MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

Repo Added 27 Apr 2023 07:56PM UTC

Files 3

Badge

Embed ▾

LAST BUILD ON BRANCH main
branch: SELECT

CHANGE BRANCH
x

No branch selected

IN-1245-pip-audit

INFRA-502

dependabot/pip/bandit-1.7.6

dependabot/pip/black-23.10.1

dependabot/pip/black-23.11.0

dependabot/pip/black-23.12.0

dependabot/pip/black-23.12.1

dependabot/pip/certifi-2023.7.22

dependabot/pip/click-8.1.4

dependabot/pip/click-8.1.5

dependabot/pip/click-8.1.6

dependabot/pip/gitpython-3.1.32

dependabot/pip/gitpython-3.1.41

dependabot/pip/mypy-1.3.0

dependabot/pip/mypy-1.4.1

dependabot/pip/mypy-1.7.0

dependabot/pip/mypy-1.7.1

dependabot/pip/mypy-1.8.0

dependabot/pip/pytest-7.3.2

dependabot/pip/pytest-7.4.0

dependabot/pip/pytest-7.4.3

dependabot/pip/pytest-7.4.4

dependabot/pip/requests-2.31.0

dependabot/pip/requests-mock-1.11.0

initial-app

main

maintenance-updates-12-2024

maintenance-week-updates

more-readme-updates

readme-update

readme-updates

readme-usage-update

Committed 06 May 2025 02:13PM UTC coverage: 100.0%. Remained the same

Build # 14861926468

Build Type

push

github

Committed by

web-flow

Commit Message

Replace pipenv check with pip-audit (#29)

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1245

Run Details

73 of 73 relevant lines covered (100.0%)

1.0 hits per line

Relevant lines Covered

73 RELEVANT LINES 73 COVERED LINES

1.0 HITS PER LINE

Source Files on initial-app

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
14861926468	main	Replace pipenv check with pip-audit (#29) Why these changes are being introduced: As of pipenv 2025.0.1 the use of `pipenv check` would throw an error, indicating that the library `safety` was not installed. It worked to run `pipenv check --auto...	push	06 May 2025 02:14PM UTC	web-flow	github	100.0
14845760999	IN-1245-pip-audit	Replace pipenv check with pip-audit Why these changes are being introduced: As of pipenv 2025.0.1 the use of `pipenv check` would throw an error, indicating that the library `safety` was not installed. It worked to run `pipenv check --auto-insta...	push	05 May 2025 08:38PM UTC	ehanson8	github	100.0
13423267080	INFRA-502	Update dependencies and python version (#28)	push	19 Feb 2025 10:07PM UTC	web-flow	github	100.0
12434275921	main	Update dependencies and python version (#28)	push	20 Dec 2024 03:42PM UTC	web-flow	github	100.0
12396590308	maintenance-updates-12-2024	Update dependencies and python version	push	18 Dec 2024 03:54PM UTC	ehanson8	github	100.0
8648327409	main	Maintenance week updates (#27) * Update dependencies and Makefile * Update dependencies including adding new linters and pre-commit as well as removing old linters * Update Makefile * Add pyproject.toml * Remove setup.cfg * Address issue...	push	11 Apr 2024 02:21PM UTC	web-flow	github	100.0
8622010366	maintenance-week-updates	Update README.md	Pull #27	09 Apr 2024 08:40PM UTC	ehanson8	github	100.0
8544425462	maintenance-week-updates	Update pull-request-template.md	push	03 Apr 2024 07:28PM UTC	ehanson8	github	100.0
8544248458	maintenance-week-updates	Update Pipfile.lock	push	03 Apr 2024 07:13PM UTC	ehanson8	github	100.0
8544221689	maintenance-week-updates	Address issues raised by linters * Address various issues raised by linters via code changes or single line ignores * Remove old linter ignores	push	03 Apr 2024 07:11PM UTC	ehanson8	github	100.0

See All Builds (52)

MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on initial-app

Recent builds

MITLibraries / archivesspace-top-containers 100% initial-app: 100%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on initial-app

Recent builds

MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

README BADGES
x

CHANGE BRANCH
x