Add dependency scanning CI step

pyinat · Aug 17, 2023 · 75d1fc7 · 75d1fc7
1 parent e8f9058
commit 75d1fc7
Show file tree

Hide file tree

Showing 4 changed files with 437 additions and 348 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -60,3 +60,8 @@ jobs:
           python-version: ${{ env.LATEST_PY_VERSION }}
       - name: Run style checks & linting
         uses: pre-commit/[email protected]
+      - name: Scan dependencies for known vulnerabilities
+        uses: pypa/[email protected]
+        with:
+          vulnerability-service: osv
+          ignore-vulns: PYSEC-2022-43012  # older setuptools used by the action itself
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,7 +12,7 @@ repos:
     hooks:
       - id: black
   - repo: https://github.com/asottile/blacken-docs
-    rev: 1.15.0
+    rev: 1.16.0
     hooks:
       - id: blacken-docs
         args: [--skip-errors, --skip-string-normalization]
@@ -21,7 +21,7 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.0.278
+    rev: v0.0.284
     hooks:
       - id: ruff
   - repo: https://github.com/yunojuno/pre-commit-xenon
@@ -30,7 +30,7 @@ repos:
       - id: xenon
         args: [--max-average=A, --max-modules=C, --max-absolute=C]
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.4.1
+    rev: v1.5.0
     hooks:
       - id: mypy
         additional_dependencies: [attrs, types-python-dateutil, types-requests, types-ujson]