Fixing invalid vulnerability report (#402)
* Fixing invalid vulnerability report * Removing some pinned items * more * pip upgrade
This commit is contained in:
Chayim
GitHub
parent
a34c6b2371
commit
900b445387
3 changed files with 10 additions and 47 deletions
14
.github/workflows/ci.yml
vendored
14
.github/workflows/ci.yml
vendored
|
|
@ -26,18 +26,22 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: install python
|
||||
uses: actions/setup-python@v3.1.2
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: ${{env.pythonversion}}
|
||||
- name: create local poetry install
|
||||
run: |
|
||||
python -m venv .venv
|
||||
source .venv/bin/activate
|
||||
pip install --upgrade pip setuptools
|
||||
python -m pip install poetry
|
||||
poetry install
|
||||
- uses: trailofbits/gh-action-pip-audit@v1.0.0
|
||||
with:
|
||||
virtual-environment: .venv
|
||||
ignore-vulns: |
|
||||
GHSA-w596-4wvx-j9j6 # subversion related git dep, dependency for pytest. This is no impact here.
|
||||
GHSA-2p9h-ccw7-33gf # invalid ddos comment on the cleo package
|
||||
|
||||
lint:
|
||||
name: Linter
|
||||
|
|
@ -47,7 +51,7 @@ jobs:
|
|||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup Python 3.9
|
||||
uses: actions/setup-python@v4.3.0
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: ${{env.pythonversion}}
|
||||
#----------------------------------------------
|
||||
|
|
@ -64,7 +68,7 @@ jobs:
|
|||
#----------------------------------------------
|
||||
- name: Load cached venv
|
||||
id: cached-poetry-dependencies
|
||||
uses: actions/cache@v3.0.11
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: .venv
|
||||
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
||||
|
|
@ -119,7 +123,7 @@ jobs:
|
|||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup Python ${{ matrix.pyver }}
|
||||
uses: actions/setup-python@v4.3.0
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: ${{ matrix.pyver }}
|
||||
#----------------------------------------------
|
||||
|
|
@ -136,7 +140,7 @@ jobs:
|
|||
#----------------------------------------------
|
||||
- name: Load cached venv
|
||||
id: cached-poetry-dependencies
|
||||
uses: actions/cache@v3.0.11
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: .venv
|
||||
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
||||
|
|
|
|||
42
poetry.lock
generated
42
poetry.lock
generated
|
|
@ -96,18 +96,6 @@ d = ["aiohttp (>=3.7.4)"]
|
|||
jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
|
||||
uvloop = ["uvloop (>=0.15.2)"]
|
||||
|
||||
[[package]]
|
||||
name = "cleo"
|
||||
version = "1.0.0a5"
|
||||
description = "Cleo allows you to create beautiful and testable command-line interfaces."
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.7,<4.0"
|
||||
|
||||
[package.dependencies]
|
||||
crashtest = ">=0.3.1,<0.4.0"
|
||||
pylev = ">=1.3.0,<2.0.0"
|
||||
|
||||
[[package]]
|
||||
name = "click"
|
||||
version = "8.1.3"
|
||||
|
|
@ -142,14 +130,6 @@ tomli = {version = "*", optional = true, markers = "python_full_version <= \"3.1
|
|||
[package.extras]
|
||||
toml = ["tomli"]
|
||||
|
||||
[[package]]
|
||||
name = "crashtest"
|
||||
version = "0.3.1"
|
||||
description = "Manage Python errors with ease"
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = ">=3.6,<4.0"
|
||||
|
||||
[[package]]
|
||||
name = "decorator"
|
||||
version = "5.1.1"
|
||||
|
|
@ -600,14 +580,6 @@ python-versions = ">=3.6"
|
|||
[package.extras]
|
||||
plugins = ["importlib-metadata"]
|
||||
|
||||
[[package]]
|
||||
name = "pylev"
|
||||
version = "1.4.0"
|
||||
description = "A pure Python Levenshtein implementation that's not freaking GPL'd."
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
|
||||
[[package]]
|
||||
name = "pyparsing"
|
||||
version = "3.0.9"
|
||||
|
|
@ -922,7 +894,7 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
|
|||
[metadata]
|
||||
lock-version = "1.1"
|
||||
python-versions = "^3.7,<=3.11"
|
||||
content-hash = "160b3056b3c6e28890d0a80642d50aae83b0450e1ba5ca39bcd3325ca23cb28f"
|
||||
content-hash = "d2a86daef3a6a038b7989a89bd827459944cd531e753a483c41a4ec183d396d0"
|
||||
|
||||
[metadata.files]
|
||||
aioredis = [
|
||||
|
|
@ -972,10 +944,6 @@ black = [
|
|||
{file = "black-22.10.0-py3-none-any.whl", hash = "sha256:c957b2b4ea88587b46cf49d1dc17681c1e672864fd7af32fc1e9664d572b3458"},
|
||||
{file = "black-22.10.0.tar.gz", hash = "sha256:f513588da599943e0cde4e32cc9879e825d58720d6557062d1098c5ad80080e1"},
|
||||
]
|
||||
cleo = [
|
||||
{file = "cleo-1.0.0a5-py3-none-any.whl", hash = "sha256:ff53056589300976e960f75afb792dfbfc9c78dcbb5a448e207a17b643826360"},
|
||||
{file = "cleo-1.0.0a5.tar.gz", hash = "sha256:097c9d0e0332fd53cc89fc11eb0a6ba0309e6a3933c08f7b38558555486925d3"},
|
||||
]
|
||||
click = [
|
||||
{file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"},
|
||||
{file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"},
|
||||
|
|
@ -1036,10 +1004,6 @@ coverage = [
|
|||
{file = "coverage-6.5.0-pp36.pp37.pp38-none-any.whl", hash = "sha256:1431986dac3923c5945271f169f59c45b8802a114c8f548d611f2015133df77a"},
|
||||
{file = "coverage-6.5.0.tar.gz", hash = "sha256:f642e90754ee3e06b0e7e51bce3379590e76b7f76b708e1a71ff043f87025c84"},
|
||||
]
|
||||
crashtest = [
|
||||
{file = "crashtest-0.3.1-py3-none-any.whl", hash = "sha256:300f4b0825f57688b47b6d70c6a31de33512eb2fa1ac614f780939aa0cf91680"},
|
||||
{file = "crashtest-0.3.1.tar.gz", hash = "sha256:42ca7b6ce88b6c7433e2ce47ea884e91ec93104a4b754998be498a8e6c3d37dd"},
|
||||
]
|
||||
decorator = [
|
||||
{file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"},
|
||||
{file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"},
|
||||
|
|
@ -1289,10 +1253,6 @@ pygments = [
|
|||
{file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"},
|
||||
{file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"},
|
||||
]
|
||||
pylev = [
|
||||
{file = "pylev-1.4.0-py2.py3-none-any.whl", hash = "sha256:7b2e2aa7b00e05bb3f7650eb506fc89f474f70493271a35c242d9a92188ad3dd"},
|
||||
{file = "pylev-1.4.0.tar.gz", hash = "sha256:9e77e941042ad3a4cc305dcdf2b2dec1aec2fbe3dd9015d2698ad02b173006d1"},
|
||||
]
|
||||
pyparsing = [
|
||||
{file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
|
||||
{file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ click = "^8.0.1"
|
|||
pptree = "^3.1"
|
||||
types-redis = ">=3.5.9,<5.0.0"
|
||||
python-ulid = "^1.0.3"
|
||||
cleo = "1.0.0a5"
|
||||
typing-extensions = "^4.4.0"
|
||||
hiredis = "^2.0.0"
|
||||
more-itertools = "^8.14.0"
|
||||
|
|
|
|||
Loading…
Reference in a new issue