diff --git a/0001-fix-test-code-nonetype.patch b/0001-fix-test-code-nonetype.patch new file mode 100644 index 0000000000000000000000000000000000000000..a6c49f8e33f31773071687a127cd9b582672ab50 --- /dev/null +++ b/0001-fix-test-code-nonetype.patch @@ -0,0 +1,37 @@ +From 3dee60c063f25c5c84f15a690ce09665659f27d0 Mon Sep 17 00:00:00 2001 +From: desert-sailor +Date: Mon, 19 May 2025 16:16:08 +0800 +Subject: [PATCH] fix test code nonetype + +--- + tests/conftest.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index 11747a4..97ed8d3 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -16,10 +16,11 @@ def get_project_dependencies(): + + def pytest_configure(config): + main_deps_specs = get_project_dependencies() ++ list_dists = filter(lambda dist:dist.metadata['Name'] is not None, distributions()) + all_dists = {canonicalize_name(dist.metadata['Name']): + (dist.metadata['Name'], dist.version) +- for dist in distributions()} +- ++ for dist in list_dists} ++ + # Main dependencies table + print(f"\n[{len(main_deps_specs)}] Main Dependencies:") + print("-" * 60) +@@ -48,4 +49,4 @@ def pytest_configure(config): + else: + line += pkg + ", " + if line: +- print(line.rstrip(", ")) +\ No newline at end of file ++ print(line.rstrip(", ")) +-- +2.43.0 + diff --git a/0001-packaging-testcast.patch b/0001-packaging-testcast.patch deleted file mode 100644 index c5ec3c498d26c4d81a1fb703b70af293c1f192c6..0000000000000000000000000000000000000000 --- a/0001-packaging-testcast.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 9ea4a7f52959a2243a46d1ab615c7a1f56a80891 Mon Sep 17 00:00:00 2001 -From: luolu12 -Date: Thu, 21 Sep 2023 11:07:36 +0800 -Subject: [PATCH] bugfix - ---- - setup.cfg | 2 +- - tests/test_cli.py | 8 ------- - tests/test_safety.py | 57 -------------------------------------------- - 3 files changed, 1 insertion(+), 66 deletions(-) - -diff --git a/setup.cfg b/setup.cfg -index 3ec78b9..f7c4fc1 100644 ---- a/setup.cfg -+++ b/setup.cfg -@@ -39,7 +39,7 @@ install_requires = - setuptools>=19.3 - Click>=8.0.2 - requests -- packaging>=21.0,<22.0 -+ packaging>=21.0,<=23.1 - dparse>=0.6.2 - ruamel.yaml>=0.17.21 - dataclasses==0.8; python_version=="3.6" -diff --git a/tests/test_cli.py b/tests/test_cli.py -index 64cc8c4..cd21c1b 100644 ---- a/tests/test_cli.py -+++ b/tests/test_cli.py -@@ -118,14 +118,6 @@ class TestSafetyCLI(unittest.TestCase): - result = self.runner.invoke(cli.cli, ['check', '--output', output, '--continue-on-error']) - self.assertEqual(result.exit_code, EXPECTED_EXIT_CODE_CONTINUE_ON_ERROR) - -- @patch("safety.safety.get_announcements") -- def test_announcements_if_is_not_tty(self, get_announcements_func): -- announcement = {'type': 'error', 'message': 'Please upgrade now'} -- get_announcements_func.return_value = [announcement] -- message = f"* {announcement.get('message')}" -- result = self.runner.invoke(cli.cli, ['check']) -- self.assertTrue('ANNOUNCEMENTS' in result.stderr) -- self.assertTrue(message in result.stderr) - - @patch("safety.safety.get_announcements") - def test_review_pass(self, mocked_announcements): -diff --git a/tests/test_safety.py b/tests/test_safety.py -index cecc789..afdf3fa 100644 ---- a/tests/test_safety.py -+++ b/tests/test_safety.py -@@ -102,63 +102,6 @@ class TestSafety(unittest.TestCase): - ) - self.assertEqual(len(vulns), 4) - -- def test_check_live(self): -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=0, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- -- self.assertEqual(len(vulns), 1) -- -- def test_check_live_cached(self): -- from safety.constants import CACHE_FILE -- -- # lets clear the cache first -- try: -- with open(CACHE_FILE, 'w') as f: -- f.write(json.dumps({})) -- except Exception: -- pass -- -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=60 * 60, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- self.assertEqual(len(vulns), 1) -- -- reqs = StringIO("insecure-package==0.1") -- packages = util.read_requirements(reqs) -- # make a second call to use the cache -- vulns, _ = safety.check( -- packages=packages, -- key=None, -- db_mirror=False, -- cached=60 * 60, -- ignore_vulns={}, -- ignore_severity_rules=None, -- proxy={}, -- telemetry=False -- ) -- self.assertEqual(len(vulns), 1) -- - def test_get_packages_licenses(self): - reqs = StringIO("Django==1.8.1\n\rinvalid==1.0.0") - packages = util.read_requirements(reqs) --- -2.33.0 - diff --git a/python-safety.spec b/python-safety.spec index bf74c58fbe2302b41ee4d8453b836d5332d16cd8..6450a3db41403ef26b1a42f7329f47c4f99d717b 100644 --- a/python-safety.spec +++ b/python-safety.spec @@ -1,13 +1,14 @@ %global pypi_name safety Name: python-%{pypi_name} -Version: 2.3.5 -Release: 2 -Summary: Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. +Version: 3.5.1 +Release: 1 +Summary: Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. License: MIT URL: https://github.com/pyupio/safety -Source0: https://files.pythonhosted.org/packages/36/c3/a1eeffef985f0ae71e133312fd474b616e55acb55acaf597a314c4fcf88e/safety-2.3.5.tar.gz +Source0: %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz +Patch1: 0001-fix-test-code-nonetype.patch BuildArch: noarch @@ -18,15 +19,26 @@ BuildRequires: python3-wheel BuildRequires: python3-editables BuildRequires: python3-hatch-vcs BuildRequires: python3-hatchling +# for test +BuildRequires: python3-coverage BuildRequires: python3-pytest -BuildRequires: python3-requests +BuildRequires: python3-pyinstaller +BuildRequires: python3-tomli BuildRequires: python3-click BuildRequires: python3-dparse -BuildRequires: python3-ruamel-yaml +BuildRequires: python3-rich +BuildRequires: python3-typer +BuildRequires: python3-tomlkit +BuildRequires: python3-safety-schemas +BuildRequires: python3-Authlib +BuildRequires: python3-jinja2 +BuildRequires: python3-httpx +BuildRequires: python3-filelock +BuildRequires: python3-psutil +BuildRequires: python3-tenacity +BuildRequires: python3-nltk -Patch001:0001-packaging-testcast.patch - %description Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. Safety can be run on developer machines, in CI/CD pipelines and on production systems. @@ -40,6 +52,8 @@ Safety checks Python dependencies for known security vulnerabilities and suggest %prep %autosetup -n %{pypi_name}-%{version} -p1 +sed -i 's/~=/>=/g' pyproject.toml +sed -i 's#<2.10.0#<2.12#g' pyproject.toml %build %pyproject_build @@ -48,16 +62,38 @@ Safety checks Python dependencies for known security vulnerabilities and suggest %pyproject_install %check -%pytest - +# skip test_announcements_if_is_not_tty for ci noweb +k="${k-}${k+ and }not test_announcements_if_is_not_tty" +# skip test_check_live_cached for ci noweb +k="${k-}${k+ and }not test_check_live_cached" +# skip test_check_live for ci noweb +k="${k-}${k+ and }not test_check_live" +# skip test_get_packages_licenses_without_api_key for ci noweb +k="${k-}${k+ and }not test_get_packages_licenses_without_api_key" +%pytest -- -k "${k-}" %files -n python3-%{pypi_name} +%doc README.md +%license LICENSES %{python3_sitelib}/%{pypi_name} %{python3_sitelib}/%{pypi_name}-*.dist-info %{_bindir}/safety %changelog +* Mon May 19 2025 Dongxing Wang - 3.5.1-1 +- Update package with version 3.5.1 + feat: add 'SAFETY_REQUEST_TIMEOUT_EVENTS' so users can use a custom timeout + feat: improved rendering of the warning messages + feat: added resolution of installed packages + feat: add meta client headers to all requests + feat: include other category in the init scan + feat: add new onboarding events + feat: displaying package installation warnings + feat: integrate full support for poetry + feat: configuring the repository URL using project id + feat: add security events for firewall users + * Wed Sep 20 2023 luluo12 - 2.3.5-2 - add self-check. diff --git a/safety-2.3.5.tar.gz b/safety-2.3.5.tar.gz deleted file mode 100644 index 21b495c50cac8549fa1dd95c691a1f588548d54e..0000000000000000000000000000000000000000 Binary files a/safety-2.3.5.tar.gz and /dev/null differ diff --git a/safety-3.5.1.tar.gz b/safety-3.5.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..bc17ae039efe7e2e0eaee99101f65c86c4684a94 Binary files /dev/null and b/safety-3.5.1.tar.gz differ