python: move safety check to separate tox env #6451
Conversation
| @@ -43,12 +43,19 @@ commands = | |||
| # flake8 includes black check due to flake8-black | |||
| # flake8 includes isort check which checks for import order due to flake8-isort | |||
| flake8 pynessie tests tools | |||
| # ignore https://pyup.io/v/51457/f17 -> https://github.com/pytest-dev/py/issues/287 | |||
There was a problem hiding this comment.
no longer needed since https://github.com/pytest-dev/pytest/releases/tag/7.2.0
because pytest no longer depends on py
by not installing safety alongside the other dependencies, we are not constrained by safety's overly restrictive dependency version ranges (see inline comment) this unblocks renovate to upgrade other linting dependencies
| commands = | ||
| # using separate env because of https://github.com/pyupio/safety/issues/455 | ||
| # note that requirements_lint.txt imports all other requirement files | ||
| safety check --file requirements_lint.txt |
There was a problem hiding this comment.
from CI run:
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your files:
-> requirements_lint.txt
Using non-commercial database
Found and scanned 39 packages
Timestamp 2023-03-31 07:50:58
0 vulnerabilities found
0 vulnerabilities ignored
+==============================================================================+
No known security vulnerabilities found.
this might exclude scanning of transitive dependencies, but i guess its still better than flat out removing safety until they manage to release their new version (that blocks our other upgrade PRs)
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## main #6451 +/- ##
=========================================
Coverage 83.16% 83.16%
Complexity 537 537
=========================================
Files 911 911
Lines 36029 36029
Branches 3210 3210
=========================================
Hits 29965 29965
Misses 4936 4936
Partials 1128 1128
Flags with carried forward coverage won't be shown. Click here to find out more. Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
by not installing safety alongside the other dependencies, we are not constrained by safety's overly restrictive dependency version ranges (see inline comment)
this unblocks renovate to upgrade other linting dependencies