diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index 021a7f1..3eb67e4 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -17,6 +17,7 @@ flake8-fixme flake8-isort flake8-logging-format flake8-mutable +safety # maintenance utilities and tox pip-tools # pip-compile diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index 491122b..7ce8820 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -19,7 +19,9 @@ certifi==2022.12.7 charset-normalizer==3.0.1 # via requests click==8.1.3 - # via pip-tools + # via + # pip-tools + # safety coverage[toml]==7.1.0 # via pytest-cov distlib==0.3.6 @@ -40,6 +42,8 @@ djangorestframework==3.14.0 # via -r requirements/requirements.in dlint==0.14.0 # via -r requirements/requirements-dev.in +dparse==0.6.2 + # via safety exceptiongroup==1.1.0 # via pytest filelock==3.9.0 @@ -122,7 +126,9 @@ more-itertools==9.0.0 packaging==21.3 # via # build + # dparse # pytest + # safety # tox parsedatetime==2.6 # via -r requirements/requirements.in @@ -180,8 +186,15 @@ requests==2.28.2 # via # python-gitlab # requests-toolbelt + # safety requests-toolbelt==0.10.1 # via python-gitlab +ruamel-yaml==0.17.21 + # via safety +ruamel-yaml-clib==0.2.7 + # via ruamel-yaml +safety==2.3.5 + # via -r requirements/requirements-dev.in six==1.16.0 # via # irc @@ -199,6 +212,8 @@ tempora==5.2.1 # via # irc # jaraco-logging +toml==0.10.2 + # via dparse tomli==2.0.1 # via # build diff --git a/tox.ini b/tox.ini index 0b7e874..9bb769e 100644 --- a/tox.ini +++ b/tox.ini @@ -107,6 +107,7 @@ commands = # run security checks # # again it seems the most valuable here to run against the packaged code +# might not need to ignore 51457 after a tox bump commands = bandit \ {envsitepackagesdir}/acro/ \ @@ -127,6 +128,7 @@ commands = {envsitepackagesdir}/transform/ \ {envsitepackagesdir}/weather/ \ -r + safety check -r requirements/requirements-dev.txt -i 51457 [testenv:lint] # run style checks