pipctl


Namepipctl JSON
Version 0.0.0 PyPI version JSON
download
home_pagehttps://github.com/fridex/pipctl
SummaryControl pip's resolution process
upload_time2023-01-26 22:58:01
maintainerFridolin Pokorny
docs_urlNone
authorFridolin Pokorny
requires_python>=3.9
licenseBSD-3-Clause
keywords packaging pip dependencies dependency-management utilities vulnerabilities security pip-tools
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            🐍 pipctl 🤗
------------

To make things clear from the beginning - this tool, ``pipctl``, is pronounced as "*pip cuddle*". 🤗🐍

**Notice:** This tool is just a prototype.

The tool provides the ability to generate a requirements file with all the dependencies locked (similarly as `pip-tools <https://pypi.org/project/pip-tools/>`__ does) but stating dependencies without vulnerabilities or only with the acceptable ones. `OSV <https://osv.dev>`_ database is used as a source of known vulnerabilities.

Usage
=====

First, install the tool:

.. code-block:: console

  pip install pipctl

Create a configuration file:

.. code-block:: console

  pipctl config

An example content of ``pipctl.yaml``:

.. code-block:: yaml

  # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.
  acceptable_vulnerabilities: []
  # A path to requirements.txt file, relative to this configuration file.
  requirements_file: ./requirements.txt

State your dependencies in ``requirements.txt`` (or ``requirements.in`` as in case of `pip-tools <https://pypi.org/project/pip-tools/>`__; the file name is stated in the configuration file):

.. code-block:: text

  flask<=2.2.2

To generate a requirements file, run the following command:

.. code-block:: console

  pipctl constraint > requirements-pipctl.txt

An example output produced (content of ``requirements-pipctl.txt``):

.. code-block:: console

  click==8.1.3
  flask==2.2.2
  importlib-metadata==6.0.0
  itsdangerous==2.1.2
  jinja2==3.1.2
  markupsafe==2.1.1
  werkzeug==2.2.2
  zipp==3.11.0

Subsequently, the application requirements can be installed using ``pip``:

.. code-block:: console

  pip install -r requirements-pipctl.txt

If you use another formats to store requirements, consider using `micropipenv <https://github.com/thoth-station/micropipenv>`_ and its ``micropipenv requirements`` subcommand to perform translation.

If the resolution using ``pipctl`` fails because of vulnerabilities present, check exploitability of dependencies present (based on messages printed to stderr). If vulnerabilities are acceptable, state them in ``pipctl.yaml`` file and rerun the resolution process.

Example:

.. code-block:: console

  $ cat pipctl.yaml
  acceptable_vulnerabilities: []
  requirements_file: ./requirements.txt

  $ cat requirements.txt
  urllib3==1.26.0

  $ pipctl constraint
   WARNING: Adding constraint 'urllib3!=1.26.0' based on vulnerability GHSA-5phf-pp7p-vc2r - see https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r
   ERROR: Cannot install urllib3!=1.26.0 and urllib3==1.26.0 because these package versions have conflicting dependencies.
   ERROR: Traceback (most recent call last):
     File "/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py", line 348, in resolve
       self._add_to_criteria(self.state.criteria, r, parent=None)
     File "/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py", line 173, in _add_to_criteria
       raise RequirementsConflicted(criterion)
   pip._vendor.resolvelib.resolvers.RequirementsConflicted: Requirements conflict: SpecifierRequirement('urllib3==1.26.0'), SpecifierRequirement('urllib3!=1.26.0')
  ...

An updated configuration file stating acceptable vulnerabilities `GHSA-5phf-pp7p-vc2r <https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r>`_ and `GHSA-q2q7-5pp4-w6pg <https://osv.dev/vulnerability/GHSA-q2q7-5pp4-w6pg>`_ leading to a successful resolution:

.. code-block:: yaml

  $ cat pipctl.yaml  # A new pipctl.yaml file
  acceptable_vulnerabilities: [GHSA-5phf-pp7p-vc2r, GHSA-q2q7-5pp4-w6pg]
  requirements_file: ./requirements.txt

  $ cat requirements.txt
  urllib3==1.26.0

  $ pipctl constraint
  2023-01-11 18:12:34,240 [79773] INFO     pipctl._osv: Downloading OSV database
  WARNING: Ignoring vulnerability 'GHSA-5phf-pp7p-vc2r'
  WARNING: Ignoring vulnerability 'GHSA-q2q7-5pp4-w6pg'
  WARNING: Ignoring vulnerability 'PYSEC-2021-108'
  WARNING: Ignoring vulnerability 'PYSEC-2021-59'
  urllib3==1.26.0

Another example of a resolution finding a set of dependencies without vulnerability:

.. code-block:: yaml

  $ cat requirements.in                                  
  flask<2
  certifi<=2022.9.24
  
  $ cat pipctl.yaml 
  acceptable_vulnerabilities: []
  requirements_file: ./requirements.in
  
  $ python3 ./pipctl-cli constraints
  2022-12-19 10:16:44,087 [92142] INFO     pipctl._osv: Downloading OSV database
  WARNING: Adding constraint 'certifi!=2022.9.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=1.0.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'certifi!=2022.9.14' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2022.6.15.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2022.6.15.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2022.6.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2022.5.18.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=1.0.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'certifi!=2021.10.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=0.16.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'certifi!=2021.5.30' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2020.12.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=0.16.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'werkzeug!=0.15.6' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'werkzeug!=0.15.5' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'werkzeug!=0.15.4' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'werkzeug!=0.15.3' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
  WARNING: Adding constraint 'certifi!=2020.11.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2020.6.20' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2020.4.5.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2020.4.5.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=0.15.2' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
  WARNING: Adding constraint 'werkzeug!=0.15.1' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
  WARNING: Adding constraint 'certifi!=2020.4.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'werkzeug!=0.15.0' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
  WARNING: Adding constraint 'certifi!=2019.11.28' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2019.9.11' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2019.6.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2019.3.9' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.11.29' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.10.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.8.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.8.13' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.4.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2018.1.18' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  WARNING: Adding constraint 'certifi!=2017.11.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
  certifi==2017.7.27.1
  click==8.1.3
  flask==1.1.2
  itsdangerous==2.1.2
  jinja2==3.1.2
  markupsafe==2.1.1
  werkzeug==2.2.2

Configuration file
==================

The configuration file can be generated using:

.. code-block:: console

  pipctl config

An example configuration file can look like this:

.. code-block:: yaml

  # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.
  acceptable_vulnerabilities:
  - GHSA-5wv5-4vpf-pj6m   # See https://osv.dev/vulnerability/GHSA-5wv5-4vpf-pj6m
  requirements_file: ./requirements.txt

Each vulnerability can be referenced using its identifier or one of its aliases stated in the `OSV.dev <https://osv.dev>`_ database, see examples listed above.

License
=======

See the LICENSE file.



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/fridex/pipctl",
    "name": "pipctl",
    "maintainer": "Fridolin Pokorny",
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": "fridolin.pokorny@datadoghq.com",
    "keywords": "packaging,pip,dependencies,dependency-management,utilities,vulnerabilities,security,pip-tools",
    "author": "Fridolin Pokorny",
    "author_email": "fridolin.pokorny@datadoghq.com",
    "download_url": "https://pypi.org/project/pipctl/",
    "platform": null,
    "description": "\ud83d\udc0d pipctl \ud83e\udd17\n------------\n\nTo make things clear from the beginning - this tool, ``pipctl``, is pronounced as \"*pip cuddle*\". \ud83e\udd17\ud83d\udc0d\n\n**Notice:** This tool is just a prototype.\n\nThe tool provides the ability to generate a requirements file with all the dependencies locked (similarly as `pip-tools <https://pypi.org/project/pip-tools/>`__ does) but stating dependencies without vulnerabilities or only with the acceptable ones. `OSV <https://osv.dev>`_ database is used as a source of known vulnerabilities.\n\nUsage\n=====\n\nFirst, install the tool:\n\n.. code-block:: console\n\n  pip install pipctl\n\nCreate a configuration file:\n\n.. code-block:: console\n\n  pipctl config\n\nAn example content of ``pipctl.yaml``:\n\n.. code-block:: yaml\n\n  # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.\n  acceptable_vulnerabilities: []\n  # A path to requirements.txt file, relative to this configuration file.\n  requirements_file: ./requirements.txt\n\nState your dependencies in ``requirements.txt`` (or ``requirements.in`` as in case of `pip-tools <https://pypi.org/project/pip-tools/>`__; the file name is stated in the configuration file):\n\n.. code-block:: text\n\n  flask<=2.2.2\n\nTo generate a requirements file, run the following command:\n\n.. code-block:: console\n\n  pipctl constraint > requirements-pipctl.txt\n\nAn example output produced (content of ``requirements-pipctl.txt``):\n\n.. code-block:: console\n\n  click==8.1.3\n  flask==2.2.2\n  importlib-metadata==6.0.0\n  itsdangerous==2.1.2\n  jinja2==3.1.2\n  markupsafe==2.1.1\n  werkzeug==2.2.2\n  zipp==3.11.0\n\nSubsequently, the application requirements can be installed using ``pip``:\n\n.. code-block:: console\n\n  pip install -r requirements-pipctl.txt\n\nIf you use another formats to store requirements, consider using `micropipenv <https://github.com/thoth-station/micropipenv>`_ and its ``micropipenv requirements`` subcommand to perform translation.\n\nIf the resolution using ``pipctl`` fails because of vulnerabilities present, check exploitability of dependencies present (based on messages printed to stderr). If vulnerabilities are acceptable, state them in ``pipctl.yaml`` file and rerun the resolution process.\n\nExample:\n\n.. code-block:: console\n\n  $ cat pipctl.yaml\n  acceptable_vulnerabilities: []\n  requirements_file: ./requirements.txt\n\n  $ cat requirements.txt\n  urllib3==1.26.0\n\n  $ pipctl constraint\n   WARNING: Adding constraint 'urllib3!=1.26.0' based on vulnerability GHSA-5phf-pp7p-vc2r - see https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r\n   ERROR: Cannot install urllib3!=1.26.0 and urllib3==1.26.0 because these package versions have conflicting dependencies.\n   ERROR: Traceback (most recent call last):\n     File \"/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py\", line 348, in resolve\n       self._add_to_criteria(self.state.criteria, r, parent=None)\n     File \"/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py\", line 173, in _add_to_criteria\n       raise RequirementsConflicted(criterion)\n   pip._vendor.resolvelib.resolvers.RequirementsConflicted: Requirements conflict: SpecifierRequirement('urllib3==1.26.0'), SpecifierRequirement('urllib3!=1.26.0')\n  ...\n\nAn updated configuration file stating acceptable vulnerabilities `GHSA-5phf-pp7p-vc2r <https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r>`_ and `GHSA-q2q7-5pp4-w6pg <https://osv.dev/vulnerability/GHSA-q2q7-5pp4-w6pg>`_ leading to a successful resolution:\n\n.. code-block:: yaml\n\n  $ cat pipctl.yaml  # A new pipctl.yaml file\n  acceptable_vulnerabilities: [GHSA-5phf-pp7p-vc2r, GHSA-q2q7-5pp4-w6pg]\n  requirements_file: ./requirements.txt\n\n  $ cat requirements.txt\n  urllib3==1.26.0\n\n  $ pipctl constraint\n  2023-01-11 18:12:34,240 [79773] INFO     pipctl._osv: Downloading OSV database\n  WARNING: Ignoring vulnerability 'GHSA-5phf-pp7p-vc2r'\n  WARNING: Ignoring vulnerability 'GHSA-q2q7-5pp4-w6pg'\n  WARNING: Ignoring vulnerability 'PYSEC-2021-108'\n  WARNING: Ignoring vulnerability 'PYSEC-2021-59'\n  urllib3==1.26.0\n\nAnother example of a resolution finding a set of dependencies without vulnerability:\n\n.. code-block:: yaml\n\n  $ cat requirements.in                                  \n  flask<2\n  certifi<=2022.9.24\n  \n  $ cat pipctl.yaml \n  acceptable_vulnerabilities: []\n  requirements_file: ./requirements.in\n  \n  $ python3 ./pipctl-cli constraints\n  2022-12-19 10:16:44,087 [92142] INFO     pipctl._osv: Downloading OSV database\n  WARNING: Adding constraint 'certifi!=2022.9.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=1.0.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'certifi!=2022.9.14' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2022.6.15.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2022.6.15.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2022.6.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2022.5.18.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=1.0.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'certifi!=2021.10.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=0.16.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'certifi!=2021.5.30' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2020.12.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=0.16.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'werkzeug!=0.15.6' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'werkzeug!=0.15.5' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'werkzeug!=0.15.4' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'werkzeug!=0.15.3' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n  WARNING: Adding constraint 'certifi!=2020.11.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2020.6.20' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2020.4.5.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2020.4.5.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=0.15.2' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n  WARNING: Adding constraint 'werkzeug!=0.15.1' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n  WARNING: Adding constraint 'certifi!=2020.4.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'werkzeug!=0.15.0' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n  WARNING: Adding constraint 'certifi!=2019.11.28' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2019.9.11' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2019.6.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2019.3.9' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.11.29' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.10.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.8.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.8.13' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.4.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2018.1.18' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  WARNING: Adding constraint 'certifi!=2017.11.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n  certifi==2017.7.27.1\n  click==8.1.3\n  flask==1.1.2\n  itsdangerous==2.1.2\n  jinja2==3.1.2\n  markupsafe==2.1.1\n  werkzeug==2.2.2\n\nConfiguration file\n==================\n\nThe configuration file can be generated using:\n\n.. code-block:: console\n\n  pipctl config\n\nAn example configuration file can look like this:\n\n.. code-block:: yaml\n\n  # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.\n  acceptable_vulnerabilities:\n  - GHSA-5wv5-4vpf-pj6m   # See https://osv.dev/vulnerability/GHSA-5wv5-4vpf-pj6m\n  requirements_file: ./requirements.txt\n\nEach vulnerability can be referenced using its identifier or one of its aliases stated in the `OSV.dev <https://osv.dev>`_ database, see examples listed above.\n\nLicense\n=======\n\nSee the LICENSE file.\n\n\n",
    "bugtrack_url": null,
    "license": "BSD-3-Clause",
    "summary": "Control pip's resolution process",
    "version": "0.0.0",
    "split_keywords": [
        "packaging",
        "pip",
        "dependencies",
        "dependency-management",
        "utilities",
        "vulnerabilities",
        "security",
        "pip-tools"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "954a241a69d51af45a5d66fd0a84bdf3634e22b4120aa160e47f1501a1caedae",
                "md5": "f1aead06ac2be6cfd856022c26f4b943",
                "sha256": "39f4f6a6a01ac88ce1fa47425628d34b85bc35e26003639e01d7031d994bb0c9"
            },
            "downloads": -1,
            "filename": "pipctl-0.0.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "f1aead06ac2be6cfd856022c26f4b943",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.9",
            "size": 14860,
            "upload_time": "2023-01-26T22:58:01",
            "upload_time_iso_8601": "2023-01-26T22:58:01.166994Z",
            "url": "https://files.pythonhosted.org/packages/95/4a/241a69d51af45a5d66fd0a84bdf3634e22b4120aa160e47f1501a1caedae/pipctl-0.0.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-01-26 22:58:01",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "fridex",
    "github_project": "pipctl",
    "lcname": "pipctl"
}
        
Elapsed time: 0.03712s