mirror of
https://github.com/enpaul/tox-poetry-installer.git
synced 2025-01-15 08:43:29 +00:00
Remove safety dependency vulnerability scanner
I went back and fourth on this, but ultimately decided that it's more trouble than it's worth. Between false positives, deeply nested packages raising vulnerabilities, and the brittleness of the poetry-plugin-export that the tooling relies on, it causes more headaches than it avoids. A future PR will enable dependabot tooling that will open PRs to automatically fix this problem so I don't have to deal with it anymore (hopefully)
This commit is contained in:
parent
f66e59ab85
commit
df343396a4
60
poetry.lock
generated
60
poetry.lock
generated
@ -673,25 +673,6 @@ files = [
|
||||
{file = "distlib-0.3.8.tar.gz", hash = "sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "dparse"
|
||||
version = "0.6.3"
|
||||
description = "A parser for Python dependency files"
|
||||
optional = false
|
||||
python-versions = ">=3.6"
|
||||
files = [
|
||||
{file = "dparse-0.6.3-py3-none-any.whl", hash = "sha256:0d8fe18714056ca632d98b24fbfc4e9791d4e47065285ab486182288813a5318"},
|
||||
{file = "dparse-0.6.3.tar.gz", hash = "sha256:27bb8b4bcaefec3997697ba3f6e06b2447200ba273c0b085c3d012a04571b528"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
packaging = "*"
|
||||
tomli = {version = "*", markers = "python_version < \"3.11\""}
|
||||
|
||||
[package.extras]
|
||||
conda = ["pyyaml"]
|
||||
pipenv = ["pipenv (<=2022.12.19)"]
|
||||
|
||||
[[package]]
|
||||
name = "dulwich"
|
||||
version = "0.21.7"
|
||||
@ -2205,29 +2186,6 @@ files = [
|
||||
{file = "ruamel.yaml.clib-0.2.8.tar.gz", hash = "sha256:beb2e0404003de9a4cab9753a8805a8fe9320ee6673136ed7f04255fe60bb512"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "safety"
|
||||
version = "2.3.4"
|
||||
description = "Checks installed dependencies for known vulnerabilities and licenses."
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
files = [
|
||||
{file = "safety-2.3.4-py3-none-any.whl", hash = "sha256:6224dcd9b20986a2b2c5e7acfdfba6bca42bb11b2783b24ed04f32317e5167ea"},
|
||||
{file = "safety-2.3.4.tar.gz", hash = "sha256:b9e74e794e82f54d11f4091c5d820c4d2d81de9f953bf0b4f33ac8bc402ae72c"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
Click = ">=8.0.2"
|
||||
dparse = ">=0.6.2"
|
||||
packaging = ">=21.0"
|
||||
requests = "*"
|
||||
"ruamel.yaml" = ">=0.17.21"
|
||||
setuptools = ">=19.3"
|
||||
|
||||
[package.extras]
|
||||
github = ["jinja2 (>=3.1.0)", "pygithub (>=1.43.3)"]
|
||||
gitlab = ["python-gitlab (>=1.3.0)"]
|
||||
|
||||
[[package]]
|
||||
name = "secretstorage"
|
||||
version = "3.3.3"
|
||||
@ -2243,22 +2201,6 @@ files = [
|
||||
cryptography = ">=2.0"
|
||||
jeepney = ">=0.6"
|
||||
|
||||
[[package]]
|
||||
name = "setuptools"
|
||||
version = "72.2.0"
|
||||
description = "Easily download, build, install, upgrade, and uninstall Python packages"
|
||||
optional = false
|
||||
python-versions = ">=3.8"
|
||||
files = [
|
||||
{file = "setuptools-72.2.0-py3-none-any.whl", hash = "sha256:f11dd94b7bae3a156a95ec151f24e4637fb4fa19c878e4d191bfb8b2d82728c4"},
|
||||
{file = "setuptools-72.2.0.tar.gz", hash = "sha256:80aacbf633704e9c8bfa1d99fa5dd4dc59573efcf9e4042c13d3bcef91ac2ef9"},
|
||||
]
|
||||
|
||||
[package.extras]
|
||||
core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.text (>=3.7)", "more-itertools (>=8.8)", "ordered-set (>=3.1.1)", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
|
||||
doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
|
||||
test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "mypy (==1.11.*)", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy", "pytest-perf", "pytest-ruff (<0.4)", "pytest-ruff (>=0.2.1)", "pytest-ruff (>=0.3.2)", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"]
|
||||
|
||||
[[package]]
|
||||
name = "shellingham"
|
||||
version = "1.5.4"
|
||||
@ -2678,4 +2620,4 @@ testing = ["big-O", "flake8 (<5)", "jaraco.functools", "jaraco.itertools", "more
|
||||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = "^3.7"
|
||||
content-hash = "2db35ecc0a664819e9a6e162062bb0ec0a7673370a29357766aad873441e9358"
|
||||
content-hash = "56d0abc08c141d404c8dcc5ecf669b54fb49d85463abf3e74de36604b7a31b21"
|
||||
|
@ -55,7 +55,6 @@ pylint = {version = "^2.13.0", python = "^3.10"}
|
||||
pytest = {version = "^6.0.2", python = "^3.10"}
|
||||
pytest-cov = {version = "^2.10.1", python = "^3.10"}
|
||||
reorder-python-imports = {version = "^2.3.5", python = "^3.10"}
|
||||
safety = {version = "^2.2.0", python = "^3.10"}
|
||||
toml = {version = "^0.10.1", python = "^3.10"}
|
||||
tox = "^4.1"
|
||||
types-toml = {version = "^0.10.1", python = "^3.10"}
|
||||
|
10
tox.ini
10
tox.ini
@ -76,13 +76,3 @@ commands =
|
||||
--recursive \
|
||||
--quiet \
|
||||
--skip B101
|
||||
poetry export \
|
||||
--format requirements.txt \
|
||||
--output {envtmpdir}/requirements.txt \
|
||||
--without-hashes \
|
||||
--with dev
|
||||
safety check \
|
||||
--file {envtmpdir}/requirements.txt \
|
||||
--output text \
|
||||
# https://github.com/pytest-dev/py/issues/287
|
||||
--ignore 51457
|
||||
|
Loading…
Reference in New Issue
Block a user