Fixing invalid vulnerability report (#402)

* Fixing invalid vulnerability report

* Removing some pinned items

* more

* pip upgrade
This commit is contained in:
Chayim 2022-11-15 15:13:25 +02:00 committed by GitHub
parent a34c6b2371
commit 900b445387
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 47 deletions

View file

@ -26,18 +26,22 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: install python - name: install python
uses: actions/setup-python@v3.1.2 uses: actions/setup-python@v4
with: with:
python-version: ${{env.pythonversion}} python-version: ${{env.pythonversion}}
- name: create local poetry install - name: create local poetry install
run: | run: |
python -m venv .venv python -m venv .venv
source .venv/bin/activate source .venv/bin/activate
pip install --upgrade pip setuptools
python -m pip install poetry python -m pip install poetry
poetry install poetry install
- uses: trailofbits/gh-action-pip-audit@v1.0.0 - uses: trailofbits/gh-action-pip-audit@v1.0.0
with: with:
virtual-environment: .venv virtual-environment: .venv
ignore-vulns: |
GHSA-w596-4wvx-j9j6 # subversion related git dep, dependency for pytest. This is no impact here.
GHSA-2p9h-ccw7-33gf # invalid ddos comment on the cleo package
lint: lint:
name: Linter name: Linter
@ -47,7 +51,7 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Setup Python 3.9 - name: Setup Python 3.9
uses: actions/setup-python@v4.3.0 uses: actions/setup-python@v4
with: with:
python-version: ${{env.pythonversion}} python-version: ${{env.pythonversion}}
#---------------------------------------------- #----------------------------------------------
@ -64,7 +68,7 @@ jobs:
#---------------------------------------------- #----------------------------------------------
- name: Load cached venv - name: Load cached venv
id: cached-poetry-dependencies id: cached-poetry-dependencies
uses: actions/cache@v3.0.11 uses: actions/cache@v3
with: with:
path: .venv path: .venv
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
@ -119,7 +123,7 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Setup Python ${{ matrix.pyver }} - name: Setup Python ${{ matrix.pyver }}
uses: actions/setup-python@v4.3.0 uses: actions/setup-python@v4
with: with:
python-version: ${{ matrix.pyver }} python-version: ${{ matrix.pyver }}
#---------------------------------------------- #----------------------------------------------
@ -136,7 +140,7 @@ jobs:
#---------------------------------------------- #----------------------------------------------
- name: Load cached venv - name: Load cached venv
id: cached-poetry-dependencies id: cached-poetry-dependencies
uses: actions/cache@v3.0.11 uses: actions/cache@v3
with: with:
path: .venv path: .venv
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}

42
poetry.lock generated
View file

@ -96,18 +96,6 @@ d = ["aiohttp (>=3.7.4)"]
jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"] jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
uvloop = ["uvloop (>=0.15.2)"] uvloop = ["uvloop (>=0.15.2)"]
[[package]]
name = "cleo"
version = "1.0.0a5"
description = "Cleo allows you to create beautiful and testable command-line interfaces."
category = "main"
optional = false
python-versions = ">=3.7,<4.0"
[package.dependencies]
crashtest = ">=0.3.1,<0.4.0"
pylev = ">=1.3.0,<2.0.0"
[[package]] [[package]]
name = "click" name = "click"
version = "8.1.3" version = "8.1.3"
@ -142,14 +130,6 @@ tomli = {version = "*", optional = true, markers = "python_full_version <= \"3.1
[package.extras] [package.extras]
toml = ["tomli"] toml = ["tomli"]
[[package]]
name = "crashtest"
version = "0.3.1"
description = "Manage Python errors with ease"
category = "main"
optional = false
python-versions = ">=3.6,<4.0"
[[package]] [[package]]
name = "decorator" name = "decorator"
version = "5.1.1" version = "5.1.1"
@ -600,14 +580,6 @@ python-versions = ">=3.6"
[package.extras] [package.extras]
plugins = ["importlib-metadata"] plugins = ["importlib-metadata"]
[[package]]
name = "pylev"
version = "1.4.0"
description = "A pure Python Levenshtein implementation that's not freaking GPL'd."
category = "main"
optional = false
python-versions = "*"
[[package]] [[package]]
name = "pyparsing" name = "pyparsing"
version = "3.0.9" version = "3.0.9"
@ -922,7 +894,7 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.7,<=3.11" python-versions = "^3.7,<=3.11"
content-hash = "160b3056b3c6e28890d0a80642d50aae83b0450e1ba5ca39bcd3325ca23cb28f" content-hash = "d2a86daef3a6a038b7989a89bd827459944cd531e753a483c41a4ec183d396d0"
[metadata.files] [metadata.files]
aioredis = [ aioredis = [
@ -972,10 +944,6 @@ black = [
{file = "black-22.10.0-py3-none-any.whl", hash = "sha256:c957b2b4ea88587b46cf49d1dc17681c1e672864fd7af32fc1e9664d572b3458"}, {file = "black-22.10.0-py3-none-any.whl", hash = "sha256:c957b2b4ea88587b46cf49d1dc17681c1e672864fd7af32fc1e9664d572b3458"},
{file = "black-22.10.0.tar.gz", hash = "sha256:f513588da599943e0cde4e32cc9879e825d58720d6557062d1098c5ad80080e1"}, {file = "black-22.10.0.tar.gz", hash = "sha256:f513588da599943e0cde4e32cc9879e825d58720d6557062d1098c5ad80080e1"},
] ]
cleo = [
{file = "cleo-1.0.0a5-py3-none-any.whl", hash = "sha256:ff53056589300976e960f75afb792dfbfc9c78dcbb5a448e207a17b643826360"},
{file = "cleo-1.0.0a5.tar.gz", hash = "sha256:097c9d0e0332fd53cc89fc11eb0a6ba0309e6a3933c08f7b38558555486925d3"},
]
click = [ click = [
{file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"}, {file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"},
{file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"}, {file = "click-8.1.3.tar.gz", hash = "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e"},
@ -1036,10 +1004,6 @@ coverage = [
{file = "coverage-6.5.0-pp36.pp37.pp38-none-any.whl", hash = "sha256:1431986dac3923c5945271f169f59c45b8802a114c8f548d611f2015133df77a"}, {file = "coverage-6.5.0-pp36.pp37.pp38-none-any.whl", hash = "sha256:1431986dac3923c5945271f169f59c45b8802a114c8f548d611f2015133df77a"},
{file = "coverage-6.5.0.tar.gz", hash = "sha256:f642e90754ee3e06b0e7e51bce3379590e76b7f76b708e1a71ff043f87025c84"}, {file = "coverage-6.5.0.tar.gz", hash = "sha256:f642e90754ee3e06b0e7e51bce3379590e76b7f76b708e1a71ff043f87025c84"},
] ]
crashtest = [
{file = "crashtest-0.3.1-py3-none-any.whl", hash = "sha256:300f4b0825f57688b47b6d70c6a31de33512eb2fa1ac614f780939aa0cf91680"},
{file = "crashtest-0.3.1.tar.gz", hash = "sha256:42ca7b6ce88b6c7433e2ce47ea884e91ec93104a4b754998be498a8e6c3d37dd"},
]
decorator = [ decorator = [
{file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"}, {file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"},
{file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"}, {file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"},
@ -1289,10 +1253,6 @@ pygments = [
{file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"}, {file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"},
{file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"}, {file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"},
] ]
pylev = [
{file = "pylev-1.4.0-py2.py3-none-any.whl", hash = "sha256:7b2e2aa7b00e05bb3f7650eb506fc89f474f70493271a35c242d9a92188ad3dd"},
{file = "pylev-1.4.0.tar.gz", hash = "sha256:9e77e941042ad3a4cc305dcdf2b2dec1aec2fbe3dd9015d2698ad02b173006d1"},
]
pyparsing = [ pyparsing = [
{file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
{file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"}, {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},

View file

@ -42,7 +42,6 @@ click = "^8.0.1"
pptree = "^3.1" pptree = "^3.1"
types-redis = ">=3.5.9,<5.0.0" types-redis = ">=3.5.9,<5.0.0"
python-ulid = "^1.0.3" python-ulid = "^1.0.3"
cleo = "1.0.0a5"
typing-extensions = "^4.4.0" typing-extensions = "^4.4.0"
hiredis = "^2.0.0" hiredis = "^2.0.0"
more-itertools = "^8.14.0" more-itertools = "^8.14.0"