Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip_audit: handle subprocess streams more cleanly #536

Merged
merged 5 commits into from
Mar 8, 2023
Merged

pip_audit: handle subprocess streams more cleanly #536

merged 5 commits into from
Mar 8, 2023

Conversation

woodruffw
Copy link
Member

This is just a followup to #523, with a few resiliency improvements:

  • We collect the pip subprocess's stderr and display it with an error message on failure;
  • We handle invalid UTF-8 more gracefully in both stdout and stderr, as there's no guarantee that pip install ... only prints valid unicode.

@woodruffw
pip_audit: handle subprocess stderr
ee49cd9 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw added component:dep-sources Dependency sources refactoring Refactoring tasks. chore Chores labels Mar 8, 2023
@woodruffw woodruffw requested a review from tetsuo-cpp March 8, 2023 16:15
@woodruffw woodruffw self-assigned this Mar 8, 2023
@woodruffw woodruffw mentioned this pull request Mar 8, 2023
Closed
woodruffw added 3 commits March 8, 2023 11:18
@woodruffw
CHANGELOG: record changes
342a8d8 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
_subprocess: docstring
f367379 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
test: fix venv tests
4cb5e75 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from jleightcap March 8, 2023 16:30
jleightcap
jleightcap approved these changes Mar 8, 2023
View reviewed changes
Copy link

@jleightcap jleightcap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@woodruffw woodruffw enabled auto-merge (squash) March 8, 2023 16:45
@woodruffw woodruffw merged commit f627b0e into main Mar 8, 2023
@woodruffw woodruffw deleted the ww/fix-534 branch March 8, 2023 16:50
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 19, 2023
@0-wiz-0
py-pip_audit: update to 2.5.1.
461ae18 
## [2.5.1]

### Fixed

* Fixed a crash on Windows caused by multiple open file handles to
  input requirements ([#551](pypa/pip-audit#551))

## [2.5.0]

### Changed

* Improved error messaging when a requirements input or indirect dependency
  has an invalid (non-PEP 440) requirements specifier
  ([#507](pypa/pip-audit#507))

* `pip-audit`'s handling of dependency resolution has been significantly
  refactored and simplified ([#523](pypa/pip-audit#523))

### Fixed

* Fixed a potential crash on invalid unicode in subprocess streams
  ([#536](pypa/pip-audit#536))

## [2.4.15]

**YANKED**

### Fixed

* Fixed an issue where hash checking would fail when using third-party indices
  ([#462](pypa/pip-audit#462))

* Fixed the behavior of the `--skip-editable` flag, which had regressed
  with an internal API change
  ([#499](pypa/pip-audit#499))

* Fixed a dependency resolution bug that can potentially be triggered when
  multiple packages have the same subdependency
  ([#488](pypa/pip-audit#488))
@tetsuo-cpp tetsuo-cpp mentioned this pull request Mar 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jleightcap jleightcap jleightcap approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@woodruffw woodruffw

Labels
chore Chores component:dep-sources Dependency sources refactoring Refactoring tasks.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@woodruffw @jleightcap