Parse and upgrade pip requirements.txt #70
Description
What problem are you trying to solve?
Bring to light any vulnerabilities and potential upgrades in pip requirements.txt files.
What precondition(s) should be checked before applying this recipe?
requirements.txt in a Python project
Have you considered any alternatives or workarounds?
Perhaps there's existing parsers to which we can delegate.
Any additional context
- https://pip.pypa.io/en/latest/user_guide/#requirements-files
- https://pip.pypa.io/en/latest/reference/requirements-file-format/#requirements-file-format
Example
# This is a comment, to show how #-prefixed lines are ignored.
# It is possible to specify requirements as plain names.
pytest
pytest-cov
beautifulsoup4
# The syntax supported here is the same as that of requirement specifiers.
docopt == 0.6.1
requests [security] >= 2.8.1, == 2.8.* ; python_version < "2.7"
urllib3 @ https://github.com/urllib3/urllib3/archive/refs/tags/1.26.8.zip
# It is possible to refer to other requirement files or constraints files.
-r other-requirements.txt
-c constraints.txt
# It is possible to refer to specific local distribution paths.
./downloads/numpy-1.9.2-cp34-none-win32.whl
# It is possible to refer to URLs.
http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl