build: fix pip audit

daniel-makerx · web-flow · commit 07968411b3ab · 2022-12-19T12:27:25.000+08:00
diff --git a/.github/workflows/check-python.yaml b/.github/workflows/check-python.yaml
@@ -23,7 +23,13 @@ jobs:
         run: poetry install --no-interaction --no-root
 
       - name: Audit with pip-audit
-        run: poetry run pip-audit
+        run: |
+          # audit non dev dependencies, no exclusions
+          poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
+          
+          # audit all dependencies, with exclusions
+          poetry run pip-audit \
+            --ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
 
       - name: Check formatting with Black
         run: |
