pip-audit icon indicating copy to clipboard operation
pip-audit copied to clipboard

662 duplicates are not supported in requirements.txt when run with disable pip

Open mathbou opened this issue 11 months ago • 4 comments

Recently, I run in the same problem described in #662. To avoid this, I propose a finer check for duplicates based on both name and specifier.

As stated in the issue, when the --disable-pip flag is used, we could consider that a full requirement resolution has been made. Knowing that, as long as specifiers matches, having duplicates is not a problem. If they don't match, we raise an error like before.

On the side, I also add a small fix for stdout/stderr reading in pip_audit/_subprocess.py. I don't know if it's specific to windows, but the fact that a size was specified, I had the process hanging indefinitely.

mathbou avatar Mar 17 '24 20:03 mathbou

Thanks for the patch @mathbou! I'll review this today.

woodruffw avatar Mar 18 '24 14:03 woodruffw

It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw

mathbou avatar Aug 22 '24 09:08 mathbou

It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw

Nope, I've just been delayed in reviews, sorry 😅. I'll do another pass on this today.

(Thank you very much for keeping this PR alive and conflict-free!)

woodruffw avatar Aug 23 '24 14:08 woodruffw

@woodruffw I updated the changelog, feel free to change it if it's not clear enough

mathbou avatar Aug 26 '24 09:08 mathbou