diff --git a/0001-packaging-testcast.patch b/0001-packaging-testcast.patch deleted file mode 100644 index c5ec3c498d26c4d81a1fb703b70af293c1f192c6..0000000000000000000000000000000000000000 --- a/0001-packaging-testcast.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 9ea4a7f52959a2243a46d1ab615c7a1f56a80891 Mon Sep 17 00:00:00 2001 -From: luolu12 -Date: Thu, 21 Sep 2023 11:07:36 +0800 -Subject: [PATCH] bugfix - ---- - setup.cfg | 2 +- - tests/test_cli.py | 8 ------- - tests/test_safety.py | 57 -------------------------------------------- - 3 files changed, 1 insertion(+), 66 deletions(-) - -diff --git a/setup.cfg b/setup.cfg -index 3ec78b9..f7c4fc1 100644 ---- a/setup.cfg -+++ b/setup.cfg -@@ -39,7 +39,7 @@ install_requires = - setuptools>=19.3 - Click>=8.0.2 - requests -- packaging>=21.0,<22.0 -+ packaging>=21.0,<=23.1 - dparse>=0.6.2 - ruamel.yaml>=0.17.21 - dataclasses==0.8; python_version=="3.6" -diff --git a/tests/test_cli.py b/tests/test_cli.py -index 64cc8c4..cd21c1b 100644 ---- a/tests/test_cli.py -+++ b/tests/test_cli.py -@@ -118,14 +118,6 @@ class TestSafetyCLI(unittest.TestCase): - result = self.runner.invoke(cli.cli, ['check', '--output', output, '--continue-on-error']) - self.assertEqual(result.exit_code, EXPECTED_EXIT_CODE_CONTINUE_ON_ERROR) - -- @patch("safety.safety.get_announcements") -- def test_announcements_if_is_not_tty(self, get_announcements_func): -- announcement = {'type': 'error', 'message': 'Please upgrade now'} -- get_announcements_func.return_value = [announcement] -- message = f"* {announcement.get('message')}" -- result = self.runner.invoke(cli.cli, ['check']) -- self.assertTrue('ANNOUNCEMENTS' in result.stderr) -- self.assertTrue(message in result.stderr) - - @patch("safety.safety.get_announcements") - def test_review_pass(self, mocked_announcements): -diff --git a/tests/test_safety.py b/tests/test_safety.py -index cecc789..afdf3fa 100644 ---- a/tests/test_safety.py -+++ b/tests/test_safety.py -@@ -102,63 +102,6 @@ class TestSafety(unittest.TestCase): - ) - self.assertEqual(len(vulns), 4) - -- def test_check_live(self): -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=0, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- -- self.assertEqual(len(vulns), 1) -- -- def test_check_live_cached(self): -- from safety.constants import CACHE_FILE -- -- # lets clear the cache first -- try: -- with open(CACHE_FILE, 'w') as f: -- f.write(json.dumps({})) -- except Exception: -- pass -- -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=60 * 60, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- self.assertEqual(len(vulns), 1) -- -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- # make a second call to use the cache -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=60 * 60, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- self.assertEqual(len(vulns), 1) -- - def test_get_packages_licenses(self): - reqs = StringIO("Django==1.8.1\n\rinvalid==1.0.0") - packages = util.read_requirements(reqs) --- -2.33.0 - diff --git a/python-safety.spec b/python-safety.spec index bf74c58fbe2302b41ee4d8453b836d5332d16cd8..07698c6483526edba3c850c8a6f33dfa24819e71 100644 --- a/python-safety.spec +++ b/python-safety.spec @@ -1,13 +1,13 @@ %global pypi_name safety Name: python-%{pypi_name} -Version: 2.3.5 -Release: 2 -Summary: Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. +Version: 3.2.8 +Release: 1 +Summary: Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. License: MIT URL: https://github.com/pyupio/safety -Source0: https://files.pythonhosted.org/packages/36/c3/a1eeffef985f0ae71e133312fd474b616e55acb55acaf597a314c4fcf88e/safety-2.3.5.tar.gz +Source0: https://files.pythonhosted.org/packages/45/a9/24b199f4989385f36bcb7c5aa33ff1a781fe141f3d85effc89144c262de4/safety-3.2.8.tar.gz BuildArch: noarch @@ -23,10 +23,15 @@ BuildRequires: python3-requests BuildRequires: python3-click BuildRequires: python3-dparse BuildRequires: python3-ruamel-yaml +BuildRequires: python3-typer +BuildRequires: python3-rich +BuildRequires: python3-psutil +BuildRequires: python3-marshmallow +BuildRequires: python3-pydantic +BuildRequires: python3-safety-schemas +BuildRequires: python3-Authlib -Patch001:0001-packaging-testcast.patch - %description Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. Safety can be run on developer machines, in CI/CD pipelines and on production systems. @@ -58,6 +63,14 @@ Safety checks Python dependencies for known security vulnerabilities and suggest %changelog +* Thu Oct 24 2024 Dongxing Wang - 3.2.8-1 +- Update package to version 3.2.8 + Initial code changes to incorporate HTML file format + Rendering vul, remediation and other values + Add --and-fix option to the safety check command + Adding coverage job to the main workflow + Improving validation in the policy file and minor fixes + * Wed Sep 20 2023 luluo12 - 2.3.5-2 - add self-check. diff --git a/safety-2.3.5.tar.gz b/safety-2.3.5.tar.gz deleted file mode 100644 index 21b495c50cac8549fa1dd95c691a1f588548d54e..0000000000000000000000000000000000000000 Binary files a/safety-2.3.5.tar.gz and /dev/null differ diff --git a/safety-3.2.8.tar.gz b/safety-3.2.8.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..aedc72b67f48a9bb2db651f984a70dd237d9f880 Binary files /dev/null and b/safety-3.2.8.tar.gz differ