devel/py-pip-audit: Add py-pip-audit 2.5.6

pip-audit is a tool for scanning Python environments for packages with known
vulnerabilities. It uses the Python Packaging Advisory Database
(https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of
vulnerability reports.

5 files changed, 51 insertions, 0 deletions

diff --git a/devel/Makefile b/devel/Makefile
index acf6a8fa3960..cabcaabcd674 100644
--- a/devel/Makefile
+++ b/devel/Makefile
@@ -5131,6 +5131,7 @@
     SUBDIR += py-pint-pandas
     SUBDIR += py-pip
     SUBDIR += py-pip-api
+    SUBDIR += py-pip-audit
     SUBDIR += py-pip-licenses
     SUBDIR += py-pip-run
     SUBDIR += py-pip-shims
diff --git a/devel/py-pip-audit/Makefile b/devel/py-pip-audit/Makefile
new file mode 100644
index 000000000000..5940dab3bba0
--- /dev/null
+++ b/devel/py-pip-audit/Makefile
@@ -0,0 +1,32 @@
+PORTNAME=	pip-audit
+PORTVERSION=	2.5.6
+CATEGORIES=	devel python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+DISTNAME=	pip_audit-${PORTVERSION}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Tool for scanning Python environments for known vulnerabilities
+WWW=		https://github.com/pypa/pip-audit
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR}
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}cachecontrol>=0.12.0:www/py-cachecontrol@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}cyclonedx-python-lib>=2.0:textproc/py-cyclonedx-python-lib@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}html5lib>=1.1:www/py-html5lib@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}packaging>=23.0.0:devel/py-packaging@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}pip-api>=0.0.28:devel/py-pip-api@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}pip-requirements-parser>=32.0.0:devel/py-pip-requirements-parser@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}requests>=2.31.0:www/py-requests@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}rich>=12.4:textproc/py-rich@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}toml>=0.10:textproc/py-toml@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}urllib3>=1.26,1<2,1:net/py-urllib3@${PY_FLAVOR}
+
+USES=		python
+USE_PYTHON=	autoplist concurrent pep517
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
diff --git a/devel/py-pip-audit/distinfo b/devel/py-pip-audit/distinfo
new file mode 100644
index 000000000000..2619c942b085
--- /dev/null
+++ b/devel/py-pip-audit/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1688166010
+SHA256 (pip_audit-2.5.6.tar.gz) = 04fc0ad1727674181bda243a457af5a73038ee691dd9b8afc71f7e9292ce3912
+SIZE (pip_audit-2.5.6.tar.gz) = 46498
diff --git a/devel/py-pip-audit/files/patch-pyproject.toml b/devel/py-pip-audit/files/patch-pyproject.toml
new file mode 100644
index 000000000000..2d10bc981281
--- /dev/null
+++ b/devel/py-pip-audit/files/patch-pyproject.toml
@@ -0,0 +1,11 @@
+--- pyproject.toml.orig	2023-05-23 00:26:07 UTC
++++ pyproject.toml
+@@ -30,7 +30,7 @@ dependencies = [
+     "CacheControl[filecache] >= 0.12.0",
+     # NOTE(ww): Release 2.5.0 is broken, subsequent 2.5.x releases fix it.
+     # See: https://github.com/CycloneDX/cyclonedx-python-lib/issues/245
+-    "cyclonedx-python-lib ~= 2.0, != 2.5.0",
++    "cyclonedx-python-lib >= 2.0, != 2.5.0",
+     "html5lib>=1.1",
+     "packaging>=23.0.0",                     # https://github.com/pypa/pip-audit/issues/464
+     "pip-api>=0.0.28",
diff --git a/devel/py-pip-audit/pkg-descr b/devel/py-pip-audit/pkg-descr
new file mode 100644
index 000000000000..765406a97473
--- /dev/null
+++ b/devel/py-pip-audit/pkg-descr
@@ -0,0 +1,4 @@
+pip-audit is a tool for scanning Python environments for packages with known
+vulnerabilities. It uses the Python Packaging Advisory Database
+(https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of
+vulnerability reports.