diff --git a/README.md b/README.md index f22c6776e8..21b5b3b3ef 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master) [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv) + ------------------------------------------------------------------------ +[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io) **Pipenv** is a tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. diff --git a/docs/advanced.rst b/docs/advanced.rst index 49c67c3f7e..c25d276043 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -237,16 +237,15 @@ Example:: .. note:: - In order to enable this functionality while maintaining its permissive - copyright license, `pipenv` embeds an API client key for the back-end - Safety API operated by pyup.io rather than including a full copy of the - CC-BY-NC-SA licensed Safety-DB database. This embedded client key is - shared across all `pipenv check` users, and hence will be subject to - API access throttling based on overall usage rather than individual - client usage. - - You can also use your own safety API key by setting the - environment variable ``PIPENV_PYUP_API_KEY``. + Each month, `PyUp.io` updates the ``safety`` database of + insecure Python packages and `makes it available to the + community for free `__. Pipenv + makes an API call to retrieve those results and use them + each time you run ``pipenv check`` to show you vulnerable + dependencies. + + For more up-to-date vulnerability data, you may also use your own safety + API key by setting the environment variable ``PIPENV_PYUP_API_KEY``. ☤ Community Integrations diff --git a/news/4210.trivial.rst b/news/4210.trivial.rst new file mode 100644 index 0000000000..3116af9ed1 --- /dev/null +++ b/news/4210.trivial.rst @@ -0,0 +1 @@ +Updated PyUp.io information to reflect current situation. diff --git a/pipenv/patched/notpip/_internal/pep425tags.py b/pipenv/patched/notpip/_internal/pep425tags.py index c2a1e346bc..16d041d95d 100644 --- a/pipenv/patched/notpip/_internal/pep425tags.py +++ b/pipenv/patched/notpip/_internal/pep425tags.py @@ -3,6 +3,7 @@ import distutils.util import logging +import os import platform import re import sys diff --git a/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch b/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch index 792a94faf3..b552a7b06e 100644 --- a/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch +++ b/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch @@ -1,8 +1,16 @@ diff --git a/pipenv/patched/notpip/_internal/pep425tags.py b/pipenv/patched/notpip/_internal/pep425tags.py -index 042ba34b..58decc23 100644 +index 369275a8..16d041d9 100644 --- a/pipenv/patched/notpip/_internal/pep425tags.py +++ b/pipenv/patched/notpip/_internal/pep425tags.py -@@ -170,8 +170,9 @@ def is_linux_armhf(): +@@ -3,6 +3,7 @@ from __future__ import absolute_import + + import distutils.util + import logging ++import os + import platform + import re + import sys +@@ -170,8 +171,9 @@ def is_linux_armhf(): return False # hard-float ABI can be detected from the ELF header of the running # process @@ -13,7 +21,7 @@ index 042ba34b..58decc23 100644 elf_header_raw = f.read(40) # read 40 first bytes of ELF header except (IOError, OSError, TypeError): return False -@@ -205,7 +206,7 @@ def is_manylinux1_compatible(): +@@ -205,7 +207,7 @@ def is_manylinux1_compatible(): pass # Check glibc version. CentOS 5 uses glibc 2.5. @@ -22,7 +30,7 @@ index 042ba34b..58decc23 100644 def is_manylinux2010_compatible(): -@@ -223,7 +224,7 @@ def is_manylinux2010_compatible(): +@@ -223,7 +225,7 @@ def is_manylinux2010_compatible(): pass # Check glibc version. CentOS 6 uses glibc 2.12. @@ -31,7 +39,7 @@ index 042ba34b..58decc23 100644 def is_manylinux2014_compatible(): -@@ -249,7 +250,7 @@ def is_manylinux2014_compatible(): +@@ -249,7 +251,7 @@ def is_manylinux2014_compatible(): pass # Check glibc version. CentOS 7 uses glibc 2.17.