fix dependencies (locked) and the audit (#400)

* fix dependencies (locked) and the audit Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added pip-audit to poetry to avoid inconsistent environments Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> --------- Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
2026-02-20 18:46:12 +00:00 · 2023-06-14 09:30:03 +02:00
parent 0d947a4083
commit 4bf1af6f06
4 changed files with 416 additions and 248 deletions
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -43,9 +43,6 @@ jobs:
        with:
          python-version: 3.9

-      - name: Install pip-audit
-        run: pip install --upgrade pip pip-audit 
-
      - name: Setup poetry
        uses: Gr1N/setup-poetry@v8

@@ -56,7 +53,7 @@ jobs:
        run: poetry run pip freeze > requirements.txt

      - name: Audit dependencies
-        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57  --ignore-vuln GHSA-m2qf-hxjv-5gpq --ignore-vuln PYSEC-2022-4301 --ignore-vuln PYSEC-2022-43012 
+        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57 --ignore-vuln PYSEC-2023-62

  test:
    needs: lint
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -21,9 +21,6 @@ jobs:
        with:
          python-version: 3.9

-      - name: Install pip-audit
-        run: pip install --upgrade pip
-
      - name: Setup poetry
        uses: Gr1N/setup-poetry@v8

@@ -34,4 +31,4 @@ jobs:
        run: poetry run pip freeze > requirements.txt

      - name: Audit dependencies
-        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57  --ignore-vuln GHSA-m2qf-hxjv-5gpq --ignore-vuln PYSEC-2022-4301
+        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57 --ignore-vuln PYSEC-2023-62