Skip to content

Integration tests for uv audit#18673

Merged
woodruffw merged 6 commits intomainfrom
ww/uv-audit-it
Mar 27, 2026
Merged

Integration tests for uv audit#18673
woodruffw merged 6 commits intomainfrom
ww/uv-audit-it

Conversation

@woodruffw
Copy link
Copy Markdown
Member

@woodruffw woodruffw commented Mar 23, 2026

Summary

Atop #18511. See #18506.

This adds an initial set of integration tests for uv audit, exercising expected user flows (no findings, some findings, multiple findings for a dep, etc.).

To make these reproducible, I've used MockServer instances and --service-url.

Test Plan

This PR 🙂

@woodruffw woodruffw self-assigned this Mar 23, 2026
@woodruffw woodruffw added the testing Internal testing of behavior label Mar 23, 2026
@woodruffw woodruffw changed the title Ww/uv audit it Integration tests for uv audit Mar 23, 2026
@woodruffw woodruffw mentioned this pull request Mar 23, 2026
Open
21 tasks
@woodruffw woodruffw requested review from konstin and zanieb March 23, 2026 16:08
@woodruffw woodruffw marked this pull request as ready for review March 23, 2026 16:42
konstin
konstin reviewed Mar 24, 2026
View reviewed changes
@woodruffw woodruffw mentioned this pull request Mar 25, 2026
Merged
@woodruffw woodruffw requested a review from konstin March 25, 2026 15:40
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq bot commented Mar 25, 2026
edited
Loading

Merging this PR will not alter performance

✅ 5 untouched benchmarks

Comparing ww/uv-audit-it (840e775) with main (944f009)

Open in CodSpeed

@woodruffw woodruffw force-pushed the ww/uv-audit-filter branch from dfe8033 to 19e8ae6 Compare March 25, 2026 16:21
konstin
konstin reviewed Mar 26, 2026
View reviewed changes
crates/uv/tests/it/audit.rs Outdated
Found no known vulnerabilities and no adverse project statuses in 2 packages
");

// --only-group lint: prod deps + only the "lint" group (iniconfig + sniffio = 2).
Copy link
Copy Markdown
Member

@konstin konstin Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That option should work like in uv sync:

      --only-group <ONLY_GROUP>
          Only include dependencies from the specified dependency group.
          
          The project and its dependencies will be omitted.
          
          May be provided multiple times. Implies `--no-default-groups`.

Copy link
Copy Markdown
Member Author

@woodruffw woodruffw Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4635d04

Base automatically changed from ww/uv-audit-filter to main March 26, 2026 14:28
@woodruffw woodruffw requested a review from konstin March 26, 2026 14:58
@woodruffw
Add some uv audit integration tests
a7ce4eb 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw
Use lock() instead
358a72a 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw
Feedback
fb044d4 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw
Use DefaultExtras::All
791a3bb 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw
Crunch some extra lines
73ceb0f 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw
Address --only-group feedback
840e775 
Signed-off-by: William Woodruff <william@astral.sh>
@woodruffw woodruffw merged commit a4ee36e into main Mar 27, 2026
55 checks passed
@woodruffw woodruffw deleted the ww/uv-audit-it branch March 27, 2026 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@konstin konstin konstin approved these changes

@zanieb zanieb Awaiting requested review from zanieb

Assignees

@woodruffw woodruffw

Labels

testing Internal testing of behavior

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@woodruffw @konstin