requirement, test: Remove preresolved dependency optimization #540
Conversation
|
|
||
|
|
||
| def test_requirement_source_no_deps_non_editable_without_egg_fragment(req_file): | ||
| def test_requirement_source_require_hashes_incorrect_hash(req_file): |
There was a problem hiding this comment.
I added a few tests but to be honest, some of these (and the existing ones) are essentially testing pip. We could potentially trim these down to a bare minimum that at least confirms that we're providing the right flags to pip and call it a day.
There was a problem hiding this comment.
Yeah, I'd be okay with dropping tests that aren't contributing to our coverage. But yes, it'd be good to confirm that we pass the right flags in some new tests.
|
I'm still looking for some large requirements files to test performance with. |
CHANGELOG.md
Outdated
| * `pip-audit`'s handling of dependency resolution has been significantly | ||
| refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523)) | ||
| refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523) | ||
| and [#540](https://github.com/pypa/pip-audit/pull/540)) |
There was a problem hiding this comment.
NB: We'll probably want a separate CHANGELOG entry after all, since we're making this change after this entry's release.
tetsuo-cpp
force-pushed
the
alex/remove-preresolved-opt
branch
from
dde7daa
to
05180d3
Compare
|
I didn't manage to find any ridiculously large requirements files. But I tested across a few and found that there isn't a meaningful performance impact vs just a regular |
|
Glad to hear it! Yeah, I think we're fine to move ahead here -- feel free to do another patch release to get this out 🙂 |
## [2.5.4] ### Changed * Refactored `index-url` option to not override user pip config by default, unless specified ([#565](pypa/pip-audit#565)) ### Fixed * Fixed bug with the `--fix` flag where new requirements were sometimes being appended to requirement files instead of patching the existing requirement ([#577](pypa/pip-audit#577)) * Fixed a crash caused by auditing requirements files that refer to other requirements files ([#568](pypa/pip-audit#568)) ## [2.5.3] ### Changed * Further simplified `pip-audit`'s dependency resolution to remove inconsistent behaviour when using hashed requirements or the `--no-deps` flag ([#540](pypa/pip-audit#540)) ### Fixed * Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs ([#572](pypa/pip-audit#572)) ## [2.5.2] ### Fixed * Fixed a loose dependency constraint for CycloneDX SBOM generation ([#558](pypa/pip-audit#558))
Closes #539.
Closes #564.