Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

662 duplicates are not supported in requirements.txt when run with disable pip #749

Conversation

mathbou
Copy link
Contributor

@mathbou mathbou commented Mar 17, 2024

Recently, I run in the same problem described in #662. To avoid this, I propose a finer check for duplicates based on both name and specifier.

As stated in the issue, when the --disable-pip flag is used, we could consider that a full requirement resolution has been made. Knowing that, as long as specifiers matches, having duplicates is not a problem. If they don't match, we raise an error like before.

On the side, I also add a small fix for stdout/stderr reading in pip_audit/_subprocess.py. I don't know if it's specific to windows, but the fact that a size was specified, I had the process hanging indefinitely.

@woodruffw
Copy link
Member

Thanks for the patch @mathbou! I'll review this today.

@woodruffw woodruffw self-requested a review March 18, 2024 14:44
@woodruffw woodruffw added the component:dep-sources Dependency sources label Mar 18, 2024
pip_audit/_subprocess.py Outdated Show resolved Hide resolved
@woodruffw woodruffw added the needs-response Needs response from the reporter. label Mar 20, 2024
@mathbou mathbou requested a review from woodruffw May 10, 2024 18:01
@mathbou
Copy link
Contributor Author

mathbou commented Aug 22, 2024

It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw

@woodruffw
Copy link
Member

It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw

Nope, I've just been delayed in reviews, sorry 😅. I'll do another pass on this today.

(Thank you very much for keeping this PR alive and conflict-free!)

Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mathbou, this looks good to me!

Could you add a CHANGELOG entry describing the bugfix here? The other entries in the file should serve as a reference for our preferred entry format 🙂

@mathbou
Copy link
Contributor Author

mathbou commented Aug 26, 2024

@woodruffw I updated the changelog, feel free to change it if it's not clear enough

CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
@mathbou mathbou requested a review from woodruffw October 16, 2024 23:21
mathbou and others added 4 commits October 21, 2024 23:32
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
@woodruffw woodruffw enabled auto-merge (squash) October 22, 2024 18:13
@woodruffw
Copy link
Member

woodruffw commented Oct 22, 2024

Thanks for your hard work and patience here @mathbou!

@woodruffw woodruffw merged commit 39b140e into pypa:main Oct 22, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component:dep-sources Dependency sources needs-response Needs response from the reporter.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants