diff --git a/README.md b/README.md index f22c6776..21b5b3b3 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master) [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv) + ------------------------------------------------------------------------ +[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io) **Pipenv** is a tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. diff --git a/docs/advanced.rst b/docs/advanced.rst index e6e31f62..25bbdf6d 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -237,16 +237,15 @@ Example:: .. note:: - In order to enable this functionality while maintaining its permissive - copyright license, `pipenv` embeds an API client key for the backend - Safety API operated by pyup.io rather than including a full copy of the - CC-BY-NC-SA licensed Safety-DB database. This embedded client key is - shared across all `pipenv check` users, and hence will be subject to - API access throttling based on overall usage rather than individual - client usage. + Each month, `PyUp.io` updates the ``safety`` database of + insecure Python packages and `makes it available to the + community for free `__. Pipenv + makes an API call to retrieve those results and use them + each time you run ``pipenv check`` to show you vulnerable + dependencies. - You can also use your own safety API key by setting the - environment variable ``PIPENV_PYUP_API_KEY``. + For more up-to-date vulnerability data, you may also use your own safety + API key by setting the environment variable ``PIPENV_PYUP_API_KEY``. ☤ Community Integrations diff --git a/news/4210.trivial.rst b/news/4210.trivial.rst new file mode 100644 index 00000000..3116af9e --- /dev/null +++ b/news/4210.trivial.rst @@ -0,0 +1 @@ +Updated PyUp.io information to reflect current situation.