Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cache: respect pip's PIP_NO_CACHE_DIR #290

Merged
merged 2 commits into from
May 27, 2022
Merged

cache: respect pip's PIP_NO_CACHE_DIR #290

merged 2 commits into from
May 27, 2022

Conversation

woodruffw
Copy link
Member

Closes #289.

Signed-off-by: William Woodruff william@trailofbits.com

@woodruffw
cache: respect pip's PIP_NO_CACHE_DIR
799bb75 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw self-assigned this May 26, 2022
@woodruffw woodruffw mentioned this pull request May 26, 2022
Closed
@woodruffw
CHANGELOG: record changes
ebea21c 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw added the component:dep-sources Dependency sources label May 27, 2022
@woodruffw woodruffw merged commit adff88a into main May 27, 2022
@woodruffw woodruffw deleted the ww/respect-pip-cache-disable branch May 27, 2022 14:16
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 3, 2022
@0-wiz-0
py-pip-audit: update to 2.3.4.
32fd15c 
## [2.3.4]

### Fixed

* Vulnerability fixing: the `--fix` flag now works for vulnerabilities found in
  requirement subdependencies. A new line is now added to the requirement file
  to explicitly pin the offending subdependency
  ([#297](pypa/pip-audit#297))

## [2.3.3]

### Changed

* CLI: `pip-audit` now warns on the combination of `-s osv` and
  `--require-hashes`, notifying users that only the PyPI service
  can fully verify hashes
  ([#298](pypa/pip-audit#298))

### Fixed

* CLI/Dependency sources: `--cache-dir=...` and other flags that affect
  dependency resolver behavior now work correctly when auditing a
  `pyproject.toml` dependency source
  ([#300](pypa/pip-audit#300))

## [2.3.2] - 2022-05-14

### Changed

* CLI: `pip-audit`'s progress spinner has been refactored to make it
  faster and more responsive
  ([#283](pypa/pip-audit#283))

* CLI, Vulnerability sources: the error message used to report
  connection failures to vulnerability sources was improved
  ([#287](pypa/pip-audit#287))

* Vulnerability sources: the OSV service is now more resilient
  to schema changes ([#288](pypa/pip-audit#288))

* Vulnerability sources: the PyPI service provides a better
  error message during some cases of service degradation
  ([#294](pypa/pip-audit#294))

### Fixed

* Vulnerability sources: a bug stemming from an incorrect assumption
  about OSV's schema guarantees was fixed
  ([#284](pypa/pip-audit#284))

* Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR`
  and will not attempt to use the `pip` cache if present
  ([#290](pypa/pip-audit#290))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

Assignees

@di di

@woodruffw woodruffw

@tetsuo-cpp tetsuo-cpp

Labels
component:dep-sources Dependency sources
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fails with stacktrace when caching is disabled
3 participants
@woodruffw @di @tetsuo-cpp