fix: remove all mentions of (dev-)requirements.txt

Molkree · Molkree · commit 7f869f0b0d06 · 2025-10-05T19:03:38.000+04:00
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           python-version: '3.11'
           cache: 'pip'
-          cache-dependency-path: '**/requirements.txt'
+          cache-dependency-path: '**/pyproject.toml'
       - name: Get date
         id: get-date
         run: |
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
@@ -27,14 +27,14 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install -y build-essential gcc g++ cmake
-          
+
       - name: Install newer GCC
         run: |
           sudo apt-get update
           sudo apt-get install -y gcc-10 g++-10
           sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100
           sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
-          
+
       - name: Set up compiler environment
         run: |
           export CC=gcc
@@ -54,14 +54,13 @@ jobs:
           pip install --upgrade atheris
           pip install --upgrade atheris-libprotobuf-mutator -v
           pip install --upgrade protobuf
-      
+
       - name: Install Cve-bin-tool
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
-          
+          python -m pip install --upgrade .[dev]
+
       - name: Get date
         id: get-date
         run: |
@@ -88,7 +87,7 @@ jobs:
           [[ -e fuzz-cache ]] && mkdir -p .cache && mv fuzz-cache ~/.cache/cve-bin-tool
           NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out --disable-data-source CURL,EPSS,GAD,NVD,OSV,PURL2CPE,RSD
           cp -r ~/.cache/cve-bin-tool fuzz-cache
-          
+
       - name: Run Fuzzing
         id: fuzzing
         env:
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -31,7 +31,7 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
           cache: 'pip'
-          cache-dependency-path: '**/requirements.txt'
+          cache-dependency-path: '**/pyproject.toml'
       - name: Install dependencies and cve-bin-tool
         run: |
           python -m pip install --upgrade pip
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -161,8 +161,7 @@ jobs:
           python -m pip install --upgrade wheel
           python -m pip install --upgrade pdftotext
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -258,8 +257,7 @@ jobs:
           python -m pip install --upgrade wheel
           python -m pip install --upgrade pdftotext
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -270,10 +268,10 @@ jobs:
         if: env.sbom != 'true'
         run: >
           pytest
-          --cov 
+          --cov
           --cov-report=xml
           --cov-append -n 8
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
           -v --durations=50
           --ignore=test/test_cli.py
@@ -360,15 +358,14 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-          
+
       - name: Install cve-bin-tool
         if: env.sbom != 'true'
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -378,13 +375,13 @@ jobs:
       - name: Run language scanner tests
         if: env.sbom != 'true'
         run: >
-          pytest 
+          pytest
           --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8  
-          -v --durations=50           
+          --cov-append -n 8
+          -v --durations=50
           test/test_language_scanner.py
       - name: Upload code coverage to codecov
         if: env.sbom != 'true'
@@ -463,15 +460,14 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-          
+
       - name: Install cve-bin-tool
         if: env.sbom != 'true'
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -481,12 +477,12 @@ jobs:
       - name: Run binary scanner tests
         if: env.sbom != 'true'
         run: >
-          pytest 
-          --cov 
-          --cov-report=xml 
-          --junitxml=junit.xml 
+          pytest
+          --cov
+          --cov-report=xml
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8 
+          --cov-append -n 8
           -v --durations=50
           test/test_scanner.py
       - name: Upload code coverage to codecov
@@ -573,8 +569,7 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -584,12 +579,12 @@ jobs:
       - name: Run synchronous tests
         if: env.sbom != 'true'
         run: >
-          pytest 
-          -v --cov 
-          --cov-report=xml 
-          --junitxml=junit.xml 
+          pytest
+          -v --cov
+          --cov-report=xml
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append 
+          --cov-append
           --durations=50
           test/test_cli.py
           test/test_cvedb.py
@@ -716,8 +711,7 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Install playwright dependencies for HTML tests
         run: |
           python -m playwright install chromium --with-deps
@@ -807,19 +801,18 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Try single CLI run of tool
         run: |
           python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
       - name: Run async tests
         run: >
-          pytest 
-          --cov 
+          pytest
+          --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8 
+          --cov-append -n 8
           -v --durations=50
           --ignore=test/test_cli.py
           --ignore=test/test_cvedb.py
@@ -828,25 +821,25 @@ jobs:
           --ignore=test/test_json.py
       - name: Run synchronous tests
         run: >
-          pytest 
-          -v --cov 
+          pytest
+          -v --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
           --cov-append
-          --cov-report=xml 
+          --cov-report=xml
           --durations=50
           test/test_cli.py
           test/test_cvedb.py
       - name: Cache conda
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         env:
-          # Increase to reset cache if requirements.txt file has not changed
+          # Increase to reset cache if dependencies have not changed
           CACHE_NUMBER: 0
         with:
           path: ~/conda_pkgs_dir
           key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{
-            hashFiles('requirements.txt') }}
+            hashFiles('pyproject.toml') }}
       - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0
         with:
           auto-update-conda: true
@@ -859,18 +852,17 @@ jobs:
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Test PDF generation on Windows
-        run: > 
-          pytest 
-          test/test_output_engine.py 
-          -k test_output_pdf 
+        run: >
+          pytest
+          test/test_output_engine.py
+          -k test_output_pdf
           --cov
           --cov-append
           --cov-report=xml
-          --junitxml=junit.xml 
-          -o junit_family=legacy  
+          --junitxml=junit.xml
+          -o junit_family=legacy
           --durations=50
       - name: Upload code coverage to codecov
         uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
@@ -39,7 +39,7 @@ jobs:
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
           restore-keys: |
             ${{ runner.os }}-pip-
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -125,18 +125,18 @@ While you're in a venv, the `python` command will point to whatever version you
 
 ## Installing dependencies
 
-The packages you need to run CVE Binary Tool are listed in the `requirements.txt` file in the main cve-bin-tool directory.  You can install all of them using the following pip command:
+The packages you need to run CVE Binary Tool are listed in the `dependencies` section of the `pyproject.toml` file in the main cve-bin-tool directory.  You can install all of them using the following pip command:
 
 ```bash
-pip install -U -r requirements.txt
+pip install -U -r .
 ```
 
-The `-U` in that line above will update you to the latest versions of packages as needed, which we recommend because people running security tools generally want to have all the latest updates if possible. The `-r requirements.txt` specifies the file with all the requirements.
+The `-U` in that line above will update you to the latest versions of packages as needed, which we recommend because people running security tools generally want to have all the latest updates if possible.
 
 We also have a recommended list of dependencies just for developers that include things like the flake8 linter.  You probably want to install them too if you're intending to be a developer.
 
 ```bash
-pip install -r dev-requirements.txt
+pip install -r .[dev]
 ```
 
 ## Running your local copy of CVE Binary Tool
@@ -183,7 +183,7 @@ pip install -e .
 
 The CVE Binary Tool has a set of tests that can be run using `pytest` command.  Typically you want to run `pytest` in the cve-bin-tool directory to run the short test suite and make sure tests pass.
 
-After running `pytest`, you may get several test failures relating to `ModuleNotFound` error. If you have run `pip install -r dev-requirements.txt` or equivalent and are sure you have the required modules installed, your issue may be related to Python's module search path. You can run this command instead :
+After running `pytest`, you may get several test failures relating to `ModuleNotFound` error. If you have run `pip install -r .[dev]` or equivalent and are sure you have the required modules installed, your issue may be related to Python's module search path. You can run this command instead :
 
 ```bash
 python -m pytest
@@ -211,10 +211,10 @@ CVE Binary Tool uses a few tools to improve code quality and readability:
 - `interrogate` checks your code base for missing docstrings.
 - `codespell` Detects common misspellings in text files.
 
-We provide a `dev-requirements.txt` file which includes all the precise versions of tools as they'll be used in GitHub Actions.  You an install them all using pip:
+We have a list of optional dev dependencies in our `pyproject.toml` file which includes all the precise versions of tools as they'll be used in GitHub Actions.  You can install them all using pip:
 
 ```bash
-pip install -r dev-requirements.txt
+pip install -r .[dev]
 ```
 
 ### Using pre-commit to run linters automatically
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1,4 +1,3 @@
-include requirements.txt
 include *.md
 include test/binaries/*.c
 include test/csv/*.csv
diff --git a/doc/how_to_guides/cve_scanner_gh_action.md b/doc/how_to_guides/cve_scanner_gh_action.md
@@ -38,7 +38,7 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
           restore-keys: |
             ${{ runner.os }}-pip-
       - name: get cached database
diff --git a/doc/how_to_guides/cve_scanner_gh_action.yml b/doc/how_to_guides/cve_scanner_gh_action.yml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
           restore-keys: |
             ${{ runner.os }}-pip-
       - name: get cached database

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-include requirements.txt`
`2`	`1`	`include *.md`
`3`	`2`	`include test/binaries/*.c`
`4`	`3`	`include test/csv/*.csv`