Vendor in latest safety==3.3.1

Author: matteius

pipenv/patched/pip/LICENSE-HEADER

@@ -0,0 +1,3 @@
+SPDX-License-Identifier: MIT
+SPDX-FileCopyrightText: 2021 Taneli Hukkinen
+Licensed to PSF under a Contributor Agreement.

pipenv/patched/safety/LICENSE

@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2016 Safety CLI Cybersecurity Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
+associated documentation files (the "Software"), to deal in the Software without restriction, including 
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the 
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial 
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 
+USE OR OTHER DEALINGS IN THE SOFTWARE.

pipenv/patched/safety/MIT.txt

@@ -0,0 +1,40 @@
+# Package Licenses
+
+| Name | Version | License |
+|------|---------|----------|
+| annotated-types | 0.7.0 | MIT License |
+| authlib | 1.4.0 | BSD-3-Clause |
+| certifi | 2024.12.14 | MPL-2.0 |
+| cffi | 1.17.1 | MIT |
+| charset-normalizer | 3.4.1 | MIT |
+| click | 8.1.8 | BSD License |
+| cryptography | 44.0.0 | Apache-2.0 OR BSD-3-Clause |
+| dparse | 0.6.4 | MIT license |
+| filelock | 3.16.1 | Unlicense |
+| idna | 3.10 | BSD License |
+| jinja2 | 3.1.5 | BSD License |
+| joblib | 1.4.2 | BSD 3-Clause |
+| markdown-it-py | 3.0.0 | MIT License |
+| markupsafe | 3.0.2 | BSD License |
+| marshmallow | 3.23.3 | MIT License |
+| mdurl | 0.1.2 | MIT License |
+| nltk | 3.9.1 | Apache License, Version 2.0 |
+| packaging | 24.2 | Apache Software License |
+| psutil | 6.1.1 | BSD-3-Clause |
+| pycparser | 2.22 | BSD-3-Clause |
+| pydantic | 2.9.2 | MIT |
+| pydantic-core | 2.23.4 | MIT |
+| pygments | 2.18.0 | BSD-2-Clause |
+| regex | 2024.11.6 | Apache Software License |
+| requests | 2.32.3 | Apache-2.0 |
+| rich | 13.9.4 | MIT |
+| ruamel-yaml | 0.18.8 | MIT license |
+| ruamel-yaml-clib | 0.2.12 | MIT |
+| safety | 3.3.0 | MIT |
+| safety-schemas | 0.0.11 | MIT |
+| setuptools | 75.8.0 | MIT License |
+| shellingham | 1.5.4 | ISC License |
+| tqdm | 4.67.1 | MPL-2.0 AND MIT |
+| typer | 0.15.1 | MIT License |
+| typing-extensions | 4.12.2 | Python Software Foundation License |
+| urllib3 | 2.3.0 | MIT License |

pipenv/patched/safety/NOTICE.md

@@ -1,11 +1,4 @@
 # -*- coding: utf-8 -*-
 
-__author__ = """pyup.io"""
-__email__ = '[email protected]'
-
-import os
-
-ROOT = os.path.dirname(os.path.abspath(__file__))
-
-with open(os.path.join(ROOT, 'VERSION')) as version_file:
-    VERSION = version_file.read().strip()
+__author__ = """safetycli.com"""
+__email__ = '[email protected]'

pipenv/patched/safety/VERSION

@@ -1,6 +1,4 @@
 """Allow safety to be executable through `python -m safety`."""
-from __future__ import absolute_import
-
 from pipenv.patched.safety.cli import cli
 
 

pipenv/patched/safety/__init__.py

@@ -1,34 +1,72 @@
+import logging
 import sys
 import json
-from typing import Any
+from typing import Any, IO
 import pipenv.vendor.click as click
 
 from dataclasses import dataclass
 
+from pipenv.patched.safety.constants import CONTEXT_COMMAND_TYPE
+
 from . import github
 from pipenv.patched.safety.util import SafetyPolicyFile
+from pipenv.patched.safety.scan.constants import CLI_ALERT_COMMAND_HELP
+
+LOG = logging.getLogger(__name__)
+
+
+def get_safety_cli_legacy_group():
+    from pipenv.patched.safety.cli_util import SafetyCLILegacyGroup
+    return SafetyCLILegacyGroup
+
+def get_context_settings():
+    from pipenv.patched.safety.cli_util import CommandType
+    return {CONTEXT_COMMAND_TYPE: CommandType.UTILITY}
 
 @dataclass
 class Alert:
+    """
+    Data class for storing alert details.
+
+    Attributes:
+        report (Any): The report data.
+        key (str): The API key for the safetycli.com vulnerability database.
+        policy (Any): The policy data.
+        requirements_files (Any): The requirements files data.
+    """
     report: Any
     key: str
     policy: Any = None
     requirements_files: Any = None
 
-@click.group(help="Send alerts based on the results of a Safety scan.")
-@click.option('--check-report', help='JSON output of Safety Check to work with.', type=click.File('r'), default=sys.stdin)
-@click.option("--policy-file", type=SafetyPolicyFile(), default='.safety-policy.yml',
-              help="Define the policy file to be used")
+@click.group(cls=get_safety_cli_legacy_group(), help=CLI_ALERT_COMMAND_HELP,
+             deprecated=True, context_settings=get_context_settings())
+@click.option('--check-report', help='JSON output of Safety Check to work with.', type=click.File('r'), default=sys.stdin, required=True)
 @click.option("--key", envvar="SAFETY_API_KEY",
-              help="API Key for pyup.io's vulnerability database. Can be set as SAFETY_API_KEY "
+              help="API Key for safetycli.com's vulnerability database. Can be set as SAFETY_API_KEY "
                    "environment variable.", required=True)
+@click.option("--policy-file", type=SafetyPolicyFile(), default='.safety-policy.yml',
+              help="Define the policy file to be used")
 @click.pass_context
-def alert(ctx, check_report, policy_file, key):
+def alert(ctx: click.Context, check_report: IO[str], policy_file: SafetyPolicyFile, key: str) -> None:
+    """
+    Command for processing the Safety Check JSON report.
+
+    Args:
+        ctx (click.Context): The Click context object.
+        check_report (IO[str]): The file containing the JSON report.
+        policy_file (SafetyPolicyFile): The policy file to be used.
+        key (str): The API key for the safetycli.com vulnerability database.
+    """
+    LOG.info('alert started')
+    LOG.info(f'check_report is using stdin: {check_report == sys.stdin}')
+
     with check_report:
         # TODO: This breaks --help for subcommands
         try:
             safety_report = json.load(check_report)
         except json.decoder.JSONDecodeError as e:
+            LOG.info('Error in the JSON report.')
             click.secho("Error decoding input JSON: {}".format(e.msg), fg='red')
             sys.exit(1)
 
@@ -38,5 +76,6 @@ def alert(ctx, check_report, policy_file, key):
 
     ctx.obj = Alert(report=safety_report, policy=policy_file if policy_file else {}, key=key)
 
+# Adding subcommands for GitHub integration
 alert.add_command(github.github_pr)
 alert.add_command(github.github_issue)