14860840068
86%
main: 86%

Ran 06 May 2025 01:26PM UTC

Jobs 1

Files 17

Run time 3min

Badge

Embed ▾

Committed 06 May 2025 01:24PM UTC coverage: 86.031%. Remained the same

Build # 14860840068

Build Type

Pull #85

github

Committed by

ghukill

Commit Message

Replace pipenv check with pip-audit

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1240

Pull Request Pull Request #85: Replace pipenv check with pip-audit

Run Details

776 of 902 relevant lines covered (86.03%)

0.86 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	14860840068.1	06 May 2025 01:26PM UTC	17	86.03	GitHub Action Run

MITLibraries / transmogrifier-ab-diff / 14860840068
86%
main: 86%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 14860840068

MITLibraries / transmogrifier-ab-diff / 14860840068 86% main: 86%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 14860840068

MITLibraries / transmogrifier-ab-diff / 14860840068
86%
main: 86%

README BADGES
x