Drover

Latest version: v0.7.1

Safety actively analyzes 682244 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

0.7.2.pre1

Notable Fixes:
- Ensure first update includes requirements layer
- Correct log output to show newest (not prior) requirements layers

Housekeeping:
Migrate CI/CD prerelease process away from `.dev` tags and toward `.pre` tags
with support from the `setuptools_scm` tool to ensure public release tags are
compatible with semantic versioning.



Changes:

* 651a72bcfa4037926ce40f42d361cd046cde644d Add exception chaining for Drover class errors
* f23eed729d20c86ae96d0549f9e1675761c20833 Move CI/CD to Azure Pipelines; version from tags
* 6b06bfdb5fa6275e9d448ba9c2a00f0af0d48154 Ensure first update includes requirements layer
* dec0f9ed4c9ead3fb14ca6a6074140586052b80d Add initial Sphinx documentation

This list of changes was [auto generated](https://jwilges.visualstudio.com/drover/_build/results?buildId=97&view=logs).

0.7.1

The settings file now allows specifying:
- a custom requirements layer name (via `requirements_layer_name`), and
- custom supplemental layer ARNs (via the `supplemental_layer_arns` list)

Python package hash generation is now more resilient; to ensure
reasonably-similar package installations yield the same hash:
- Package-relative file names are used when hashing Wheel `RECORD` files, and
- Fields in source distribution `PKG-INFO` files are sorted when hashing.

Oddly, `PKG-INFO` files from source package installations enumerate fields in a
non-deterministic order; i.e. installing the same package multiple times may
yield a `PKG-INFO` file with fields in a different order. During testing, this
behavior was witnessed with the `Provides-Extra` field.

0.7.1.dev2

Summary

- Add finer-grained SHA256 hashing (see below for impacts); improve log/interactive output control
- Interactive console sessions now properly synchronize progress bar updates
- Enable support for Python 3.6 and 3.7

Hashing impacts

Drover's new hashing approach is not backwards-compatible; hashes
generated with this release will not collide with older releases even if
no package content has changed. This hash incompatibility will only
result in at most one extraneous round of uploading during your next
deploy.

The new hashing approach leverages SHA256 hashes and pre-computed hashes
for most Python package files via wheel `RECORD` files when applicable.

Interactive output and verbosity improvements

Log verbosity can now either be increased with cumulative `-v` arguments
or squelched with the `-q` argument.

Drover now automatically detects support for interactive terminal output
and allows manually overriding this behavior via the mutually-exclusive
`--interactive` and `--non-interactive` arguments.

0.7.1.dev1

This pre-release extends interface documentation and unit test coverage.

0.7.0

This is the first release of `drover`, a command-line interface utility to efficiently publish and update a Lambda function and requirements layer representation of a Python package directory.

This release mirrors the [drover 0.7.0](https://pypi.org/project/drover/0.7.0/) release on PyPI.

Links

Releases

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.