ܖiBdZddlZddlZddlZddlZddlmZmZddlm Z ddl Z ddl m Z m Z ddlmZmZmZddlmZddlmZmZmZdd lmZej4eZe d Ze ee j>Z Gd d eZ!Gd deZ"GddeZ#y)z[ Collect the local environment's active dependencies via `pip list`, wrapped by `pip-api`. N)IteratorSequence)Path)InvalidVersionVersion)DependencyFixErrorDependencySourceDependencySourceError)ResolvedFixVersion) DependencyResolvedDependencySkippedDependency) AuditStatez10.0.0b0c jeZdZdZdgdeddedeedededd f d Zde e fd Z d e dd fd Z y ) PipSourcezG Wraps `pip` (specifically `pip list`) as a dependency source. F)localpaths skip_editablestaterrrrreturnNcv||_||_||_||_tj j dtj}t jd}|-|j|stjd|d|dttkrtjdtdyy) aE Create a new `PipSource`. `local` determines whether to do a "local-only" list. If `True`, the `DependencySource` does not expose globally installed packages. `paths` is a list of locations to look for installed packages. If the list is empty, the `DependencySource` will query the current Python environment. `skip_editable` controls whether dependencies marked as "editable" are skipped. By default, editable dependencies are not skipped. `state` is an `AuditState` to use for state callbacks. PIPAPI_PYTHON_LOCATION VIRTUAL_ENVNzpip-audit will run pip against z/, but you have a virtual environment loaded at z. This may result in unintuitive audits, since your local environment will not be audited. You can forcefully override this behavior by setting PIPAPI_PYTHON_LOCATION to the location of your virtual environment's Python interpreter.zpip z is very old, and may not provide reliable dependency information! You are STRONGLY encouraged to upgrade to a newer version of pip.)_local_paths_skip_editablerosenvirongetsys executablegetenv startswithloggerwarning _PIP_VERSION_MINIMUM_RELIABLE_PIP_VERSION)selfrrrreffective_python venv_prefixs d/var/www/html/content-pipeline/venv/lib/python3.12/site-packages/pip_audit/_dependency_source/pip.py__init__zPipSource.__init__,s.  + "::>>*BCNNSii .  "+;+F+F{+S NN12B1CD33>-@TT  7 7 NN|n%((  8c #K tj|jt|jj D]\}}|j r$|jrt|jd}nj t|jtt|j}|jjd|jd|jd|y #t $rLd|jd|jd}t"j%|t|j|}Y[wxYw#t&$r}t)d |d }~wwxYww) z Collect all of the dependencies discovered by this `PipSource`. Raises a `PipSourceError` on any errors. )rrzdistribution marked as editable)name skip_reason)r/versionz Collecting  ()z6Package has invalid version and could not be audited: z&failed to list installed distributionsN)pip_apiinstalled_distributionsrlistritemseditablerrr/r rstrr1r update_staterr$debug ExceptionPipSourceError)r(_distdepr0es r+collectzPipSource.collectis5 R"::kkdkk):eg 4==T%8%8+!YY4UC Y0diiQTUYUaUaQbIcd //+chhZr#++VW0XY ' *YT#yykDLL><$ [1/TYYKX Y R !IJPQ Q RsOE"A8E=A)C-&E,E"-AE?EEE E EEE" fix_versionc $|jjd|jjd|jjd|jdt j ddd|jjd|jg} tj|d tjtj y #tj$r5}td |jjd |j|d }~wwxYw)zA Fixes a dependency version in this `PipSource`. zFixing r2z => r3z-mpipinstallz==T)checkstdoutstderrzfailed to upgrade dependency z to fix version N) rr:r@r/r1r r!canonical_name subprocessrunDEVNULLCalledProcessError PipFixError)r(rCfix_cmdcpes r+fixz PipSource.fixs koo**+2koo.E.E-Fd;K^K^J__` a  NN   --.b1D1D0E F    NN!))!))   ,, / 0D0D/EEU&&')  s5CD0D  D)__name__ __module__ __qualname____doc__rboolrrr,rr rBr rRr-r+rr's{ "#&L ;;~ ;  ;  ; ;zR*-RB1dr-rceZdZdZy)r=z)A `pip` specific `DependencySourceError`.NrSrTrUrVrXr-r+r=r=s3r-r=ceZdZdZy)rOz&A `pip` specific `DependencyFixError`.NrZrXr-r+rOrOs0r-rO)$rVloggingrrKr collections.abcrrpathlibrr4packaging.versionrrpip_audit._dependency_sourcerr r pip_audit._fixr pip_audit._servicer r rpip_audit._stater getLoggerrSr$r'r9 PIP_VERSIONr&rr=rOrXr-r+rfs   .5 .PP'   8 $ !( 3 s7../0 | |~ *  $ r-