🐍 pipctl 🤗
------------
To make things clear from the beginning - this tool, ``pipctl``, is pronounced as "*pip cuddle*". 🤗🐍
**Notice:** This tool is just a prototype.
The tool provides the ability to generate a requirements file with all the dependencies locked (similarly as `pip-tools <https://pypi.org/project/pip-tools/>`__ does) but stating dependencies without vulnerabilities or only with the acceptable ones. `OSV <https://osv.dev>`_ database is used as a source of known vulnerabilities.
Usage
=====
First, install the tool:
.. code-block:: console
pip install pipctl
Create a configuration file:
.. code-block:: console
pipctl config
An example content of ``pipctl.yaml``:
.. code-block:: yaml
# A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.
acceptable_vulnerabilities: []
# A path to requirements.txt file, relative to this configuration file.
requirements_file: ./requirements.txt
State your dependencies in ``requirements.txt`` (or ``requirements.in`` as in case of `pip-tools <https://pypi.org/project/pip-tools/>`__; the file name is stated in the configuration file):
.. code-block:: text
flask<=2.2.2
To generate a requirements file, run the following command:
.. code-block:: console
pipctl constraint > requirements-pipctl.txt
An example output produced (content of ``requirements-pipctl.txt``):
.. code-block:: console
click==8.1.3
flask==2.2.2
importlib-metadata==6.0.0
itsdangerous==2.1.2
jinja2==3.1.2
markupsafe==2.1.1
werkzeug==2.2.2
zipp==3.11.0
Subsequently, the application requirements can be installed using ``pip``:
.. code-block:: console
pip install -r requirements-pipctl.txt
If you use another formats to store requirements, consider using `micropipenv <https://github.com/thoth-station/micropipenv>`_ and its ``micropipenv requirements`` subcommand to perform translation.
If the resolution using ``pipctl`` fails because of vulnerabilities present, check exploitability of dependencies present (based on messages printed to stderr). If vulnerabilities are acceptable, state them in ``pipctl.yaml`` file and rerun the resolution process.
Example:
.. code-block:: console
$ cat pipctl.yaml
acceptable_vulnerabilities: []
requirements_file: ./requirements.txt
$ cat requirements.txt
urllib3==1.26.0
$ pipctl constraint
WARNING: Adding constraint 'urllib3!=1.26.0' based on vulnerability GHSA-5phf-pp7p-vc2r - see https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r
ERROR: Cannot install urllib3!=1.26.0 and urllib3==1.26.0 because these package versions have conflicting dependencies.
ERROR: Traceback (most recent call last):
File "/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py", line 348, in resolve
self._add_to_criteria(self.state.criteria, r, parent=None)
File "/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py", line 173, in _add_to_criteria
raise RequirementsConflicted(criterion)
pip._vendor.resolvelib.resolvers.RequirementsConflicted: Requirements conflict: SpecifierRequirement('urllib3==1.26.0'), SpecifierRequirement('urllib3!=1.26.0')
...
An updated configuration file stating acceptable vulnerabilities `GHSA-5phf-pp7p-vc2r <https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r>`_ and `GHSA-q2q7-5pp4-w6pg <https://osv.dev/vulnerability/GHSA-q2q7-5pp4-w6pg>`_ leading to a successful resolution:
.. code-block:: yaml
$ cat pipctl.yaml # A new pipctl.yaml file
acceptable_vulnerabilities: [GHSA-5phf-pp7p-vc2r, GHSA-q2q7-5pp4-w6pg]
requirements_file: ./requirements.txt
$ cat requirements.txt
urllib3==1.26.0
$ pipctl constraint
2023-01-11 18:12:34,240 [79773] INFO pipctl._osv: Downloading OSV database
WARNING: Ignoring vulnerability 'GHSA-5phf-pp7p-vc2r'
WARNING: Ignoring vulnerability 'GHSA-q2q7-5pp4-w6pg'
WARNING: Ignoring vulnerability 'PYSEC-2021-108'
WARNING: Ignoring vulnerability 'PYSEC-2021-59'
urllib3==1.26.0
Another example of a resolution finding a set of dependencies without vulnerability:
.. code-block:: yaml
$ cat requirements.in
flask<2
certifi<=2022.9.24
$ cat pipctl.yaml
acceptable_vulnerabilities: []
requirements_file: ./requirements.in
$ python3 ./pipctl-cli constraints
2022-12-19 10:16:44,087 [92142] INFO pipctl._osv: Downloading OSV database
WARNING: Adding constraint 'certifi!=2022.9.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=1.0.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'certifi!=2022.9.14' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2022.6.15.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2022.6.15.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2022.6.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2022.5.18.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=1.0.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'certifi!=2021.10.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=0.16.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'certifi!=2021.5.30' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2020.12.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=0.16.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'werkzeug!=0.15.6' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'werkzeug!=0.15.5' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'werkzeug!=0.15.4' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'werkzeug!=0.15.3' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203
WARNING: Adding constraint 'certifi!=2020.11.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2020.6.20' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2020.4.5.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2020.4.5.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=0.15.2' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
WARNING: Adding constraint 'werkzeug!=0.15.1' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
WARNING: Adding constraint 'certifi!=2020.4.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'werkzeug!=0.15.0' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc
WARNING: Adding constraint 'certifi!=2019.11.28' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2019.9.11' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2019.6.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2019.3.9' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.11.29' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.10.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.8.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.8.13' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.4.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2018.1.18' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
WARNING: Adding constraint 'certifi!=2017.11.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8
certifi==2017.7.27.1
click==8.1.3
flask==1.1.2
itsdangerous==2.1.2
jinja2==3.1.2
markupsafe==2.1.1
werkzeug==2.2.2
Configuration file
==================
The configuration file can be generated using:
.. code-block:: console
pipctl config
An example configuration file can look like this:
.. code-block:: yaml
# A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.
acceptable_vulnerabilities:
- GHSA-5wv5-4vpf-pj6m # See https://osv.dev/vulnerability/GHSA-5wv5-4vpf-pj6m
requirements_file: ./requirements.txt
Each vulnerability can be referenced using its identifier or one of its aliases stated in the `OSV.dev <https://osv.dev>`_ database, see examples listed above.
License
=======
See the LICENSE file.
Raw data
{
"_id": null,
"home_page": "https://github.com/fridex/pipctl",
"name": "pipctl",
"maintainer": "Fridolin Pokorny",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "fridolin.pokorny@datadoghq.com",
"keywords": "packaging,pip,dependencies,dependency-management,utilities,vulnerabilities,security,pip-tools",
"author": "Fridolin Pokorny",
"author_email": "fridolin.pokorny@datadoghq.com",
"download_url": "https://pypi.org/project/pipctl/",
"platform": null,
"description": "\ud83d\udc0d pipctl \ud83e\udd17\n------------\n\nTo make things clear from the beginning - this tool, ``pipctl``, is pronounced as \"*pip cuddle*\". \ud83e\udd17\ud83d\udc0d\n\n**Notice:** This tool is just a prototype.\n\nThe tool provides the ability to generate a requirements file with all the dependencies locked (similarly as `pip-tools <https://pypi.org/project/pip-tools/>`__ does) but stating dependencies without vulnerabilities or only with the acceptable ones. `OSV <https://osv.dev>`_ database is used as a source of known vulnerabilities.\n\nUsage\n=====\n\nFirst, install the tool:\n\n.. code-block:: console\n\n pip install pipctl\n\nCreate a configuration file:\n\n.. code-block:: console\n\n pipctl config\n\nAn example content of ``pipctl.yaml``:\n\n.. code-block:: yaml\n\n # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.\n acceptable_vulnerabilities: []\n # A path to requirements.txt file, relative to this configuration file.\n requirements_file: ./requirements.txt\n\nState your dependencies in ``requirements.txt`` (or ``requirements.in`` as in case of `pip-tools <https://pypi.org/project/pip-tools/>`__; the file name is stated in the configuration file):\n\n.. code-block:: text\n\n flask<=2.2.2\n\nTo generate a requirements file, run the following command:\n\n.. code-block:: console\n\n pipctl constraint > requirements-pipctl.txt\n\nAn example output produced (content of ``requirements-pipctl.txt``):\n\n.. code-block:: console\n\n click==8.1.3\n flask==2.2.2\n importlib-metadata==6.0.0\n itsdangerous==2.1.2\n jinja2==3.1.2\n markupsafe==2.1.1\n werkzeug==2.2.2\n zipp==3.11.0\n\nSubsequently, the application requirements can be installed using ``pip``:\n\n.. code-block:: console\n\n pip install -r requirements-pipctl.txt\n\nIf you use another formats to store requirements, consider using `micropipenv <https://github.com/thoth-station/micropipenv>`_ and its ``micropipenv requirements`` subcommand to perform translation.\n\nIf the resolution using ``pipctl`` fails because of vulnerabilities present, check exploitability of dependencies present (based on messages printed to stderr). If vulnerabilities are acceptable, state them in ``pipctl.yaml`` file and rerun the resolution process.\n\nExample:\n\n.. code-block:: console\n\n $ cat pipctl.yaml\n acceptable_vulnerabilities: []\n requirements_file: ./requirements.txt\n\n $ cat requirements.txt\n urllib3==1.26.0\n\n $ pipctl constraint\n WARNING: Adding constraint 'urllib3!=1.26.0' based on vulnerability GHSA-5phf-pp7p-vc2r - see https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r\n ERROR: Cannot install urllib3!=1.26.0 and urllib3==1.26.0 because these package versions have conflicting dependencies.\n ERROR: Traceback (most recent call last):\n File \"/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py\", line 348, in resolve\n self._add_to_criteria(self.state.criteria, r, parent=None)\n File \"/Users/fridolin.pokorny/git/fridex/pipctl/venv/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py\", line 173, in _add_to_criteria\n raise RequirementsConflicted(criterion)\n pip._vendor.resolvelib.resolvers.RequirementsConflicted: Requirements conflict: SpecifierRequirement('urllib3==1.26.0'), SpecifierRequirement('urllib3!=1.26.0')\n ...\n\nAn updated configuration file stating acceptable vulnerabilities `GHSA-5phf-pp7p-vc2r <https://osv.dev/vulnerability/GHSA-5phf-pp7p-vc2r>`_ and `GHSA-q2q7-5pp4-w6pg <https://osv.dev/vulnerability/GHSA-q2q7-5pp4-w6pg>`_ leading to a successful resolution:\n\n.. code-block:: yaml\n\n $ cat pipctl.yaml # A new pipctl.yaml file\n acceptable_vulnerabilities: [GHSA-5phf-pp7p-vc2r, GHSA-q2q7-5pp4-w6pg]\n requirements_file: ./requirements.txt\n\n $ cat requirements.txt\n urllib3==1.26.0\n\n $ pipctl constraint\n 2023-01-11 18:12:34,240 [79773] INFO pipctl._osv: Downloading OSV database\n WARNING: Ignoring vulnerability 'GHSA-5phf-pp7p-vc2r'\n WARNING: Ignoring vulnerability 'GHSA-q2q7-5pp4-w6pg'\n WARNING: Ignoring vulnerability 'PYSEC-2021-108'\n WARNING: Ignoring vulnerability 'PYSEC-2021-59'\n urllib3==1.26.0\n\nAnother example of a resolution finding a set of dependencies without vulnerability:\n\n.. code-block:: yaml\n\n $ cat requirements.in \n flask<2\n certifi<=2022.9.24\n \n $ cat pipctl.yaml \n acceptable_vulnerabilities: []\n requirements_file: ./requirements.in\n \n $ python3 ./pipctl-cli constraints\n 2022-12-19 10:16:44,087 [92142] INFO pipctl._osv: Downloading OSV database\n WARNING: Adding constraint 'certifi!=2022.9.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=1.0.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'certifi!=2022.9.14' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2022.6.15.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2022.6.15.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2022.6.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2022.5.18.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=1.0.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'certifi!=2021.10.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=0.16.1' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'certifi!=2021.5.30' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2020.12.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=0.16.0' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'werkzeug!=0.15.6' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'werkzeug!=0.15.5' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'werkzeug!=0.15.4' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'werkzeug!=0.15.3' based on vulnerability PYSEC-2022-203 - see https://osv.dev/vulnerability/PYSEC-2022-203\n WARNING: Adding constraint 'certifi!=2020.11.8' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2020.6.20' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2020.4.5.2' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2020.4.5.1' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=0.15.2' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n WARNING: Adding constraint 'werkzeug!=0.15.1' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n WARNING: Adding constraint 'certifi!=2020.4.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'werkzeug!=0.15.0' based on vulnerability GHSA-gq9m-qvpx-68hc - see https://osv.dev/vulnerability/GHSA-gq9m-qvpx-68hc\n WARNING: Adding constraint 'certifi!=2019.11.28' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2019.9.11' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2019.6.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2019.3.9' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.11.29' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.10.15' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.8.24' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.8.13' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.4.16' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2018.1.18' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n WARNING: Adding constraint 'certifi!=2017.11.5' based on vulnerability GHSA-43fp-rhv2-5gv8 - see https://osv.dev/vulnerability/GHSA-43fp-rhv2-5gv8\n certifi==2017.7.27.1\n click==8.1.3\n flask==1.1.2\n itsdangerous==2.1.2\n jinja2==3.1.2\n markupsafe==2.1.1\n werkzeug==2.2.2\n\nConfiguration file\n==================\n\nThe configuration file can be generated using:\n\n.. code-block:: console\n\n pipctl config\n\nAn example configuration file can look like this:\n\n.. code-block:: yaml\n\n # A listing of vulnerabilities that are acceptable in the application. OSV.dev is used as a source.\n acceptable_vulnerabilities:\n - GHSA-5wv5-4vpf-pj6m # See https://osv.dev/vulnerability/GHSA-5wv5-4vpf-pj6m\n requirements_file: ./requirements.txt\n\nEach vulnerability can be referenced using its identifier or one of its aliases stated in the `OSV.dev <https://osv.dev>`_ database, see examples listed above.\n\nLicense\n=======\n\nSee the LICENSE file.\n\n\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "Control pip's resolution process",
"version": "0.0.0",
"split_keywords": [
"packaging",
"pip",
"dependencies",
"dependency-management",
"utilities",
"vulnerabilities",
"security",
"pip-tools"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "954a241a69d51af45a5d66fd0a84bdf3634e22b4120aa160e47f1501a1caedae",
"md5": "f1aead06ac2be6cfd856022c26f4b943",
"sha256": "39f4f6a6a01ac88ce1fa47425628d34b85bc35e26003639e01d7031d994bb0c9"
},
"downloads": -1,
"filename": "pipctl-0.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f1aead06ac2be6cfd856022c26f4b943",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 14860,
"upload_time": "2023-01-26T22:58:01",
"upload_time_iso_8601": "2023-01-26T22:58:01.166994Z",
"url": "https://files.pythonhosted.org/packages/95/4a/241a69d51af45a5d66fd0a84bdf3634e22b4120aa160e47f1501a1caedae/pipctl-0.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-26 22:58:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "fridex",
"github_project": "pipctl",
"lcname": "pipctl"
}
JSON
