Remove safety dependency vulnerability scanner

I went back and fourth on this, but ultimately decided that it's more trouble
than it's worth. Between false positives, deeply nested packages raising
vulnerabilities, and the brittleness of the poetry-plugin-export that the
tooling relies on, it causes more headaches than it avoids. A future PR will
enable dependabot tooling that will open PRs to automatically fix this problem
so I don't have to deal with it anymore (hopefully)
This commit is contained in:
Ethan Paul 2024-08-16 13:26:12 -04:00
parent f66e59ab85
commit df343396a4
Signed by: enpaul
GPG Key ID: 07F53B438281D181
3 changed files with 1 additions and 70 deletions

60
poetry.lock generated
View File

@ -673,25 +673,6 @@ files = [
{file = "distlib-0.3.8.tar.gz", hash = "sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64"},
]
[[package]]
name = "dparse"
version = "0.6.3"
description = "A parser for Python dependency files"
optional = false
python-versions = ">=3.6"
files = [
{file = "dparse-0.6.3-py3-none-any.whl", hash = "sha256:0d8fe18714056ca632d98b24fbfc4e9791d4e47065285ab486182288813a5318"},
{file = "dparse-0.6.3.tar.gz", hash = "sha256:27bb8b4bcaefec3997697ba3f6e06b2447200ba273c0b085c3d012a04571b528"},
]
[package.dependencies]
packaging = "*"
tomli = {version = "*", markers = "python_version < \"3.11\""}
[package.extras]
conda = ["pyyaml"]
pipenv = ["pipenv (<=2022.12.19)"]
[[package]]
name = "dulwich"
version = "0.21.7"
@ -2205,29 +2186,6 @@ files = [
{file = "ruamel.yaml.clib-0.2.8.tar.gz", hash = "sha256:beb2e0404003de9a4cab9753a8805a8fe9320ee6673136ed7f04255fe60bb512"},
]
[[package]]
name = "safety"
version = "2.3.4"
description = "Checks installed dependencies for known vulnerabilities and licenses."
optional = false
python-versions = "*"
files = [
{file = "safety-2.3.4-py3-none-any.whl", hash = "sha256:6224dcd9b20986a2b2c5e7acfdfba6bca42bb11b2783b24ed04f32317e5167ea"},
{file = "safety-2.3.4.tar.gz", hash = "sha256:b9e74e794e82f54d11f4091c5d820c4d2d81de9f953bf0b4f33ac8bc402ae72c"},
]
[package.dependencies]
Click = ">=8.0.2"
dparse = ">=0.6.2"
packaging = ">=21.0"
requests = "*"
"ruamel.yaml" = ">=0.17.21"
setuptools = ">=19.3"
[package.extras]
github = ["jinja2 (>=3.1.0)", "pygithub (>=1.43.3)"]
gitlab = ["python-gitlab (>=1.3.0)"]
[[package]]
name = "secretstorage"
version = "3.3.3"
@ -2243,22 +2201,6 @@ files = [
cryptography = ">=2.0"
jeepney = ">=0.6"
[[package]]
name = "setuptools"
version = "72.2.0"
description = "Easily download, build, install, upgrade, and uninstall Python packages"
optional = false
python-versions = ">=3.8"
files = [
{file = "setuptools-72.2.0-py3-none-any.whl", hash = "sha256:f11dd94b7bae3a156a95ec151f24e4637fb4fa19c878e4d191bfb8b2d82728c4"},
{file = "setuptools-72.2.0.tar.gz", hash = "sha256:80aacbf633704e9c8bfa1d99fa5dd4dc59573efcf9e4042c13d3bcef91ac2ef9"},
]
[package.extras]
core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.text (>=3.7)", "more-itertools (>=8.8)", "ordered-set (>=3.1.1)", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "mypy (==1.11.*)", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy", "pytest-perf", "pytest-ruff (<0.4)", "pytest-ruff (>=0.2.1)", "pytest-ruff (>=0.3.2)", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"]
[[package]]
name = "shellingham"
version = "1.5.4"
@ -2678,4 +2620,4 @@ testing = ["big-O", "flake8 (<5)", "jaraco.functools", "jaraco.itertools", "more
[metadata]
lock-version = "2.0"
python-versions = "^3.7"
content-hash = "2db35ecc0a664819e9a6e162062bb0ec0a7673370a29357766aad873441e9358"
content-hash = "56d0abc08c141d404c8dcc5ecf669b54fb49d85463abf3e74de36604b7a31b21"

View File

@ -55,7 +55,6 @@ pylint = {version = "^2.13.0", python = "^3.10"}
pytest = {version = "^6.0.2", python = "^3.10"}
pytest-cov = {version = "^2.10.1", python = "^3.10"}
reorder-python-imports = {version = "^2.3.5", python = "^3.10"}
safety = {version = "^2.2.0", python = "^3.10"}
toml = {version = "^0.10.1", python = "^3.10"}
tox = "^4.1"
types-toml = {version = "^0.10.1", python = "^3.10"}

10
tox.ini
View File

@ -76,13 +76,3 @@ commands =
--recursive \
--quiet \
--skip B101
poetry export \
--format requirements.txt \
--output {envtmpdir}/requirements.txt \
--without-hashes \
--with dev
safety check \
--file {envtmpdir}/requirements.txt \
--output text \
# https://github.com/pytest-dev/py/issues/287
--ignore 51457