ܖi>dZddlmZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z mZddlmZdd lmZdd lmZdd lmZdd lmZmZmZdd lmZmZmZmZddl m!Z!ddl"m#Z#ddl$m%Z%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ejXe-Z.ej^dej`Z1GddeZ2GddeZ3GddeZ4y)zK Collect dependencies from one or more `requirements.txt`-formatted files. ) annotationsN)Iterator) ExitStack)Path)NamedTemporaryFileTemporaryDirectory)IO) SpecifierSet)canonicalize_name)Version)InstallRequirementInvalidRequirementLineRequirementsFile)DependencyFixErrorDependencySourceDependencySourceErrorInvalidRequirementSpecifier)ResolvedFixVersion) Dependency)ResolvedDependencySkippedDependency) AuditState) VirtualEnvVirtualEnvErrorz==(?P.+?)$ceZdZdZdddddged d dZd dZddZddZdd Z dd Z dd Z y)RequirementSourcezP Wraps `requirements.txt` dependency resolution as a dependency source. FN)require_hashesno_deps disable_pip skip_editable index_urlextra_index_urlsstatec||_||_||_||_||_||_||_||_i|_y)a Create a new `RequirementSource`. `filenames` provides the list of filepaths to parse. `require_hashes` controls the hash policy: if `True`, dependency collection will fail unless all requirements include hashes. `disable_pip` controls the dependency resolution policy: if `True`, dependency resolution is not performed and the inputs are checked and treated as "frozen". `no_deps` controls whether dependency resolution can be disabled even without hashed requirements (which implies a fully resolved requirements file): if `True`, `disable_pip` is allowed without a hashed requirements file. `skip_editable` controls whether requirements marked as "editable" are skipped. By default, editable requirements are not skipped. `index_url` is the base URL of the package index. `extra_index_urls` are the extra URLs of package indexes. `state` is an `AuditState` to use for state callbacks. N) _filenames_require_hashes_no_deps _disable_pip_skip_editable _index_url_extra_index_urlsr# _dep_cache) self filenamesrrrr r!r"r#s l/var/www/html/content-pipeline/venv/lib/python3.12/site-packages/pip_audit/_dependency_source/requirement.py__init__zRequirementSource.__init__/sHJ$- '+#!1 79c#Kg}g} |jD]}|jrstdd}|jd5}t j ||ddd|j t|j}|j||j||j|Ed{|D]}|jy#1swYxYw7(#|D]}|jwxYww)z Collect all of the dependencies discovered by this `RequirementSource`. Raises a `RequirementSourceError` on any errors. wF)modedeleterN) r%is_fiforopenshutil copyfileobjclosernameappend_collect_from_filesunlink)r- collect_files tmp_filesfilenametmp_filefts r/collectzRequirementSource.collect^s  $  OO /##% 2s5IH!s+8q**1h78NN$#HMM2H$$X.$$X.7 /<// > > >   88 ?   sAD=C,CA%C,C*C,DC' #C,,DDc #Kg}|j}|D]}tj|}t|jdkDr7|jd}t d|d|j d|j|xstd|jD}|j|j|jr=|js |s td|jt||Ed{yg}|jr|j!d|D]}|jdt#|g t%||j&|j(|j*} t-5} |j/| ddd|j2D]\} } t5| | y7#1swY/xYw#t0$r} tt#| | d} ~ wwxYww) Nrrequirement file z$ contains invalid specifier at line : c34K|]}|jyw)N) hash_options).0reqs r/ z8RequirementSource._collect_from_files..s2_33C3C2_szsthe --disable-pip flag can only be used with a hashed requirements files or if the --no-deps flag has been providedz--require-hashesz-r)r<version)r&r from_filelen invalid_linesr line_number error_messageany requirementsextendr(r'RequirementSourceError_collect_preresolved_depsiterr=strrr*r+r#rcreaterinstalled_packagesr) r-r.reqsrrBrfinvalidve_argsveve_direxcr<rOs r/r>z%RequirementSource._collect_from_filess)+#33! )H!++H5B2##$q(**1-1'z2#//073H3H2IK ,_s2_r2_/_N KK ( )   ==,>55d4j.Q Q Q     NN- .! 2H NND#h-0 1 2$2H2H$** U <#% " &! "  22 AMD'$$@ @ A% R " " <(S2 ; G G(G##G((G+c t5}|jDcgc]}|jtd}}t |j|D]5\}}|j d5}t j||ddd7 |jD]k}|jjd|jjd|jjd|jd|j||m dddycc}w#1swYxYw#t$r0}tj!d ||j#||d}~wwxYw#1swYyxYw) zJ Fixes a dependency version for this `RequirementSource`. zr+)r4r6NzFixing dependency z (z => )zJencountered an exception while applying fixes, recovering original files: )rr% enter_contextrzipr8r9r:r# update_statedepr<rO _fix_file Exceptionloggerwarning_recover_files) r- fix_versionstack_rArBrCrDes r/fixzRequirementSource.fixsg[ EMQOO(GH##$6D$AB(I('*$//9&E 4"(]]3'41&&q(344 4  $:HJJ++,[__-A-A,B"[__E\E\D]]a&../q2NN8[9 :  (44 `ab`cd##I.  %  sRE"D/E+D E A:D"ED E" E++EEEE'c ttj|j}t }|D]}t |t r|j|jjrw|jk|j|j}|s|j||j<|||jk7std|jdt|t |tstd|dt||j!d5}d}|D]}t |t rt#|j|j$j&k(r}d}|jj)|j$j*rL|jj)|j*s't-d |j*|j_ t/|j1| |slt2j5d |d |j$j&t/d | t/|j$j&d |j*| dddy#1swYyxYw)N)rBpackage  has duplicate requirements: rHz has invalid requirement: r3FTz==)filez:added fixed subdependency explicitly to requirements file rIz/ # pip-audit: subdependency explicitly fixed)listrparseas_posixdict isinstancer markerevaluaterMgetr< specifierRequirementFixErrorr[rr8r rjcanonical_namecontainsrOr printdumpsrmrn) r-rBrpr^req_specifiersrMduplicate_req_specifierrDfounds r/rkzRequirementSource._fix_files- $**H4E4E4GHI 37& C3 23ZZ'3::+>+>+@GG'*8*<*Q>Q=R9S,T)ciik* +&Pj;??#A#A"BDE778;;N;N:OPWXY= Z Z Zs 'E I<<Jc8t|j|D]G\}} |jd|jd5}t j ||dddIy#1swY xYw#t $r"}tjd|Yd}~}d}~wwxYw)Nrr3z/encountered an exception during file recovery: ) rhr%seekr8r9r:rlrmrn)r-rArBrCrDrss r/roz RequirementSource._recover_filess"%dooy"A  Hh  a ]]3'41&&x34 44 !PQRPSTU  s/"A.A"A."A+ 'A.. B7BBc #Kt}|D]}|js|rtd|jd|j$t |j jd_|jr%|jrt |jd|j|jjs|j|j}|s|j||j<n5||jk7r$td|jdt|#|j rt |jd J|js$td|jd t|t"j%t|j}|$td|jd t|t'|jt)|j+d yw) z= Collect pre-resolved (pinned) dependencies. z requirement z does not contain a hashNz5could not deduce package version from URL requirement)r< skip_reasonzrequirement marked as editablervrwz?URL requirements cannot be pinned to a specific package versionz is not pinned: z$ is not pinned to an exact version: rO)r|rKrXrrMrrequirement_lineliner) is_editabler<r~rrrr[is_urlPINNED_SPECIFIER_REmatchrr group)r-r^rrrMrpinned_specifiers r/rYz+RequirementSource._collect_preresolved_deps's 37&9 _C##,|CIIK=H`-abbww(--22 W""s'SXXCcddzz%cjj.A.A.C&4&8&8&B #*+.==sxx()CMM9,sxxj(Ec#hZP zz' a]],|CHH:EUVYZ]V^U_-`aa#6#<#rtrkrorYr1r/rr*s %!# $&(&L-:-: -:  -:  -:-:-:$-:-: -:^-^-A^:@ZD @_0@_BF@_ @_r1rceZdZdZy)rXz8A requirements-parsing specific `DependencySourceError`.Nrrrrrr1r/rXrXjsBr1rXceZdZdZy)rz4A requirements-fixing specific `DependencyFixError`.Nrrr1r/rrps>r1r)5r __future__rloggingrer9collections.abcr contextlibrpathlibrtempfilerrtypingr packaging.specifiersr packaging.utilsr packaging.versionr pip_requirements_parserr rrpip_audit._dependency_sourcerrrrpip_audit._fixrpip_audit._servicerpip_audit._service.interfacerrpip_audit._staterpip_audit._virtual_envrr getLoggerrrmcompileVERBOSErrrXrrr1r/rs# $ ;--%  .)N'>   8 $ bjj!7D}_(}_@  2  , r1