Dustin Ingram
Dustin Ingram
Currently `tox` requires that a `build-system` table is defined in `pyproject.toml`: ``` $ echo -e '[tox]\nisolated_build = true' > tox.ini $ touch pyproject.toml $ python -m tox -e py ERROR:...
In #659 it was pointed out that some third parties use twine's undocumented/unsupported APIs and that certain changes and refactoring should not be made as it might break their usage....
The work done to implement #381 and #511 has indicated that the lack of a common (internal) API for each of our sub-commands has made it challenging to implement flags...
In https://github.com/pypa/pip/pull/11140 some documentation was added to resolve https://github.com/pypa/pip/issues/11037, but I think this repo should also have a `SECURITY.md` file describing the security policy in a way that is more...
This issue describes a potential roadmap for the integration of `pip-audit` into `pip` as a `pip audit` subcommand, as well as potential blockers. This top-level comment will be edited as...
As a project maintainer, I'd like to be able to use `pip-audit` to audit the sub-dependencies of my project (likely by somehow evaluating my local source tree prior to building...
Per the discussion at https://discuss.python.org/t/pip-installation-reports/12316, there seems to be an interest in generating detailed reports on the artifacts installed into an environment, with per-artifact data including: - index URL used...
Other vulnerability APIs such as PyPI's JSON API provide support for [caching](https://warehouse.pypa.io/api-reference/index.html#caching), allowing the client to avoid making multiple identical requests via [ETag headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag). The OSV API's use of `POST`...
**Description** Currently if I provide multiple search flags to `rekor-cli search`, I get the union of results with those individual terms (without duplicates removed): ``` $ rekor-cli search --sha `sha256sum...
While most advisories are automatically generated, occasionally they will be hand-written (e.g. https://github.com/pypa/advisory-database/pull/72/). It would be nice to add a tool (even if it's just a bash script) that can...