From e086714bab9fd54878c6a8aa561ffc94e4866432 Mon Sep 17 00:00:00 2001 From: Mark Beacom <7315957+mbeacom@users.noreply.github.com> Date: Thu, 11 Jul 2024 23:11:56 -0400 Subject: [PATCH] chore: Update deps and safety handling --- poetry.lock | 13 ++++++++++++- pyproject.toml | 3 ++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/poetry.lock b/poetry.lock index f358da9..14c320c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1049,6 +1049,17 @@ files = [ {file = "pbr-6.0.0.tar.gz", hash = "sha256:d1377122a5a00e2f940ee482999518efe16d745d423a670c27773dfbc3c9a7d9"}, ] +[[package]] +name = "pip" +version = "24.1.2" +description = "The PyPA recommended tool for installing Python packages." +optional = false +python-versions = ">=3.8" +files = [ + {file = "pip-24.1.2-py3-none-any.whl", hash = "sha256:7cd207eed4c60b0f411b444cd1464198fe186671c323b6cd6d433ed80fc9d247"}, + {file = "pip-24.1.2.tar.gz", hash = "sha256:e5458a0b89f2755e0ee8c0c77613fe5273e05f337907874d64f13171a898a7ff"}, +] + [[package]] name = "platformdirs" version = "4.2.2" @@ -1845,4 +1856,4 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", [metadata] lock-version = "2.0" python-versions = "^3.8" -content-hash = "81d36427be2ba0be103ed34678164f998f2d140ca06665cb4c7567f3ca4ebc42" +content-hash = "0c8dab277ed87d2cf62320a77088cc35c6947badd152ba2fdc00d00479ed7566" diff --git a/pyproject.toml b/pyproject.toml index 7db01a7..7244c97 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -145,7 +145,7 @@ lint = ["ruff"] fix = ["ruff", "isort", "black"] test = "pytest --cov=python_template --cov-report=xml --cov-report=term" ruff = "ruff check --fix python_template" -safety = "safety check" +safety = "safety check --ignore 70612" # 70612 ignores the jinja2 CVE used by mkdocs bandit = "bandit -r python_template" security = ["safety", "bandit"] # requires poethepoet outside of poetry. @@ -162,6 +162,7 @@ update = ["poetry-update-core", "poetry-update-dev", "poetry-update-test", "poet [tool.poetry.dependencies] python = "^3.8" +pip = ">= 24.0" typer = {extras = ["all"], version = "^0.12.3"} [tool.poetry.group.test.dependencies]