Fawltydeps

Latest version: v0.17.0

Safety actively analyzes 681812 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 5

0.17.0

The highlight of this release is that the FawltyDeps `--install-deps` mode will now use `uv` (when available) instead of `pip` to manage the temporary virtualenv. This makes it 2x - 10x faster, depending on the scenario. In particular, FawltyDeps will benefit from `uv`'s local cache of downloaded packages, so repeated use of `--install-deps` on the same project is now ⚡lightning fast⚡.

Under the hood FawltyDeps moved from `setuptools` to `packaging` for parsing requirements strings. This change should not be visible to the user, but we care deeply about staying up to date with the Python packaging ecosystem, and following the lead of the PyPA.

Join our new [Discord channel](https://discord.com/channels/1174731094726295632/1176462512212951090). This platform is dedicated to technical discussions, knowledge sharing, and real-time collaboration within the FawltyDeps community.

What's Changed
* `parse_setup_py`: Handle string dependency when we expect list of strings by jherland in https://github.com/tweag/FawltyDeps/pull/440
* Use `uv` instead of `pip` to manage virtualenvs by jherland in https://github.com/tweag/FawltyDeps/pull/432
* Replace `pkg_resources` dependency with `packaging.requirement` by jherland in https://github.com/tweag/FawltyDeps/pull/445

**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.16.0...v0.17.0

Refer to the our [`README.md`](https://github.com/tweag/FawltyDeps/blob/main/README.md) or `fawltydeps --help` for more documentation.

0.16.0

This release extends our recent feature to exclude parts of your directory structure when running FawltyDeps: You can now make FawltyDeps read exclude patterns from another file, with the new --exclude-from option. As with `--exclude` the exclude patterns follow the [gitignore-style format](https://git-scm.com/docs/gitignore#_pattern_format) and will cause matching paths to be skipped when traversing your project, and thus exclude them from FalwtyDeps' analysis. The exclude patterns apply to all input categories discovered by FawltyDeps (Python code, dependency declarations, and Python environments used to resolve import names provided by packages).

Otherwise, this release contains major updates to our test suite and development environment, to make FawltyDeps even more of a joy to work on. 😄

Join our new [Discord channel](https://discord.com/channels/1174731094726295632/1176462512212951090). This platform is dedicated to technical discussions, knowledge sharing, and real-time collaboration within the FawltyDeps community. .

What's Changed
* Allow reading exclude patterns from files (`--exclude-from`) by jherland in https://github.com/tweag/FawltyDeps/pull/420
* real_projects/python-algorithms: Pin qiskit at <1.0 by jherland in https://github.com/tweag/FawltyDeps/pull/421
* Fix skipped tests on Windows by jherland in https://github.com/tweag/FawltyDeps/pull/412
* Dev/test environment: Support Python dependencies with pre-built binaries on Nix by jherland in https://github.com/tweag/FawltyDeps/pull/422
* Add the ruff linter by jherland in https://github.com/tweag/FawltyDeps/pull/424
* Make ruff much stricter by jherland in https://github.com/tweag/FawltyDeps/pull/425
* Remove pylint by jherland in https://github.com/tweag/FawltyDeps/pull/426
* Use `ruff format` instead of `black` by jherland in https://github.com/tweag/FawltyDeps/pull/427
* Update Discord invitation link. by mknorps in https://github.com/tweag/FawltyDeps/pull/436

**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.15.0...v0.16.0

Refer to the project's [`README.md`](https://github.com/tweag/FawltyDeps/blob/main/README.md) or `fawltydeps --help` for more documentation.

0.15.0

This release introduce a much-requested feature to exclude parts of your directory structure when running `fawltydeps`. The new `--exclude` option takes [gitignore-style patterns](https://git-scm.com/docs/gitignore#_pattern_format) and will cause the matching paths to be skipped when traversing your project, and thus excluded from FalwtyDeps' analysis. The exclude patterns apply to all input categories discovered by FawltyDeps (Python code, dependency declarations, and Python environments used to resolve import names provided by packages).

Join Our New [Discord Channel](https://discord.com/channels/1174731094726295632/1176462512212951090). This platform is dedicated to technical discussions, knowledge sharing, and real-time collaboration within the FawltyDeps community. .

What's Changed
* Support exclude patterns by jherland in https://github.com/tweag/FawltyDeps/pull/388
* Integrate gitignore_parser into FawltyDeps by jherland in https://github.com/tweag/FawltyDeps/pull/391
* Fixes for various `--exclude` usability issues by jherland in https://github.com/tweag/FawltyDeps/pull/415

**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.14.0...v0.15.0

Refer to the project's [`README.md`](https://github.com/tweag/FawltyDeps/blob/main/README.md) or `fawltydeps --help` for more documentation.

0.14.0

The main feature of this release is the Windows and MacOS support.

FawltyDeps was originally developed on a Unix-based systems. MacOS support was straightforward, involving primarily an expansion of the test matrix. Support for Windows included:
- Making sure file paths are system-agnostic
- Various changes in the test suite, including the way FawltyDeps and other scripts are invoked
- The way virtual environments are discovered.

Currently, a Windows user can both develop and use FawltyDeps :tada:.


:raised_hands: Community Spotlight: Thanks to 0x26res's input (issue 408), we've relaxed version constraints in our core dependencies (resolved in 409). This sparked vital discussions (summarized in 411) about optimizing our dependency version configurations.

Join Our New [Discord Channel](https://discord.com/channels/1174731094726295632/1176462512212951090). This platform is dedicated to technical discussions, knowledge sharing, and real-time collaboration within the FawltyDeps community. .


What's Changed
* Update our Python project metadata by jherland in https://github.com/tweag/FawltyDeps/pull/396
* Added reference to the FawltyDeps Discord channel by mknorps in https://github.com/tweag/FawltyDeps/pull/400
* Loosen version constraint on core dependencies and re-pin lock file by jherland in https://github.com/tweag/FawltyDeps/pull/409
* MacOS and Windows support by mknorps in https://github.com/tweag/FawltyDeps/pull/397

**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.13.3...v0.14.0

Refer to the project's [`README.md`](https://github.com/tweag/FawltyDeps/blob/main/README.md) or `fawltydeps --help` for more documentation.

0.13.3

This release introduces a slight change in how FawltyDeps finds Python environments (used for resolving declared dependencies into provided import names). Specifically the change regards the use of the _current_ Python environment (i.e. the one in which FawltyDeps itself is installed and running):

Since v0.12, we would not use this environment if _any_ other Python environment was found (either via `--pyenv` or otherwise via searching inside your project). This would still be sufficient in the relatively common case where you (a) run `fawltydeps` with default settings, and (b) FawltyDeps is installed in the same environment as your project dependencies, and (c) this environment lives _outside_ your project directory (e.g. like Poetry does by default). However, if you add another complicating factor: (d) another virtualenv is found _inside_ your project and this happens to _not_ contain your project dependencies, then FawltyDeps would prefer this environment over the _current_ environment, and dependency resolution would suffer.

We have now changed the rules to _always_ include the current environment in the dependency resolution (but at a lower priority than any other Python environments given with `--pyenv` or found in your project). The result should be improved dependency resolution in the above corner case, but otherwise the observed behavior should remain unchanged.

Otherwise, in this release, and thanks to msabramo, we have revamped the `pre-commit` rules that come with FawltyDeps. These will now give more accurate results when there are _untracked_ files in your tree that would otherwise affect FawltyDeps' calculation of undeclared and unused dependencies.

What's Changed
* Reintroduce current Python environment as a separate level in our resolver stack by jherland in https://github.com/tweag/FawltyDeps/pull/394
* Separate `check-undeclared`, `check-unused` pre-commit hooks by msabramo in https://github.com/tweag/FawltyDeps/pull/386
* Preliminary refactoring before `--ignore` feature by jherland in https://github.com/tweag/FawltyDeps/pull/387

New Contributors
* msabramo made their first contribution in https://github.com/tweag/FawltyDeps/pull/386 🎉

**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.13.2...v0.13.3

Refer to the project's [`README.md`](https://github.com/tweag/FawltyDeps/blob/main/README.md) or `fawltydeps --help` for more documentation.

0.13.2

In this release, we've focused on fine-tuning and enhancing the compatibility and functionality of our project.

Notable updates include better recognition of `requirements.txt`, support for Python v3.12, and enhanced handling of Python code with encoding declarations, collectively enhancing the overall performance and user experience.

What's Changed
* Relax regex re. recognizing requirements.txt by jherland in https://github.com/tweag/FawltyDeps/pull/372
* Support Python v3.12 by jherland in https://github.com/tweag/FawltyDeps/pull/383
* Handle Python code with embedded encoding declarations by jherland in https://github.com/tweag/FawltyDeps/pull/384
* Bump version to 0.13.2 by zz1874 in https://github.com/tweag/FawltyDeps/pull/389


**Full Changelog**: https://github.com/tweag/FawltyDeps/compare/v0.13.1...v0.13.2

Page 1 of 5

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.