Fixing invalid vulnerability report (#402)
* Fixing invalid vulnerability report * Removing some pinned items * more * pip upgrade
This commit is contained in:
parent
a34c6b2371
commit
900b445387
3 changed files with 10 additions and 47 deletions
14
.github/workflows/ci.yml
vendored
14
.github/workflows/ci.yml
vendored
|
@ -26,18 +26,22 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: install python
|
- name: install python
|
||||||
uses: actions/setup-python@v3.1.2
|
uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version: ${{env.pythonversion}}
|
python-version: ${{env.pythonversion}}
|
||||||
- name: create local poetry install
|
- name: create local poetry install
|
||||||
run: |
|
run: |
|
||||||
python -m venv .venv
|
python -m venv .venv
|
||||||
source .venv/bin/activate
|
source .venv/bin/activate
|
||||||
|
pip install --upgrade pip setuptools
|
||||||
python -m pip install poetry
|
python -m pip install poetry
|
||||||
poetry install
|
poetry install
|
||||||
- uses: trailofbits/gh-action-pip-audit@v1.0.0
|
- uses: trailofbits/gh-action-pip-audit@v1.0.0
|
||||||
with:
|
with:
|
||||||
virtual-environment: .venv
|
virtual-environment: .venv
|
||||||
|
ignore-vulns: |
|
||||||
|
GHSA-w596-4wvx-j9j6 # subversion related git dep, dependency for pytest. This is no impact here.
|
||||||
|
GHSA-2p9h-ccw7-33gf # invalid ddos comment on the cleo package
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
name: Linter
|
name: Linter
|
||||||
|
@ -47,7 +51,7 @@ jobs:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Setup Python 3.9
|
- name: Setup Python 3.9
|
||||||
uses: actions/setup-python@v4.3.0
|
uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version: ${{env.pythonversion}}
|
python-version: ${{env.pythonversion}}
|
||||||
#----------------------------------------------
|
#----------------------------------------------
|
||||||
|
@ -64,7 +68,7 @@ jobs:
|
||||||
#----------------------------------------------
|
#----------------------------------------------
|
||||||
- name: Load cached venv
|
- name: Load cached venv
|
||||||
id: cached-poetry-dependencies
|
id: cached-poetry-dependencies
|
||||||
uses: actions/cache@v3.0.11
|
uses: actions/cache@v3
|
||||||
with:
|
with:
|
||||||
path: .venv
|
path: .venv
|
||||||
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
||||||
|
@ -119,7 +123,7 @@ jobs:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Setup Python ${{ matrix.pyver }}
|
- name: Setup Python ${{ matrix.pyver }}
|
||||||
uses: actions/setup-python@v4.3.0
|
uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version: ${{ matrix.pyver }}
|
python-version: ${{ matrix.pyver }}
|
||||||
#----------------------------------------------
|
#----------------------------------------------
|
||||||
|
@ -136,7 +140,7 @@ jobs:
|
||||||
#----------------------------------------------
|
#----------------------------------------------
|
||||||
- name: Load cached venv
|
- name: Load cached venv
|
||||||
id: cached-poetry-dependencies
|
id: cached-poetry-dependencies
|
||||||
uses: actions/cache@v3.0.11
|
uses: actions/cache@v3
|
||||||
with:
|
with:
|
||||||
path: .venv
|
path: .venv
|
||||||
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
|
||||||
|
|
42
poetry.lock
generated
42
poetry.lock
generated
|
@ -96,18 +96,6 @@ d = ["aiohttp (>=3.7.4)"]
|
||||||
jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
|
jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
|
||||||
uvloop = ["uvloop (>=0.15.2)"]
|
uvloop = ["uvloop (>=0.15.2)"]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "cleo"
|
|
||||||
version = "1.0.0a5"
|
|
||||||
description = "Cleo allows you to create beautiful and testable command-line interfaces."
|
|
||||||
category = "main"
|
|
||||||
optional = false
|
|
||||||
python-versions = ">=3.7,<4.0"
|
|
||||||
|
|
||||||
[package.dependencies]
|
|
||||||
crashtest = ">=0.3.1,<0.4.0"
|
|
||||||
pylev = ">=1.3.0,<2.0.0"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "click"
|
name = "click"
|
||||||
version = "8.1.3"
|
version = "8.1.3"
|
||||||
|
@ -142,14 +130,6 @@ tomli = {version = "*", optional = true, markers = "python_full_version <= \"3.1
|
||||||
[package.extras]
|
[package.extras]
|
||||||
toml = ["tomli"]
|
toml = ["tomli"]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "crashtest"
|
|
||||||
version = "0.3.1"
|
|
||||||
description = "Manage Python errors with ease"
|
|
||||||
category = "main"
|
|
||||||
optional = false
|
|
||||||
python-versions = ">=3.6,<4.0"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "decorator"
|
name = "decorator"
|
||||||
version = "5.1.1"
|
version = "5.1.1"
|
||||||
|
@ -600,14 +580,6 @@ python-versions = ">=3.6"
|
||||||
[package.extras]
|
[package.extras]
|
||||||
plugins = ["importlib-metadata"]
|
plugins = ["importlib-metadata"]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pylev"
|
|
||||||
version = "1.4.0"
|
|
||||||
description = "A pure Python Levenshtein implementation that's not freaking GPL'd."
|
|
||||||
category = "main"
|
|
||||||
optional = false
|
|
||||||
python-versions = "*"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "pyparsing"
|
name = "pyparsing"
|
||||||
version = "3.0.9"
|
version = "3.0.9"
|
||||||
|
@ -922,7 +894,7 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
|
||||||
[metadata]
|
[metadata]
|
||||||
lock-version = "1.1"
|
lock-version = "1.1"
|
||||||
python-versions = "^3.7,<=3.11"
|
python-versions = "^3.7,<=3.11"
|
||||||
content-hash = "160b3056b3c6e28890d0a80642d50aae83b0450e1ba5ca39bcd3325ca23cb28f"
|
content-hash = "d2a86daef3a6a038b7989a89bd827459944cd531e753a483c41a4ec183d396d0"
|
||||||
|
|
||||||
[metadata.files]
|
[metadata.files]
|
||||||
aioredis = [
|
aioredis = [
|
||||||
|
@ -972,10 +944,6 @@ black = [
|
||||||
{file = "black-22.10.0-py3-none-any.whl", hash = "sha256:c957b2b4ea88587b46cf49d1dc17681c1e672864fd7af32fc1e9664d572b3458"},
|
{file = "black-22.10.0-py3-none-any.whl", hash = "sha256:c957b2b4ea88587b46cf49d1dc17681c1e672864fd7af32fc1e9664d572b3458"},
|
||||||
{file = "black-22.10.0.tar.gz", hash = "sha256:f513588da599943e0cde4e32cc9879e825d58720d6557062d1098c5ad80080e1"},
|
{file = "black-22.10.0.tar.gz", hash = "sha256:f513588da599943e0cde4e32cc9879e825d58720d6557062d1098c5ad80080e1"},
|
||||||
]
|
]
|
||||||
cleo = [
|
|
||||||
{file = "cleo-1.0.0a5-py3-none-any.whl", hash = "sha256:ff53056589300976e960f75afb792dfbfc9c78dcbb5a448e207a17b643826360"},
|
|
||||||
{file = "cleo-1.0.0a5.tar.gz", hash = "sha256:097c9d0e0332fd53cc89fc11eb0a6ba0309e6a3933c08f7b38558555486925d3"},
|
|
||||||
]
|
|
||||||
click = [
|
click = [
|
||||||
{file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"},
|
{file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"},
|
||||||
{file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"},
|
{file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"},
|
||||||
|
@ -1036,10 +1004,6 @@ coverage = [
|
||||||
{file = "coverage-6.5.0-pp36.pp37.pp38-none-any.whl", hash = "sha256:1431986dac3923c5945271f169f59c45b8802a114c8f548d611f2015133df77a"},
|
{file = "coverage-6.5.0-pp36.pp37.pp38-none-any.whl", hash = "sha256:1431986dac3923c5945271f169f59c45b8802a114c8f548d611f2015133df77a"},
|
||||||
{file = "coverage-6.5.0.tar.gz", hash = "sha256:f642e90754ee3e06b0e7e51bce3379590e76b7f76b708e1a71ff043f87025c84"},
|
{file = "coverage-6.5.0.tar.gz", hash = "sha256:f642e90754ee3e06b0e7e51bce3379590e76b7f76b708e1a71ff043f87025c84"},
|
||||||
]
|
]
|
||||||
crashtest = [
|
|
||||||
{file = "crashtest-0.3.1-py3-none-any.whl", hash = "sha256:300f4b0825f57688b47b6d70c6a31de33512eb2fa1ac614f780939aa0cf91680"},
|
|
||||||
{file = "crashtest-0.3.1.tar.gz", hash = "sha256:42ca7b6ce88b6c7433e2ce47ea884e91ec93104a4b754998be498a8e6c3d37dd"},
|
|
||||||
]
|
|
||||||
decorator = [
|
decorator = [
|
||||||
{file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"},
|
{file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"},
|
||||||
{file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"},
|
{file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"},
|
||||||
|
@ -1289,10 +1253,6 @@ pygments = [
|
||||||
{file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"},
|
{file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"},
|
||||||
{file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"},
|
{file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"},
|
||||||
]
|
]
|
||||||
pylev = [
|
|
||||||
{file = "pylev-1.4.0-py2.py3-none-any.whl", hash = "sha256:7b2e2aa7b00e05bb3f7650eb506fc89f474f70493271a35c242d9a92188ad3dd"},
|
|
||||||
{file = "pylev-1.4.0.tar.gz", hash = "sha256:9e77e941042ad3a4cc305dcdf2b2dec1aec2fbe3dd9015d2698ad02b173006d1"},
|
|
||||||
]
|
|
||||||
pyparsing = [
|
pyparsing = [
|
||||||
{file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
|
{file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
|
||||||
{file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},
|
{file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},
|
||||||
|
|
|
@ -42,7 +42,6 @@ click = "^8.0.1"
|
||||||
pptree = "^3.1"
|
pptree = "^3.1"
|
||||||
types-redis = ">=3.5.9,<5.0.0"
|
types-redis = ">=3.5.9,<5.0.0"
|
||||||
python-ulid = "^1.0.3"
|
python-ulid = "^1.0.3"
|
||||||
cleo = "1.0.0a5"
|
|
||||||
typing-extensions = "^4.4.0"
|
typing-extensions = "^4.4.0"
|
||||||
hiredis = "^2.0.0"
|
hiredis = "^2.0.0"
|
||||||
more-itertools = "^8.14.0"
|
more-itertools = "^8.14.0"
|
||||||
|
|
Loading…
Reference in a new issue