-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
requirement, test: Remove preresolved dependency optimization #540
Conversation
|
||
|
||
def test_requirement_source_no_deps_non_editable_without_egg_fragment(req_file): | ||
def test_requirement_source_require_hashes_incorrect_hash(req_file): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a few tests but to be honest, some of these (and the existing ones) are essentially testing pip
. We could potentially trim these down to a bare minimum that at least confirms that we're providing the right flags to pip
and call it a day.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I'd be okay with dropping tests that aren't contributing to our coverage. But yes, it'd be good to confirm that we pass the right flags in some new tests.
I'm still looking for some large requirements files to test performance with. |
CHANGELOG.md
Outdated
* `pip-audit`'s handling of dependency resolution has been significantly | ||
refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523)) | ||
refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523) | ||
and [#540](https://github.com/pypa/pip-audit/pull/540)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NB: We'll probably want a separate CHANGELOG
entry after all, since we're making this change after this entry's release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Let's get this deconflicted and merged 🙂
dde7daa
to
05180d3
Compare
I didn't manage to find any ridiculously large requirements files. But I tested across a few and found that there isn't a meaningful performance impact vs just a regular |
Glad to hear it! Yeah, I think we're fine to move ahead here -- feel free to do another patch release to get this out 🙂 |
## [2.5.4] ### Changed * Refactored `index-url` option to not override user pip config by default, unless specified ([#565](pypa/pip-audit#565)) ### Fixed * Fixed bug with the `--fix` flag where new requirements were sometimes being appended to requirement files instead of patching the existing requirement ([#577](pypa/pip-audit#577)) * Fixed a crash caused by auditing requirements files that refer to other requirements files ([#568](pypa/pip-audit#568)) ## [2.5.3] ### Changed * Further simplified `pip-audit`'s dependency resolution to remove inconsistent behaviour when using hashed requirements or the `--no-deps` flag ([#540](pypa/pip-audit#540)) ### Fixed * Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs ([#572](pypa/pip-audit#572)) ## [2.5.2] ### Fixed * Fixed a loose dependency constraint for CycloneDX SBOM generation ([#558](pypa/pip-audit#558))
Closes #539.
Closes #564.