From 42321376c954e219494d33d5bb17c9688674ebc0 Mon Sep 17 00:00:00 2001 From: Dan Ryan Date: Sun, 26 Apr 2020 02:50:40 -0400 Subject: [PATCH 1/2] Update documentation to reflect accurate pyup use - Remove bits about CC-BY-SA licensing - Remove bits about using an embedded API key - Add a little flair to the readme to acknowledge pyup Signed-off-by: Dan Ryan --- README.md | 2 ++ docs/advanced.rst | 14 +++++--------- news/4210.trivial.rst | 1 + 3 files changed, 8 insertions(+), 9 deletions(-) create mode 100644 news/4210.trivial.rst diff --git a/README.md b/README.md index f22c6776..21b5b3b3 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master) [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv) + ------------------------------------------------------------------------ +[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io) **Pipenv** is a tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. diff --git a/docs/advanced.rst b/docs/advanced.rst index e6e31f62..bdbfafbb 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -237,16 +237,12 @@ Example:: .. note:: - In order to enable this functionality while maintaining its permissive - copyright license, `pipenv` embeds an API client key for the backend - Safety API operated by pyup.io rather than including a full copy of the - CC-BY-NC-SA licensed Safety-DB database. This embedded client key is - shared across all `pipenv check` users, and hence will be subject to - API access throttling based on overall usage rather than individual - client usage. + Access to the ``safety`` database happens via an API call which retrieves + results which are updated on a monthly basis and made available to the + community for free by `pyup.io`. - You can also use your own safety API key by setting the - environment variable ``PIPENV_PYUP_API_KEY``. + For more up-to-date vulnerability data, you may also use your own safety + API key by setting the environment variable ``PIPENV_PYUP_API_KEY``. ☤ Community Integrations diff --git a/news/4210.trivial.rst b/news/4210.trivial.rst new file mode 100644 index 00000000..3116af9e --- /dev/null +++ b/news/4210.trivial.rst @@ -0,0 +1 @@ +Updated PyUp.io information to reflect current situation. From a68166af55e885dc097053180137ad9e6ff28c28 Mon Sep 17 00:00:00 2001 From: Dan Ryan Date: Tue, 28 Apr 2020 12:19:19 -0400 Subject: [PATCH 2/2] Reword note about pyup Reword `pipenv check` note in docs Co-Authored-By: Sumana Harihareswara --- docs/advanced.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/advanced.rst b/docs/advanced.rst index bdbfafbb..25bbdf6d 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -237,9 +237,12 @@ Example:: .. note:: - Access to the ``safety`` database happens via an API call which retrieves - results which are updated on a monthly basis and made available to the - community for free by `pyup.io`. + Each month, `PyUp.io` updates the ``safety`` database of + insecure Python packages and `makes it available to the + community for free `__. Pipenv + makes an API call to retrieve those results and use them + each time you run ``pipenv check`` to show you vulnerable + dependencies. For more up-to-date vulnerability data, you may also use your own safety API key by setting the environment variable ``PIPENV_PYUP_API_KEY``.