build: move to PEP 621 project

.github/workflows/cve_scan.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           python-version: '3.11'
           cache: 'pip'
-          cache-dependency-path: '**/requirements.txt'
+          cache-dependency-path: '**/pyproject.toml'
       - name: Get date
         id: get-date
         run: |

.github/workflows/fuzzing.yml

@@ -27,14 +27,14 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install -y build-essential gcc g++ cmake
-          
+
       - name: Install newer GCC
         run: |
           sudo apt-get update
           sudo apt-get install -y gcc-10 g++-10
           sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100
           sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
-          
+
       - name: Set up compiler environment
         run: |
           export CC=gcc
@@ -54,14 +54,13 @@ jobs:
           pip install --upgrade atheris
           pip install --upgrade atheris-libprotobuf-mutator -v
           pip install --upgrade protobuf
-      
+
       - name: Install Cve-bin-tool
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
-
+          python -m pip install --upgrade .[dev]
+
       - name: Get date
         id: get-date
         run: |
@@ -88,7 +87,7 @@ jobs:
           [[ -e fuzz-cache ]] && mkdir -p .cache && mv fuzz-cache ~/.cache/cve-bin-tool
           NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out --disable-data-source CURL,EPSS,GAD,NVD,OSV,PURL2CPE,RSD
           cp -r ~/.cache/cve-bin-tool fuzz-cache
-          
+
       - name: Run Fuzzing
         id: fuzzing
         env:

.github/workflows/sbom.yml

@@ -31,7 +31,7 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
           cache: 'pip'
-          cache-dependency-path: '**/requirements.txt'
+          cache-dependency-path: '**/pyproject.toml'
       - name: Install dependencies and cve-bin-tool
         run: |
           python -m pip install --upgrade pip

.github/workflows/testing.yml

@@ -161,8 +161,7 @@ jobs:
           python -m pip install --upgrade wheel
           python -m pip install --upgrade pdftotext
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -258,8 +257,7 @@ jobs:
           python -m pip install --upgrade wheel
           python -m pip install --upgrade pdftotext
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -270,10 +268,10 @@ jobs:
         if: env.sbom != 'true'
         run: >
           pytest
-          --cov 
+          --cov
           --cov-report=xml
           --cov-append -n 8
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
           -v --durations=50
           --ignore=test/test_cli.py
@@ -360,15 +358,14 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-          
+
       - name: Install cve-bin-tool
         if: env.sbom != 'true'
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -378,13 +375,13 @@ jobs:
       - name: Run language scanner tests
         if: env.sbom != 'true'
         run: >
-          pytest 
+          pytest
           --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8  
-          -v --durations=50           
+          --cov-append -n 8
+          -v --durations=50
           test/test_language_scanner.py
       - name: Upload code coverage to codecov
         if: env.sbom != 'true'
@@ -463,15 +460,14 @@ jobs:
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
-          
+
       - name: Install cve-bin-tool
         if: env.sbom != 'true'
         run: |
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -481,12 +477,12 @@ jobs:
       - name: Run binary scanner tests
         if: env.sbom != 'true'
         run: >
-          pytest 
-          --cov 
-          --cov-report=xml 
-          --junitxml=junit.xml 
+          pytest
+          --cov
+          --cov-report=xml
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8 
+          --cov-append -n 8
           -v --durations=50
           test/test_scanner.py
       - name: Upload code coverage to codecov
@@ -573,8 +569,7 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Try single CLI run of tool
         if: env.sbom != 'true'
         run: |
@@ -584,12 +579,12 @@ jobs:
       - name: Run synchronous tests
         if: env.sbom != 'true'
         run: >
-          pytest 
-          -v --cov 
-          --cov-report=xml 
-          --junitxml=junit.xml 
+          pytest
+          -v --cov
+          --cov-report=xml
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append 
+          --cov-append
           --durations=50
           test/test_cli.py
           test/test_cvedb.py
@@ -716,8 +711,7 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --editable .
+          python -m pip install --editable .[dev]
       - name: Install playwright dependencies for HTML tests
         run: |
           python -m playwright install chromium --with-deps
@@ -807,19 +801,18 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Try single CLI run of tool
         run: |
           python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
       - name: Run async tests
         run: >
-          pytest 
-          --cov 
+          pytest
+          --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
-          --cov-append -n 8 
+          --cov-append -n 8
           -v --durations=50
           --ignore=test/test_cli.py
           --ignore=test/test_cvedb.py
@@ -828,25 +821,25 @@ jobs:
           --ignore=test/test_json.py
       - name: Run synchronous tests
         run: >
-          pytest 
-          -v --cov 
+          pytest
+          -v --cov
           --cov-report=xml
-          --junitxml=junit.xml 
+          --junitxml=junit.xml
           -o junit_family=legacy
           --cov-append
-          --cov-report=xml 
+          --cov-report=xml
           --durations=50
           test/test_cli.py
           test/test_cvedb.py
       - name: Cache conda
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         env:
-          # Increase to reset cache if requirements.txt file has not changed
+          # Increase to reset cache if dependencies have not changed
           CACHE_NUMBER: 0
         with:
           path: ~/conda_pkgs_dir
           key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{
-            hashFiles('requirements.txt') }}
+            hashFiles('pyproject.toml') }}
       - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0
         with:
           auto-update-conda: true
@@ -859,18 +852,17 @@ jobs:
           python -m pip install --upgrade setuptools
           python -m pip install --upgrade wheel
           python -m pip install --upgrade reportlab
-          python -m pip install --upgrade -r dev-requirements.txt
-          python -m pip install --upgrade .
+          python -m pip install --upgrade .[dev]
       - name: Test PDF generation on Windows
-        run: > 
-          pytest 
-          test/test_output_engine.py 
-          -k test_output_pdf 
+        run: >
+          pytest
+          test/test_output_engine.py
+          -k test_output_pdf
           --cov
           --cov-append
           --cov-report=xml
-          --junitxml=junit.xml 
-          -o junit_family=legacy  
+          --junitxml=junit.xml
+          -o junit_family=legacy
           --durations=50
       - name: Upload code coverage to codecov
         uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1

.github/workflows/update-js-dependencies.yml

@@ -39,7 +39,7 @@ jobs:
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
           restore-keys: |
             ${{ runner.os }}-pip-
 

.github/workflows/update-pre-commit.yml

@@ -43,10 +43,6 @@ jobs:
           pre-commit autoupdate
           pre-commit uninstall
 
-      - name: Sync `dev-requirements.txt`
-        run: |
-          python .github/workflows/update-dev-requirements.py
-
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:

.pre-commit-config.yaml

@@ -39,7 +39,8 @@ repos:
     hooks:
       - id: bandit
         exclude: ^fuzz/generated/
-        args: ["-c", "bandit.conf"]
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: [ "bandit[toml]" ]
 
   - repo: https://github.com/jorisroovers/gitlint
     rev: v0.19.1