Method used to check cvdupdate version in PyPI is unsupported

[steve-mays]

I've noticed in the log file for cvdupdate.py the following:

2024-11-17 11:28:57 PM - DEBUG:  Checking for a newer version of cvdupdate.
2024-11-17 11:28:58 PM - WARNING:  You are running cvdupdate version: 1.1.2.
2024-11-17 11:28:58 PM - WARNING:  There is a newer version on PyPI: requirement:'cvdupdate==random':Expectedendorsemicolon(afternameandnovalidversionspecifier. Please update!

The method used in cvdupdate.py to check the installed and latest versions of the cvdupdate package uses a technique described in https://stackoverflow.com/questions/58648739/how-to-check-if-python-package-is-latest-version-programmatically. However, this no longer works with versions of pip 24.1b1 onwards.

This is documented in pypa/pip#12852

An alternative could be to use pip index versions cvdupdate and parse the result.

[val-ms]

Thanks for the heads up and the proposed fix.

[steve-mays]

No worries @micahsnyder - I could do a pull request with a fix unless you're already picking this up?

[val-ms]

TBH I'm somewhat scrambling on another project right now. I would love if you're up for making a pull request, @steve-mays 🙏

[steve-mays]

Another option would be to query the PyPI JSON API directly https://pypi.org/pypi/cvdupdate/json to get the latest version. We could also remove the dependency on the deprecated pkg_resources module in favour of importlib.metadata as per https://setuptools.pypa.io/en/latest/pkg_resources.html.

I'll create a PR shortly 😀