Skip to content

Commit

Permalink
Merge pull request #846 from pypa/ww/drop-38
Browse files Browse the repository at this point in the history
drop 3.8, add 3.13
  • Loading branch information
di authored Nov 4, 2024
2 parents d491ca3 + 2e036d4 commit 0f7ba6a
Show file tree
Hide file tree
Showing 21 changed files with 65 additions and 41 deletions.
20 changes: 17 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,34 @@ jobs:
strategy:
matrix:
python:
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
- "3.13"
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected].2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- uses: actions/setup-python@v5
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
with:
python-version: ${{ matrix.python }}
cache: "pip"
cache-dependency-path: pyproject.toml

- name: test
run: make test PIP_AUDIT_EXTRA=test

all-tests-pass:
if: always()

needs:
- test

runs-on: ubuntu-latest

steps:
- name: check test jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2 # v3.3.0
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected].2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- uses: actions/setup-python@v5
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
with:
python-version: "3.8"
python-version: "3.9"
cache: "pip"
cache-dependency-path: pyproject.toml

Expand All @@ -24,14 +24,14 @@ jobs:
check-readme:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected].2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- uses: actions/setup-python@v5
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
# NOTE(ww): Important: use pip-audit's minimum supported Python version
# in this check, since Python can change the `--help` rendering in
# `argparse` between major versions.
with:
python-version: "3.8"
python-version: "3.9"
cache: "pip"
cache-dependency-path: pyproject.toml

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ jobs:
contents: write

steps:
- uses: actions/[email protected].2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- uses: actions/setup-python@v5
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
with:
python-version-file: pyproject.toml

Expand All @@ -36,7 +36,7 @@ jobs:
uses: pypa/gh-action-pypi-publish@release/v1

- name: sign
uses: sigstore/[email protected]
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
with:
inputs: ./dist/*.tar.gz ./dist/*.whl
release-signing-artifacts: true
16 changes: 8 additions & 8 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,35 +19,35 @@ jobs:
security-events: write
# Used to receive a badge. (Upcoming feature)
id-token: write

steps:
- name: "Checkout code"
uses: actions/checkout@v4.2.2 # tag=v3.0.0
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # tag=v4.4.3
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # tag=v3.27.0
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
sarif_file: results.sarif
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ All versions prior to 0.0.9 are untracked.
caching directory idioms (e.g. XDG)
([#814](https://github.com/pypa/pip-audit/pull/814))

* The minimum version of Python is now 3.9
([#846](https://github.com/pypa/pip-audit/pull/846))

### Fixed

* Auditing a fully-pinned requirements file with `--disable-pip` now allows for
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ as well as performing common development tasks.

## Requirements

`pip-audit`'s only development environment requirement *should* be Python 3.8
`pip-audit`'s only development environment requirement *should* be Python 3.9
or newer. Development and testing is actively performed on macOS and Linux,
but Windows and other supported platforms that are supported by Python
should also work.
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ with support from Google. This is not an official Google or Trail of Bits produc

## Installation

`pip-audit` requires Python 3.8 or newer, and can be installed directly via `pip`:
`pip-audit` requires Python 3.9 or newer, and can be installed directly via `pip`:

```bash
python -m pip install pip-audit
Expand Down
2 changes: 1 addition & 1 deletion pip_audit/_audit.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
from __future__ import annotations

import logging
from collections.abc import Iterator
from dataclasses import dataclass
from typing import Iterator

from pip_audit._dependency_source import DependencySource
from pip_audit._service import Dependency, VulnerabilityResult, VulnerabilityService
Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@
import logging
import os
import sys
from collections.abc import Iterator
from contextlib import ExitStack, contextmanager
from pathlib import Path
from typing import IO, Iterator, NoReturn, cast
from typing import IO, NoReturn, cast

from pip_audit import __version__
from pip_audit._audit import AuditOptions, Auditor
Expand Down
2 changes: 1 addition & 1 deletion pip_audit/_dependency_source/interface.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
from __future__ import annotations

from abc import ABC, abstractmethod
from typing import Iterator
from collections.abc import Iterator

from pip_audit._fix import ResolvedFixVersion
from pip_audit._service import Dependency
Expand Down
2 changes: 1 addition & 1 deletion pip_audit/_dependency_source/pip.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
import os
import subprocess
import sys
from collections.abc import Iterator, Sequence
from pathlib import Path
from typing import Iterator, Sequence

import pip_api
from packaging.version import InvalidVersion, Version
Expand Down
9 changes: 5 additions & 4 deletions pip_audit/_dependency_source/pyproject.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@

import logging
import os
from collections.abc import Iterator
from pathlib import Path
from tempfile import NamedTemporaryFile, TemporaryDirectory
from typing import Iterator

import toml
from packaging.requirements import Requirement
Expand Down Expand Up @@ -81,9 +81,10 @@ def collect(self) -> Iterator[Dependency]:
# dependency resolution now, we can think about doing `pip install <local-project-dir>`
# regardless of whether the project has a `pyproject.toml` or not. And if it doesn't
# have a `pyproject.toml`, we can raise an error if the user provides `--fix`.
with TemporaryDirectory() as ve_dir, NamedTemporaryFile(
dir=ve_dir, delete=False
) as req_file:
with (
TemporaryDirectory() as ve_dir,
NamedTemporaryFile(dir=ve_dir, delete=False) as req_file,
):
# We use delete=False in creating the tempfile to allow it to be
# closed and opened multiple times within the context scope on
# windows, see GitHub issue #646.
Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_dependency_source/requirement.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,11 @@
import logging
import re
import shutil
from collections.abc import Iterator
from contextlib import ExitStack
from pathlib import Path
from tempfile import NamedTemporaryFile, TemporaryDirectory
from typing import IO, Iterator
from typing import IO

from packaging.specifiers import SpecifierSet
from packaging.utils import canonicalize_name
Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_fix.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@
from __future__ import annotations

import logging
from collections.abc import Iterator
from dataclasses import dataclass
from typing import Any, Iterator, cast
from typing import Any, cast

from packaging.version import Version

Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_format/columns.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@

from __future__ import annotations

from collections.abc import Iterable
from itertools import zip_longest
from typing import Any, Iterable, cast
from typing import Any, cast

from packaging.version import Version

Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_service/interface.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@
from __future__ import annotations

from abc import ABC, abstractmethod
from collections.abc import Iterator
from dataclasses import dataclass, replace
from datetime import datetime
from typing import Any, Iterator, NewType
from typing import Any, NewType

from packaging.utils import canonicalize_name
from packaging.version import Version
Expand Down
3 changes: 2 additions & 1 deletion pip_audit/_state.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@

import logging
from abc import ABC, abstractmethod
from collections.abc import Sequence
from logging.handlers import MemoryHandler
from typing import Any, Sequence
from typing import Any

from rich.align import StyleType
from rich.console import Console, Group, RenderableType
Expand Down
2 changes: 1 addition & 1 deletion pip_audit/_subprocess.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@

import os.path
import subprocess
from collections.abc import Sequence
from subprocess import Popen
from typing import Sequence

from ._state import AuditState

Expand Down
2 changes: 1 addition & 1 deletion pip_audit/_virtual_env.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
import json
import logging
import venv
from collections.abc import Iterator
from os import PathLike
from tempfile import NamedTemporaryFile, TemporaryDirectory, gettempdir
from types import SimpleNamespace
from typing import Iterator

from packaging.version import Version

Expand Down
6 changes: 3 additions & 3 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ classifiers = [
"License :: OSI Approved :: Apache Software License",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Topic :: Security",
]
dependencies = [
Expand All @@ -36,9 +36,9 @@ dependencies = [
"requests >= 2.31.0",
"rich>=12.4",
"toml>=0.10",
"platformdirs>=4.2.0"
"platformdirs>=4.2.0",
]
requires-python = ">=3.8"
requires-python = ">=3.9"

[project.optional-dependencies]
test = [
Expand Down

0 comments on commit 0f7ba6a

Please sign in to comment.