyxl", @@ -2945,9 +2945,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.0/json", + "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.1/json", "datasource_id": null, - "purl": "pkg:pypi/openpyxl@3.1.0" + "purl": "pkg:pypi/openpyxl@3.1.1" }, { "type": "pypi", @@ -5025,7 +5025,7 @@ { "key": "openpyxl", "package_name": "openpyxl", - "installed_version": "3.1.0", + "installed_version": "3.1.1", "dependencies": [ { "key": "et-xmlfile", diff --git a/tests/data/pinned-requirements.txt-expected.json b/tests/data/pinned-requirements.txt-expected.json index 67a1517c..67b35959 100644 --- a/tests/data/pinned-requirements.txt-expected.json +++ b/tests/data/pinned-requirements.txt-expected.json @@ -2831,12 +2831,12 @@ "type": "pypi", "namespace": null, "name": "openpyxl", - "version": "3.1.0", + "version": "3.1.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "A Python library to read/write Excel 2010 xlsx/xlsm files\n.. image:: https://coveralls.io/repos/bitbucket/openpyxl/openpyxl/badge.svg?branch=default\n :target: https://coveralls.io/bitbucket/openpyxl/openpyxl?branch=default\n :alt: coverage status\n\nIntroduction\n------------\n\nopenpyxl is a Python library to read/write Excel 2010 xlsx/xlsm/xltx/xltm files.\n\nIt was born from lack of existing library to read/write natively from Python\nthe Office Open XML format.\n\nAll kudos to the PHPExcel team as openpyxl was initially based on PHPExcel.\n\n\nSecurity\n--------\n\nBy default openpyxl does not guard against quadratic blowup or billion laughs\nxml attacks. To guard against these attacks install defusedxml.\n\nMailing List\n------------\n\nThe user list can be found on http://groups.google.com/group/openpyxl-users\n\n\nSample code::\n\n from openpyxl import Workbook\n wb = Workbook()\n\n # grab the active worksheet\n ws = wb.active\n\n # Data can be assigned directly to cells\n ws['A1'] = 42\n\n # Rows can also be appended\n ws.append([1, 2, 3])\n\n # Python types will automatically be converted\n import datetime\n ws['A2'] = datetime.datetime.now()\n\n # Save the file\n wb.save(\"sample.xlsx\")\n\n\nDocumentation\n-------------\n\nThe documentation is at: https://openpyxl.readthedocs.io\n\n* installation methods\n* code examples\n* instructions for contributing\n\nRelease notes: https://openpyxl.readthedocs.io/en/stable/changes.html", - "release_date": "2023-01-31T14:40:28", + "release_date": "2023-02-13T16:51:26", "parties": [ { "type": "person", @@ -2860,11 +2860,11 @@ "Programming Language :: Python :: 3.9" ], "homepage_url": "https://openpyxl.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/0d/89/f78a9a895e221ec8b13ae7f9495f340a0fb43563b13e2891b5df134f20ea/openpyxl-3.1.0-py2.py3-none-any.whl", - "size": 250043, + "download_url": "https://files.pythonhosted.org/packages/9e/57/1d3c2ce7f6f783be9b21569fc468a9f3660e35cc17017abfbbc26d3bd061/openpyxl-3.1.1-py2.py3-none-any.whl", + "size": 249839, "sha1": null, - "md5": "66351b61736b19d3c88cd108908447d1", - "sha256": "24d7d361025d186ba91eff58135d50855cf035a84371b891e58fb6eb5125660f", + "md5": "864e1e1ea061fe056ade64f4e7bbaf22", + "sha256": "a0266e033e65f33ee697254b66116a5793c15fc92daf64711080000df4cfe0a8", "sha512": null, "bug_tracking_url": "https://foss.heptapod.net/openpyxl/openpyxl/-/issues", "code_view_url": "https://foss.heptapod.net/openpyxl/openpyxl", @@ -2884,20 +2884,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.0/json", + "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.1/json", "datasource_id": null, - "purl": "pkg:pypi/openpyxl@3.1.0" + "purl": "pkg:pypi/openpyxl@3.1.1" }, { "type": "pypi", "namespace": null, "name": "openpyxl", - "version": "3.1.0", + "version": "3.1.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "A Python library to read/write Excel 2010 xlsx/xlsm files\n.. image:: https://coveralls.io/repos/bitbucket/openpyxl/openpyxl/badge.svg?branch=default\n :target: https://coveralls.io/bitbucket/openpyxl/openpyxl?branch=default\n :alt: coverage status\n\nIntroduction\n------------\n\nopenpyxl is a Python library to read/write Excel 2010 xlsx/xlsm/xltx/xltm files.\n\nIt was born from lack of existing library to read/write natively from Python\nthe Office Open XML format.\n\nAll kudos to the PHPExcel team as openpyxl was initially based on PHPExcel.\n\n\nSecurity\n--------\n\nBy default openpyxl does not guard against quadratic blowup or billion laughs\nxml attacks. To guard against these attacks install defusedxml.\n\nMailing List\n------------\n\nThe user list can be found on http://groups.google.com/group/openpyxl-users\n\n\nSample code::\n\n from openpyxl import Workbook\n wb = Workbook()\n\n # grab the active worksheet\n ws = wb.active\n\n # Data can be assigned directly to cells\n ws['A1'] = 42\n\n # Rows can also be appended\n ws.append([1, 2, 3])\n\n # Python types will automatically be converted\n import datetime\n ws['A2'] = datetime.datetime.now()\n\n # Save the file\n wb.save(\"sample.xlsx\")\n\n\nDocumentation\n-------------\n\nThe documentation is at: https://openpyxl.readthedocs.io\n\n* installation methods\n* code examples\n* instructions for contributing\n\nRelease notes: https://openpyxl.readthedocs.io/en/stable/changes.html", - "release_date": "2023-01-31T14:40:31", + "release_date": "2023-02-13T16:51:28", "parties": [ { "type": "person", @@ -2921,11 +2921,11 @@ "Programming Language :: Python :: 3.9" ], "homepage_url": "https://openpyxl.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/3d/73/bb87810cdde809f69fef11d31e77297894e58710d47626dc5e5b3ff8f92a/openpyxl-3.1.0.tar.gz", - "size": 186306, + "download_url": "https://files.pythonhosted.org/packages/10/bf/950ea7896f3c42ab04073cd2903f0a190ba77ef28bdf76191f6f86373712/openpyxl-3.1.1.tar.gz", + "size": 185802, "sha1": null, - "md5": "b7ba597b801b9a102f27599b2fa227b3", - "sha256": "eccedbe1cdd8b2494057e73959b496821141038dbb7eb9266ea59e3f34208231", + "md5": "0b1a5d776707ef471810f61c7bf77a2d", + "sha256": "f06d44e2c973781068bce5ecf860a09bcdb1c7f5ce1facd5e9aa82c92c93ae72", "sha512": null, "bug_tracking_url": "https://foss.heptapod.net/openpyxl/openpyxl/-/issues", "code_view_url": "https://foss.heptapod.net/openpyxl/openpyxl", @@ -2945,9 +2945,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.0/json", + "api_data_url": "https://pypi.org/pypi/openpyxl/3.1.1/json", "datasource_id": null, - "purl": "pkg:pypi/openpyxl@3.1.0" + "purl": "pkg:pypi/openpyxl@3.1.1" }, { "type": "pypi", @@ -4976,7 +4976,7 @@ "pkg:pypi/click@8.0.4", "pkg:pypi/jinja2@3.1.2", "pkg:pypi/license-expression@30.1.0", - "pkg:pypi/openpyxl@3.1.0", + "pkg:pypi/openpyxl@3.1.1", "pkg:pypi/packageurl-python@0.9.9", "pkg:pypi/saneyaml@0.5.2" ] @@ -5066,7 +5066,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/openpyxl@3.1.0", + "package": "pkg:pypi/openpyxl@3.1.1", "dependencies": [ "pkg:pypi/et-xmlfile@1.1.0" ] diff --git a/tests/data/secure-setup/setup-emptyrequires.py b/tests/data/secure-setup/setup-emptyrequires.py new file mode 100644 index 00000000..511cd08f --- /dev/null +++ b/tests/data/secure-setup/setup-emptyrequires.py @@ -0,0 +1,41 @@ +""" +Copyright 2018 Matthew Aynalem + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +""" +from distutils.core import setup + +from setuptools import find_packages + +setup( + name="packer.py", + version="0.3.0", + author="Matthew Aynalem", + author_email="maynalem@gmail.com", + packages=["packerpy"], + url="https://github.com/mayn/packer.py", + license="Apache License 2.0", + description="packer.py - python library to run hashicorp packer CLI commands", + keywords="hashicorp packer", + long_description=open("README.rst").read(), + install_requires=[], + classifiers=[ + "License :: OSI Approved :: Apache Software License", + "Programming Language :: Python :: 2", + "Programming Language :: Python :: 2.7", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + ], +) diff --git a/tests/data/secure-setup/setup-norequires.py b/tests/data/secure-setup/setup-norequires.py new file mode 100644 index 00000000..7b7eb420 --- /dev/null +++ b/tests/data/secure-setup/setup-norequires.py @@ -0,0 +1,40 @@ +""" +Copyright 2018 Matthew Aynalem + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +""" +from distutils.core import setup + +from setuptools import find_packages + +setup( + name="packer.py", + version="0.3.0", + author="Matthew Aynalem", + author_email="maynalem@gmail.com", + packages=["packerpy"], + url="https://github.com/mayn/packer.py", + license="Apache License 2.0", + description="packer.py - python library to run hashicorp packer CLI commands", + keywords="hashicorp packer", + long_description=open("README.rst").read(), + classifiers=[ + "License :: OSI Approved :: Apache Software License", + "Programming Language :: Python :: 2", + "Programming Language :: Python :: 2.7", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + ], +) diff --git a/tests/data/secure-setup/setup-requires.py b/tests/data/secure-setup/setup-requires.py new file mode 100644 index 00000000..3947d20d --- /dev/null +++ b/tests/data/secure-setup/setup-requires.py @@ -0,0 +1,41 @@ +""" +Copyright 2018 Matthew Aynalem + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +""" +from distutils.core import setup + +from setuptools import find_packages + +setup( + name="packer.py", + version="0.3.0", + author="Matthew Aynalem", + author_email="maynalem@gmail.com", + packages=["packerpy"], + url="https://github.com/mayn/packer.py", + license="Apache License 2.0", + description="packer.py - python library to run hashicorp packer CLI commands", + keywords="hashicorp packer", + long_description=open("README.rst").read(), + install_requires=["requirement1", "requirement2"], + classifiers=[ + "License :: OSI Approved :: Apache Software License", + "Programming Language :: Python :: 2", + "Programming Language :: Python :: 2.7", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + ], +) diff --git a/tests/data/single-url-except-simple-expected.json b/tests/data/single-url-except-simple-expected.json index 1f0604c3..13dbc28f 100644 --- a/tests/data/single-url-except-simple-expected.json +++ b/tests/data/single-url-except-simple-expected.json @@ -142,12 +142,12 @@ "type": "pypi", "namespace": null, "name": "flask", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "A simple framework for building complex web applications.\nFlask\n=====\n\nFlask is a lightweight `WSGI`_ web application framework. It is designed\nto make getting started quick and easy, with the ability to scale up to\ncomplex applications. It began as a simple wrapper around `Werkzeug`_\nand `Jinja`_ and has become one of the most popular Python web\napplication frameworks.\n\nFlask offers suggestions, but doesn't enforce any dependencies or\nproject layout. It is up to the developer to choose the tools and\nlibraries they want to use. There are many extensions provided by the\ncommunity that make adding new functionality easy.\n\n.. _WSGI: https://wsgi.readthedocs.io/\n.. _Werkzeug: https://werkzeug.palletsprojects.com/\n.. _Jinja: https://jinja.palletsprojects.com/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n $ pip install -U Flask\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n # save this as app.py\n from flask import Flask\n\n app = Flask(__name__)\n\n @app.route(\"/\")\n def hello():\n return \"Hello, World!\"\n\n.. code-block:: text\n\n $ flask run\n * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)\n\n\nContributing\n------------\n\nFor guidance on setting up a development environment and how to make a\ncontribution to Flask, see the `contributing guidelines`_.\n\n.. _contributing guidelines: https://github.com/pallets/flask/blob/main/CONTRIBUTING.rst\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Flask and the libraries\nit uses. In order to grow the community of contributors and users, and\nallow the maintainers to devote more time to the projects, `please\ndonate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://flask.palletsprojects.com/\n- Changes: https://flask.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Flask/\n- Source Code: https://github.com/pallets/flask/\n- Issue Tracker: https://github.com/pallets/flask/issues/\n- Website: https://palletsprojects.com/p/flask/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T23:26:30", + "release_date": "2023-02-15T22:43:55", "parties": [ { "type": "person", @@ -177,11 +177,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/flask", - "download_url": "https://files.pythonhosted.org/packages/0f/43/15f4f9ab225b0b25352412e8daa3d0e3d135fcf5e127070c74c3632c8b4c/Flask-2.2.2-py3-none-any.whl", - "size": 101477, + "download_url": "https://files.pythonhosted.org/packages/95/9c/a3542594ce4973786236a1b7b702b8ca81dbf40ea270f0f96284f0c27348/Flask-2.2.3-py3-none-any.whl", + "size": 101839, "sha1": null, - "md5": "e737537775d400ad00adf8f59358f7ab", - "sha256": "b9c46cc36662a7949f34b52d8ec7bb59c0d74ba08ba6cb9ce9adc1d8676d9526", + "md5": "caa7a4f7604efe271c93f742933cb145", + "sha256": "c0bec9477df1cb867e5a67c9e1ab758de9cb4a3e52dd70681f59fa40a62b3f2d", "sha512": null, "bug_tracking_url": "https://github.com/pallets/flask/issues/", "code_view_url": "https://github.com/pallets/flask/", @@ -201,76 +201,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/flask/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/flask/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/flask@2.2.2" - }, - { - "type": "pypi", - "namespace": null, - "name": "flask", - "version": "2.2.2", - "qualifiers": {}, - "subpath": null, - "primary_language": "Python", - "description": "A simple framework for building complex web applications.\nFlask\n=====\n\nFlask is a lightweight `WSGI`_ web application framework. It is designed\nto make getting started quick and easy, with the ability to scale up to\ncomplex applications. It began as a simple wrapper around `Werkzeug`_\nand `Jinja`_ and has become one of the most popular Python web\napplication frameworks.\n\nFlask offers suggestions, but doesn't enforce any dependencies or\nproject layout. It is up to the developer to choose the tools and\nlibraries they want to use. There are many extensions provided by the\ncommunity that make adding new functionality easy.\n\n.. _WSGI: https://wsgi.readthedocs.io/\n.. _Werkzeug: https://werkzeug.palletsprojects.com/\n.. _Jinja: https://jinja.palletsprojects.com/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n $ pip install -U Flask\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n # save this as app.py\n from flask import Flask\n\n app = Flask(__name__)\n\n @app.route(\"/\")\n def hello():\n return \"Hello, World!\"\n\n.. code-block:: text\n\n $ flask run\n * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)\n\n\nContributing\n------------\n\nFor guidance on setting up a development environment and how to make a\ncontribution to Flask, see the `contributing guidelines`_.\n\n.. _contributing guidelines: https://github.com/pallets/flask/blob/main/CONTRIBUTING.rst\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Flask and the libraries\nit uses. In order to grow the community of contributors and users, and\nallow the maintainers to devote more time to the projects, `please\ndonate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://flask.palletsprojects.com/\n- Changes: https://flask.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Flask/\n- Source Code: https://github.com/pallets/flask/\n- Issue Tracker: https://github.com/pallets/flask/issues/\n- Website: https://palletsprojects.com/p/flask/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T23:26:33", - "parties": [ - { - "type": "person", - "role": "author", - "name": "Armin Ronacher", - "email": "armin.ronacher@active-4.com", - "url": null - }, - { - "type": "person", - "role": "maintainer", - "name": "Pallets", - "email": "contact@palletsprojects.com", - "url": null - } - ], - "keywords": [ - "Development Status :: 5 - Production/Stable", - "Environment :: Web Environment", - "Framework :: Flask", - "Intended Audience :: Developers", - "Operating System :: OS Independent", - "Programming Language :: Python", - "Topic :: Internet :: WWW/HTTP :: Dynamic Content", - "Topic :: Internet :: WWW/HTTP :: WSGI", - "Topic :: Internet :: WWW/HTTP :: WSGI :: Application", - "Topic :: Software Development :: Libraries :: Application Frameworks" - ], - "homepage_url": "https://palletsprojects.com/p/flask", - "download_url": "https://files.pythonhosted.org/packages/69/b6/53cfa30eed5aa7343daff36622843688ba8c6fe9829bb2b92e193ab1163f/Flask-2.2.2.tar.gz", - "size": 677389, - "sha1": null, - "md5": "c0d2276cb7d59a06d62c915da9c77ba6", - "sha256": "642c450d19c4ad482f96729bd2a8f6d32554aa1e231f4f6b4e7e5264b16cca2b", - "sha512": null, - "bug_tracking_url": "https://github.com/pallets/flask/issues/", - "code_view_url": "https://github.com/pallets/flask/", - "vcs_url": null, - "copyright": null, - "license_expression": null, - "declared_license": { - "license": "BSD-3-Clause", - "classifiers": [ - "License :: OSI Approved :: BSD License" - ] - }, - "notice_text": null, - "source_packages": [], - "file_references": [], - "extra_data": {}, - "dependencies": [], - "repository_homepage_url": null, - "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/flask/2.2.2/json", - "datasource_id": null, - "purl": "pkg:pypi/flask@2.2.2" + "purl": "pkg:pypi/flask@2.2.3" }, { "type": "pypi", @@ -760,12 +693,12 @@ "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:13", + "release_date": "2023-02-14T17:18:42", "parties": [ { "type": "person", @@ -795,11 +728,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/c8/27/be6ddbcf60115305205de79c29004a0c6bc53cec814f733467b1bb89386d/Werkzeug-2.2.2-py3-none-any.whl", - "size": 232700, + "download_url": "https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl", + "size": 233551, "sha1": null, - "md5": "7d1583943fb626014027b4fbd75507a0", - "sha256": "f979ab81f58d7318e064e99c4506445d60135ac5cd2e177a2de0089bfd4c9bd5", + "md5": "fd276a08a0dcdf25a48ed1a5ac07b836", + "sha256": "56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -819,20 +752,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" }, { "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:15", + "release_date": "2023-02-14T17:18:44", "parties": [ { "type": "person", @@ -862,11 +795,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/f8/c1/1c8e539f040acd80f844c69a5ef8e2fccdf8b442dabb969e497b55d544e1/Werkzeug-2.2.2.tar.gz", - "size": 844378, + "download_url": "https://files.pythonhosted.org/packages/02/3c/baaebf3235c87d61d6593467056d5a8fba7c75ac838b8d100a5e64eba7a0/Werkzeug-2.2.3.tar.gz", + "size": 845884, "sha1": null, - "md5": "9d7e50c5bb3a9fc12823b5faf374b90e", - "sha256": "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f", + "md5": "28c3ec6a4b1ce8f06c85612c1dfa351a", + "sha256": "2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -886,20 +819,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" }, { "type": "pypi", "namespace": null, "name": "zipp", - "version": "3.12.1", + "version": "3.13.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: https://pypi.org/project/zipp\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n\n.. image:: https://github.com/jaraco/zipp/workflows/tests/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n :alt: Code style: Black\n\n.. .. image:: https://readthedocs.org/projects/skeleton/badge/?version=latest\n.. :target: https://skeleton.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2023-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.9\n - 3.12\n * - 3.5\n - 3.11\n * - 3.2\n - 3.10\n * - 3.3 ??\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.\n\nSecurity Contact\n================\n\nTo report a security vulnerability, please use the\n`Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.", - "release_date": "2023-02-05T17:47:17", + "release_date": "2023-02-09T17:04:05", "parties": [ { "type": "person", @@ -916,11 +849,11 @@ "Programming Language :: Python :: 3 :: Only" ], "homepage_url": "https://github.com/jaraco/zipp", - "download_url": "https://files.pythonhosted.org/packages/37/7d/4a5221043904612db108bbe7d0ad7409015fb143bae137c72d9dfd7b75e1/zipp-3.12.1-py3-none-any.whl", + "download_url": "https://files.pythonhosted.org/packages/95/7b/1608a7344743f54a8c072d64d2a279934fd204d6d015278b0a0ed4ce104b/zipp-3.13.0-py3-none-any.whl", "size": 6718, "sha1": null, - "md5": "e377da0396565d8783c7e204800b6583", - "sha256": "6c4fe274b8f85ec73c37a8e4e3fa00df9fb9335da96fb789e3b96b318e5097b3", + "md5": "bbe676c29bf9e6db5a128cf2cbcb3b0f", + "sha256": "e8b2a36ea17df80ffe9e2c4fda3f693c3dad6df1697d3cd3af232db680950b0b", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -939,20 +872,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/zipp/3.12.1/json", + "api_data_url": "https://pypi.org/pypi/zipp/3.13.0/json", "datasource_id": null, - "purl": "pkg:pypi/zipp@3.12.1" + "purl": "pkg:pypi/zipp@3.13.0" }, { "type": "pypi", "namespace": null, "name": "zipp", - "version": "3.12.1", + "version": "3.13.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: https://pypi.org/project/zipp\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n\n.. image:: https://github.com/jaraco/zipp/workflows/tests/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n :alt: Code style: Black\n\n.. .. image:: https://readthedocs.org/projects/skeleton/badge/?version=latest\n.. :target: https://skeleton.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2023-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.9\n - 3.12\n * - 3.5\n - 3.11\n * - 3.2\n - 3.10\n * - 3.3 ??\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.\n\nSecurity Contact\n================\n\nTo report a security vulnerability, please use the\n`Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.", - "release_date": "2023-02-05T17:47:18", + "release_date": "2023-02-09T17:04:06", "parties": [ { "type": "person", @@ -969,11 +902,11 @@ "Programming Language :: Python :: 3 :: Only" ], "homepage_url": "https://github.com/jaraco/zipp", - "download_url": "https://files.pythonhosted.org/packages/1f/29/54ba1934c45af649698410456fa8a78a475c82efd5c562e51011079458d1/zipp-3.12.1.tar.gz", - "size": 17987, + "download_url": "https://files.pythonhosted.org/packages/d1/2f/ba544a8a6ad5ad9dcec1b00f536bb9fb078f5f50d1a1408876de18a9151b/zipp-3.13.0.tar.gz", + "size": 18725, "sha1": null, - "md5": "6cc740ee6b1c7e80262e914d1d5d7e79", - "sha256": "a3cac813d40993596b39ea9e93a18e8a2076d5c378b8bc88ec32ab264e04ad02", + "md5": "ee68b317a1393b11c2d4037a30d18bed", + "sha256": "23f70e964bc11a34cef175bc90ba2914e1e4545ea1e3e2f67c079671883f9cb6", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -992,9 +925,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/zipp/3.12.1/json", + "api_data_url": "https://pypi.org/pypi/zipp/3.13.0/json", "datasource_id": null, - "purl": "pkg:pypi/zipp@3.12.1" + "purl": "pkg:pypi/zipp@3.13.0" } ], "resolved_dependencies_graph": [ @@ -1003,19 +936,19 @@ "dependencies": [] }, { - "package": "pkg:pypi/flask@2.2.2", + "package": "pkg:pypi/flask@2.2.3", "dependencies": [ "pkg:pypi/click@8.1.3", "pkg:pypi/importlib-metadata@6.0.0", "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", - "pkg:pypi/werkzeug@2.2.2" + "pkg:pypi/werkzeug@2.2.3" ] }, { "package": "pkg:pypi/importlib-metadata@6.0.0", "dependencies": [ - "pkg:pypi/zipp@3.12.1" + "pkg:pypi/zipp@3.13.0" ] }, { @@ -1033,13 +966,13 @@ "dependencies": [] }, { - "package": "pkg:pypi/werkzeug@2.2.2", + "package": "pkg:pypi/werkzeug@2.2.3", "dependencies": [ "pkg:pypi/markupsafe@2.1.2" ] }, { - "package": "pkg:pypi/zipp@3.12.1", + "package": "pkg:pypi/zipp@3.13.0", "dependencies": [] } ] diff --git a/tests/data/test-api-expected.json b/tests/data/test-api-expected.json index ed947eb2..546da8c9 100644 --- a/tests/data/test-api-expected.json +++ b/tests/data/test-api-expected.json @@ -639,12 +639,12 @@ "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:13", + "release_date": "2023-02-14T17:18:42", "parties": [ { "type": "person", @@ -674,11 +674,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/c8/27/be6ddbcf60115305205de79c29004a0c6bc53cec814f733467b1bb89386d/Werkzeug-2.2.2-py3-none-any.whl", - "size": 232700, + "download_url": "https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl", + "size": 233551, "sha1": null, - "md5": "7d1583943fb626014027b4fbd75507a0", - "sha256": "f979ab81f58d7318e064e99c4506445d60135ac5cd2e177a2de0089bfd4c9bd5", + "md5": "fd276a08a0dcdf25a48ed1a5ac07b836", + "sha256": "56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -698,20 +698,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" }, { "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:15", + "release_date": "2023-02-14T17:18:44", "parties": [ { "type": "person", @@ -741,11 +741,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/f8/c1/1c8e539f040acd80f844c69a5ef8e2fccdf8b442dabb969e497b55d544e1/Werkzeug-2.2.2.tar.gz", - "size": 844378, + "download_url": "https://files.pythonhosted.org/packages/02/3c/baaebf3235c87d61d6593467056d5a8fba7c75ac838b8d100a5e64eba7a0/Werkzeug-2.2.3.tar.gz", + "size": 845884, "sha1": null, - "md5": "9d7e50c5bb3a9fc12823b5faf374b90e", - "sha256": "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f", + "md5": "28c3ec6a4b1ce8f06c85612c1dfa351a", + "sha256": "2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -765,9 +765,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" } ], "resolution": [ @@ -781,7 +781,7 @@ "pkg:pypi/click@8.1.3", "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", - "pkg:pypi/werkzeug@2.2.2" + "pkg:pypi/werkzeug@2.2.3" ] }, { @@ -799,7 +799,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/werkzeug@2.2.2", + "package": "pkg:pypi/werkzeug@2.2.3", "dependencies": [ "pkg:pypi/markupsafe@2.1.2" ] diff --git a/tests/data/test-api-pdt-expected.json b/tests/data/test-api-pdt-expected.json index 26235bbf..b08323d8 100644 --- a/tests/data/test-api-pdt-expected.json +++ b/tests/data/test-api-pdt-expected.json @@ -639,12 +639,12 @@ "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:13", + "release_date": "2023-02-14T17:18:42", "parties": [ { "type": "person", @@ -674,11 +674,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/c8/27/be6ddbcf60115305205de79c29004a0c6bc53cec814f733467b1bb89386d/Werkzeug-2.2.2-py3-none-any.whl", - "size": 232700, + "download_url": "https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl", + "size": 233551, "sha1": null, - "md5": "7d1583943fb626014027b4fbd75507a0", - "sha256": "f979ab81f58d7318e064e99c4506445d60135ac5cd2e177a2de0089bfd4c9bd5", + "md5": "fd276a08a0dcdf25a48ed1a5ac07b836", + "sha256": "56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -698,20 +698,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" }, { "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:15", + "release_date": "2023-02-14T17:18:44", "parties": [ { "type": "person", @@ -741,11 +741,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/f8/c1/1c8e539f040acd80f844c69a5ef8e2fccdf8b442dabb969e497b55d544e1/Werkzeug-2.2.2.tar.gz", - "size": 844378, + "download_url": "https://files.pythonhosted.org/packages/02/3c/baaebf3235c87d61d6593467056d5a8fba7c75ac838b8d100a5e64eba7a0/Werkzeug-2.2.3.tar.gz", + "size": 845884, "sha1": null, - "md5": "9d7e50c5bb3a9fc12823b5faf374b90e", - "sha256": "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f", + "md5": "28c3ec6a4b1ce8f06c85612c1dfa351a", + "sha256": "2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -765,9 +765,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" } ], "resolution": [ @@ -804,7 +804,7 @@ { "key": "werkzeug", "package_name": "werkzeug", - "installed_version": "2.2.2", + "installed_version": "2.2.3", "dependencies": [ { "key": "markupsafe", diff --git a/tests/data/test-api-with-prefer-source.json b/tests/data/test-api-with-prefer-source.json index 465307fd..65226ee4 100644 --- a/tests/data/test-api-with-prefer-source.json +++ b/tests/data/test-api-with-prefer-source.json @@ -322,12 +322,12 @@ "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:15", + "release_date": "2023-02-14T17:18:44", "parties": [ { "type": "person", @@ -357,11 +357,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/f8/c1/1c8e539f040acd80f844c69a5ef8e2fccdf8b442dabb969e497b55d544e1/Werkzeug-2.2.2.tar.gz", - "size": 844378, + "download_url": "https://files.pythonhosted.org/packages/02/3c/baaebf3235c87d61d6593467056d5a8fba7c75ac838b8d100a5e64eba7a0/Werkzeug-2.2.3.tar.gz", + "size": 845884, "sha1": null, - "md5": "9d7e50c5bb3a9fc12823b5faf374b90e", - "sha256": "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f", + "md5": "28c3ec6a4b1ce8f06c85612c1dfa351a", + "sha256": "2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -381,9 +381,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" } ], "resolution": [ @@ -397,7 +397,7 @@ "pkg:pypi/click@8.1.3", "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", - "pkg:pypi/werkzeug@2.2.2" + "pkg:pypi/werkzeug@2.2.3" ] }, { @@ -415,7 +415,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/werkzeug@2.2.2", + "package": "pkg:pypi/werkzeug@2.2.3", "dependencies": [ "pkg:pypi/markupsafe@2.1.2" ] diff --git a/tests/data/test-api-with-python-311.json b/tests/data/test-api-with-python-311.json index 465307fd..65226ee4 100644 --- a/tests/data/test-api-with-python-311.json +++ b/tests/data/test-api-with-python-311.json @@ -322,12 +322,12 @@ "type": "pypi", "namespace": null, "name": "werkzeug", - "version": "2.2.2", + "version": "2.2.3", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "The comprehensive WSGI web application library.\nWerkzeug\n========\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive `WSGI`_ web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n`Flask`_ wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n.. _WSGI: https://wsgi.readthedocs.io/en/latest/\n.. _Flask: https://www.palletsprojects.com/p/flask/\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U Werkzeug\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nA Simple Example\n----------------\n\n.. code-block:: python\n\n from werkzeug.wrappers import Request, Response\n\n @Request.application\n def application(request):\n return Response('Hello, World!')\n\n if __name__ == '__main__':\n from werkzeug.serving import run_simple\n run_simple('localhost', 4000, application)\n\n\nDonate\n------\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://werkzeug.palletsprojects.com/\n- Changes: https://werkzeug.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/Werkzeug/\n- Source Code: https://github.com/pallets/werkzeug/\n- Issue Tracker: https://github.com/pallets/werkzeug/issues/\n- Website: https://palletsprojects.com/p/werkzeug/\n- Twitter: https://twitter.com/PalletsTeam\n- Chat: https://discord.gg/pallets", - "release_date": "2022-08-08T21:44:15", + "release_date": "2023-02-14T17:18:44", "parties": [ { "type": "person", @@ -357,11 +357,11 @@ "Topic :: Software Development :: Libraries :: Application Frameworks" ], "homepage_url": "https://palletsprojects.com/p/werkzeug/", - "download_url": "https://files.pythonhosted.org/packages/f8/c1/1c8e539f040acd80f844c69a5ef8e2fccdf8b442dabb969e497b55d544e1/Werkzeug-2.2.2.tar.gz", - "size": 844378, + "download_url": "https://files.pythonhosted.org/packages/02/3c/baaebf3235c87d61d6593467056d5a8fba7c75ac838b8d100a5e64eba7a0/Werkzeug-2.2.3.tar.gz", + "size": 845884, "sha1": null, - "md5": "9d7e50c5bb3a9fc12823b5faf374b90e", - "sha256": "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f", + "md5": "28c3ec6a4b1ce8f06c85612c1dfa351a", + "sha256": "2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe", "sha512": null, "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", "code_view_url": "https://github.com/pallets/werkzeug/", @@ -381,9 +381,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.2/json", + "api_data_url": "https://pypi.org/pypi/werkzeug/2.2.3/json", "datasource_id": null, - "purl": "pkg:pypi/werkzeug@2.2.2" + "purl": "pkg:pypi/werkzeug@2.2.3" } ], "resolution": [ @@ -397,7 +397,7 @@ "pkg:pypi/click@8.1.3", "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", - "pkg:pypi/werkzeug@2.2.2" + "pkg:pypi/werkzeug@2.2.3" ] }, { @@ -415,7 +415,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/werkzeug@2.2.2", + "package": "pkg:pypi/werkzeug@2.2.3", "dependencies": [ "pkg:pypi/markupsafe@2.1.2" ] diff --git a/tests/test_resolution.py b/tests/test_resolution.py index ab833a69..b5e6e2cb 100644 --- a/tests/test_resolution.py +++ b/tests/test_resolution.py @@ -21,6 +21,7 @@ from python_inspector.error import NoVersionsFound from python_inspector.resolution import PythonInputProvider from python_inspector.resolution import get_requirements_from_dependencies +from python_inspector.resolution import get_requirements_from_python_manifest from python_inspector.resolution import is_valid_version from python_inspector.resolution import parse_reqs_from_setup_py_insecurely from python_inspector.utils_pypi import PYPI_PUBLIC_REPO @@ -49,7 +50,7 @@ def test_get_resolved_dependencies_with_flask_and_python_310(): "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", "pkg:pypi/markupsafe@2.1.2", - "pkg:pypi/werkzeug@2.2.2", + "pkg:pypi/werkzeug@2.2.3", ] @@ -73,7 +74,7 @@ def test_get_resolved_dependencies_with_flask_and_python_310_windows(): "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", "pkg:pypi/markupsafe@2.1.2", - "pkg:pypi/werkzeug@2.2.2", + "pkg:pypi/werkzeug@2.2.3", ] @@ -124,8 +125,8 @@ def test_get_resolved_dependencies_with_tilde_requirement_using_json_api(): "pkg:pypi/itsdangerous@2.1.2", "pkg:pypi/jinja2@3.1.2", "pkg:pypi/markupsafe@2.1.2", - "pkg:pypi/werkzeug@2.2.2", - "pkg:pypi/zipp@3.12.1", + "pkg:pypi/werkzeug@2.2.3", + "pkg:pypi/zipp@3.13.0", ] @@ -146,11 +147,11 @@ def test_without_supported_wheels(): assert plist == [ "pkg:pypi/autobahn@22.3.2", "pkg:pypi/cffi@1.15.1", - "pkg:pypi/cryptography@39.0.0", + "pkg:pypi/cryptography@39.0.1", "pkg:pypi/hyperlink@21.0.0", "pkg:pypi/idna@3.4", "pkg:pypi/pycparser@2.21", - "pkg:pypi/setuptools@67.1.0", + "pkg:pypi/setuptools@67.3.2", "pkg:pypi/txaio@23.1.1", ] @@ -241,6 +242,47 @@ def test_get_requirements_from_dependencies_with_editable_requirements(): assert requirements == [] +def test_get_requirements_from_python_manifest_securely(): + sdist_location = "tests/data/secure-setup" + setup_py_emptyrequires = "setup-emptyrequires.py" + setup_py_norequires = "setup-norequires.py" + setup_py_requires = "setup-requires.py" + analyze_setup_py_insecurely = False + try: + ret = list( + get_requirements_from_python_manifest( + sdist_location, + sdist_location + "/" + setup_py_norequires, + [sdist_location + "/" + setup_py_norequires], + analyze_setup_py_insecurely, + ) + ) + assert ret == [] + except Exception: + pytest.fail("Failure parsing setup.py where requirements are not provided.") + try: + ret = list( + get_requirements_from_python_manifest( + sdist_location, + sdist_location + "/" + setup_py_emptyrequires, + [sdist_location + "/" + setup_py_emptyrequires], + analyze_setup_py_insecurely, + ) + ) + assert ret == [] + except Exception: + pytest.fail("Failure getting empty requirements securely from setup.py.") + with pytest.raises(Exception): + ret = list( + get_requirements_from_python_manifest( + sdist_location, + sdist_location + "/" + setup_py_requires, + [sdist_location + "/" + setup_py_requires], + analyze_setup_py_insecurely, + ).next() + ) + + def test_setup_py_parsing_insecure(): setup_py_file = setup_test_env.get_test_loc("insecure-setup/setup.py") reqs = [str(req) for req in list(parse_reqs_from_setup_py_insecurely(setup_py=setup_py_file))]