fix: address warnings in test_checkers

[terriko]

Description

It looks like we're still using some deprecated stuff from pkg_resources, which is understandable because cve-bin-tool is older than the current preferred way for handling certain things. But it's time to refactor and bring ourselves into the future! Here's the warnings:

=============================== warnings summary ===============================
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[apache-httpd-expected_results0]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[vim-vim-enhanced-expected_results53]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[ffmpeg-libffmpeg.so-expected_results8]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libexpat-libexpat.so-expected_results17]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-keyscan-expected_results35]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python3.8-expected_results44]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[node-bin/node-expected_results26]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libisccc-9.16.37-Debian.so-expected_results62]
  /opt/hostedtoolcache/Python/3.10.16/x64/lib/python3.10/site-packages/pbr/git.py:28: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
    import pkg_resources

test/test_checkers.py::TestCheckerVersionParser::test_filename_is[apache-httpd-expected_results0]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[vim-vim-enhanced-expected_results53]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[ffmpeg-libffmpeg.so-expected_results8]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libexpat-libexpat.so-expected_results17]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-keyscan-expected_results35]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python3.8-expected_results44]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[node-bin/node-expected_results26]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libisccc-9.16.37-Debian.so-expected_results62]
  /opt/hostedtoolcache/Python/3.10.16/x64/lib/python3.10/site-packages/pkg_resources/__init__.py:3142: DeprecationWarning: Deprecated call to `pkg_resources.declare_namespace('google')`.
  Implementing implicit namespace packages (as specified in PEP 420) is preferred to `pkg_resources.declare_namespace`. See https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    declare_namespace(pkg)

I don't offhand know what we need to change to, but you should be able to figure it out by searching and reading the docs including the links they provided in the warning message above.

To reproduce

Steps to reproduce the behaviour:

1. run pytest with longtests enabled: LONG_TESTS=1 pytest test/test_checkers.py

Expected behaviour: no warnings
Actual behaviour: the warnings above apear

Anything else?

Feel free to add any other context here.

Short tips for new contributors:

• cve-bin-tool's contributor docs
• If you've contributed to open source but not this project, you might just want our checklist for a great pull request
• cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR). A good potential title for this one is in the title of this issue.
• You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.

Claiming issues:

• You do not need to have an issue assigned to you before you work on it. To "claim" an issue either make a linked pull request or comment on the issue saying you'll be working on it.
• If someone else has already commented or opened a pull request, assume it is claimed and find another issue to work on.
• If it's been more than 1 week without progress, you can ask in a comment if the claimant is still working on it before claiming it yourself (give them at least 3 days to respond before assuming they have moved on).

[22f1001635]

Hi @terriko ,
Just to update on the pkg_resources deprecation warnings - I could only reproduce these warnings specifically on Python 3.10.16 with upgraded setuptools. The warnings don't appear when testing with Python 3.12 or 3.13.
This suggests it might be version-specific behaviour already addressed in newer Python releases. Let me know if you'd like me to test any other Python versions or configurations.
Could you share which specific version of setuptools you're using? The warnings suggest this might be occurring with Python 3.10.16, but knowing the setup tools version would help narrow down the issue.

[KMadhu10]

Hello! @terriko ,I’d love to contribute to this issue!

I've addressed and analyzed the deprecation warnings and will refactor the code to ensure compatibility with modern Python versions. My plan is:

🔄 Replace pkg_resources with importlib.metadata for handling package metadata.
📦 Follow PEP 420 for namespace packages, removing declare_namespace.
🧹 Refactor imports for cleaner and more maintainable code.
🛠️ Run tests (LONG_TESTS=1 pytest test/test_checkers.py) to verify that everything works perfectly.

Looking forward to fixing this and submitting a PR soon! Let me know if there are any preferences or suggestions. Happy to collaborate! and contibute !🚀🔧

[Nithin310]

Hi @terriko, I’m excited to contribute to this issue!

I've analyzed the warnings and identified that they stem from the deprecated usage of pkg_resources. To modernize the code and ensure future compatibility, I plan to:

✔️ Replace pkg_resources with importlib.metadata (for package metadata) and importlib.resources (for resource handling).
✔️ Update necessary imports to align with Python 3.8+ best practices.
✔️ Run tests (LONG_TESTS=1 pytest test/test_checkers.py) and verify that the warnings are fully eliminated.
✔️ Ensure the fix is clean, efficient, and aligns with project guidelines.

Open-source contributions have been an exciting journey for me, and I’m eager to refine my skills while collaborating with this amazing community. I’ll begin working on this and submit a PR soon!

Looking forward to any feedback or suggestions. Let’s build something awesome together! 🚀

[terriko]

@22f1001635 -- this is whatever github actions is using as python 3.10, so 3.10.6 may be a reasonable guess. I'm not sure if that's explicitly dumped in the logs but it should be easy to check somewhere?

It's possible that you're not seeing it in other versions of python because it's only occurring in stuff that's listed as long tests.

[22f1001635]

@terriko I reproduced the warnings on Python 3.10.16. The issue has been fixed, and a PR is coming soon.
The issue was fixed by replacing the deprecated pkg_resources.declare_namespace call in the affected namespace package init.py files with an extend path-based approach. This change eliminated the deprecation warnings on Python 3.10.16.