Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to requirements.txt; update dependencies; partial update for NIST NVD CPE API (2.0) #132

Merged
merged 6 commits into from
Jul 6, 2024
Merged

Move to requirements.txt; update dependencies; partial update for NIST NVD CPE API (2.0) #132

merged 6 commits into from
Jul 6, 2024

Conversation

samuel-gamelin
Copy link
Collaborator

@samuel-gamelin samuel-gamelin commented Jul 6, 2024
edited
Loading

These changes achieve the following:

  • Convert from Poetry to a requirements.txt-based format for simplicity and portability
    • pyproject.toml is pip-compatible and remains for simple tooling configuration and project metadata
  • Update to Python 3.12
  • Update a number of dependencies
    • libcst is updated to support Python (up to 3.12)
    • pandas and numpy are updated to their latest 1.x version (2.x are not compatible with this project currently)
  • README instructions are updated in accordance with the above
  • GitHub Actions verification pipeline (build-and-verify.yaml) is updated to accommodate the new project structure
  • Partial support for CPE API 2.0 in the vulnerability querier

Of note:
NIST has decommissioned version 1.0 of their CPE API last year. A few initial changes were made in accordance with the transition guide, primarily pertaining to the request for CPE searches. However, the response schema differs vastly from 1.0 and does not work with our current query implementation. This will have to be addressed separately (#133).

@samuel-gamelin samuel-gamelin self-assigned this Jul 6, 2024
This was referenced Jul 6, 2024
Closed
Closed
@john-breton
Copy link
Collaborator

john-breton commented Jul 6, 2024
edited
Loading

Tests likely won't pass until support for version 2.0 of the CPE API is implemented. For now, we could just lower the test threshold with the understanding that it be raised once the code is ported to handle the newest version of the API.

@samuel-gamelin
Copy link
Collaborator Author

Coverage requirement has been decreased to 36% to account for CPE-related tests. This threshold can be increased once the migration is addressed through #133 and #105.

@samuel-gamelin samuel-gamelin mentioned this pull request Jul 6, 2024
Closed
john-breton
john-breton approved these changes Jul 6, 2024
View reviewed changes
Copy link
Collaborator

@john-breton john-breton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good on my end. I appreciate the change to requirements.txt from Poetry.

@samuel-gamelin samuel-gamelin merged commit a96e9d8 into main Jul 6, 2024
1 check passed
@samuel-gamelin samuel-gamelin deleted the convert-to-requirements branch July 6, 2024 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@john-breton john-breton john-breton approved these changes

Assignees

@samuel-gamelin samuel-gamelin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samuel-gamelin @john-breton