Skip to content

Commit 0796841

Browse files
build: fix pip audit
1 parent 970a323 commit 0796841

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

.github/workflows/check-python.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,13 @@ jobs:
2323
run: poetry install --no-interaction --no-root
2424

2525
- name: Audit with pip-audit
26-
run: poetry run pip-audit
26+
run: |
27+
# audit non dev dependencies, no exclusions
28+
poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
29+
30+
# audit all dependencies, with exclusions
31+
poetry run pip-audit \
32+
--ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
2733
2834
- name: Check formatting with Black
2935
run: |

0 commit comments

Comments
 (0)