pip-audit
pip-audit copied to clipboard
662 duplicates are not supported in requirements.txt when run with disable pip
Recently, I run in the same problem described in #662. To avoid this, I propose a finer check for duplicates based on both name and specifier.
As stated in the issue, when the --disable-pip
flag is used, we could consider that a full requirement resolution has been made. Knowing that, as long as specifiers matches, having duplicates is not a problem. If they don't match, we raise an error like before.
On the side, I also add a small fix for stdout/stderr reading in pip_audit/_subprocess.py
. I don't know if it's specific to windows, but the fact that a size was specified, I had the process hanging indefinitely.
Thanks for the patch @mathbou! I'll review this today.
It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw
It's been a while here, is there anything that prevent us to go further with this PR ? @woodruffw
Nope, I've just been delayed in reviews, sorry 😅. I'll do another pass on this today.
(Thank you very much for keeping this PR alive and conflict-free!)
@woodruffw I updated the changelog, feel free to change it if it's not clear enough