Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: test handling of ~= in requirements.txt and add it to docs #3610

Merged
merged 8 commits into from
Jan 9, 2024
Merged

feat: test handling of ~= in requirements.txt and add it to docs #3610

merged 8 commits into from
Jan 9, 2024

Conversation

ayushthe1
Copy link
Contributor

fixes #3581 .

CVE binary tool can already handle version ranges specified with ~= in the requirements.txt file since it utilizes pip install --dry-run .

Whats added by this PR :

  • a test showing this ability by adding a package to test_requirements.txt file with ~= and updating the test to make sure it's parsed.
  • documentation mentioning that ~= in requirements.txt can be supported by cve-bin-tool

terriko
terriko requested changes Dec 19, 2023
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test looks good. I think we could probably tell users a bit more in the docs, so I've added some suggested changes for you with some extra text.

doc/MANUAL.md Outdated Show resolved Hide resolved
doc/MANUAL.md Show resolved Hide resolved
ayushthe1 and others added 3 commits December 20, 2023 10:48
@ayushthe1 @terriko
Update doc
174454f 
Co-authored-by: Terri Oda <terri@toybox.ca>
@ayushthe1 @terriko
Update doc
9fc5ec6 
Co-authored-by: Terri Oda <terri@toybox.ca>
@ayushthe1
Merge branch 'main' into testHandling
57db4df
@ayushthe1
Copy link
Contributor Author

Thanks for the review @terriko. I've incorporated your suggestions.

@terriko
Copy link
Contributor

terriko commented Jan 3, 2024

Updating branch for the tests.

@codecov-commenter
Copy link

codecov-commenter commented Jan 3, 2024
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (f835f2c) 79.02% compared to head (8c3db2a) 79.11%.

Files Patch % Lines
test/test_package_list_parser.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3610      +/-   ##
==========================================
+ Coverage   79.02%   79.11%   +0.09%     
==========================================
  Files         799      799              
  Lines       11954    11954              
  Branches     1603     1603              
==========================================
+ Hits         9447     9458      +11     
+ Misses       2065     2058       -7     
+ Partials      442      438       -4
Flag Coverage Δ
longtests 73.86% <0.00%> (-0.04%) ⬇️
win-longtests 77.13% <0.00%> (+0.09%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

terriko
terriko requested changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test works, but adding a new dependency to test_requirements.txt and having to install it is going to make this test take longer than it needs to because it'll have to make another network request to install stuff. Can you switch this to use something we're already installing? e.g. it should work just as well if you edit one of the other lines instead of adding lua-cjson. Also, maybe now is a good time to change this test so there are only two things in test_requirements.txt if we're just testing == and ~=? No point in making more system churn if we don't need to. I'd suggest you remove html5lib because I hate their version numbering scheme and just make the test use httplib2 and requests.

@ayushthe1 ayushthe1 requested a review from terriko January 9, 2024 11:35
terriko
terriko approved these changes Jan 9, 2024
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This looks like it'll do the trick and might even make things run a bit faster.

@terriko terriko merged commit 6d4df4a into intel:main Jan 9, 2024
22 checks passed
inosmeet pushed a commit to inosmeet/cve-bin-tool that referenced this pull request Feb 6, 2024
@ayushthe1 @terriko @inosmeet
feat: test handling of ~= in requirements.txt and add it to docs (i…
619a41f 
…ntel#3610)

Co-authored-by: Terri Oda <terri.oda@intel.com>
inosmeet pushed a commit to inosmeet/cve-bin-tool that referenced this pull request Feb 16, 2024
@ayushthe1 @terriko @inosmeet
feat: test handling of ~= in requirements.txt and add it to docs (i…
5d5107f 
…ntel#3610)

Co-authored-by: Terri Oda <terri.oda@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terriko terriko terriko approved these changes

Assignees
No one assigned
Labels
awaiting CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: document/test handling of ~ in python requirements.txt
3 participants
@ayushthe1 @terriko @codecov-commenter