From f78823c2f237b0a4ad7adbb6c1e3bad140bdbab2 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Wed, 7 Dec 2022 23:15:34 -0500 Subject: [PATCH 1/5] Starting version 2.3.5.dev --- CHANGELOG.md | 2 ++ safety/VERSION | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 729586be..4948ccfb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file. The format is partly based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) and [PEP 440](https://peps.python.org/pep-0440/) +## [Unreleased] 2.3.5.dev + ## [2.3.4] - 2022-12-07 - Removed LegacyVersion use; this fixes the issue with packaging 22.0. - Fixed typos in the README. diff --git a/safety/VERSION b/safety/VERSION index 3f684d2d..c0d9366b 100644 --- a/safety/VERSION +++ b/safety/VERSION @@ -1 +1 @@ -2.3.4 +2.3.5.dev From aa1b1532818a1b2cb229b14907cad64c927fa8c6 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 8 Dec 2022 12:36:28 -0500 Subject: [PATCH 2/5] Use packaging versions < 22.0 to prevent issues. --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index e297948b..61623069 100644 --- a/setup.cfg +++ b/setup.cfg @@ -39,7 +39,7 @@ install_requires = setuptools>=19.3 Click>=8.0.2 requests - packaging>=21.0 + packaging>=21.0,<22.0 dparse>=0.6.2 ruamel.yaml>=0.17.21 dataclasses==0.8; python_version=="3.6" From 93598ae65601568fb25f05436e7de3fd2430adc7 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 8 Dec 2022 12:52:51 -0500 Subject: [PATCH 3/5] Pin the ubuntu version to be used for the CI. --- .github/workflows/build.yml | 2 +- .github/workflows/main.yml | 12 ++++++------ .github/workflows/test-insecure.yml | 12 ++++++------ .github/workflows/test-secure.yml | 12 ++++++------ 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 00ddd50a..575511d5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ env: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main steps: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4df8b35b..96bce645 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,7 +4,7 @@ on: [ push ] jobs: test: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: matrix: python-version: [ "3.6", "3.7", "3.8", "3.9", "3.10", "3.11" ] @@ -32,7 +32,7 @@ jobs: strategy: matrix: - os: ['windows-latest', 'ubuntu-latest', 'macos-latest'] + os: ['windows-latest', 'ubuntu-20.04', 'macos-latest'] env: BINARY_OS: '${{ matrix.os }}' steps: @@ -60,13 +60,13 @@ jobs: path: dist/safety-win-x86_64.exe if-no-files-found: error - uses: actions/upload-artifact@v3 - if: ${{ matrix.os == 'ubuntu-latest' }} + if: ${{ matrix.os == 'ubuntu-20.04' }} with: name: safety-linux-i686 path: dist/safety-linux-i686 if-no-files-found: error - uses: actions/upload-artifact@v3 - if: ${{ matrix.os == 'ubuntu-latest' }} + if: ${{ matrix.os == 'ubuntu-20.04' }} with: name: safety-linux-x86_64 path: dist/safety-linux-x86_64 @@ -81,7 +81,7 @@ jobs: deploy-pypi: needs: build-binaries - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') @@ -105,7 +105,7 @@ jobs: create-gh-release: needs: deploy-pypi - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') permissions: contents: write diff --git a/.github/workflows/test-insecure.yml b/.github/workflows/test-insecure.yml index c20cd93a..b8aada7a 100644 --- a/.github/workflows/test-insecure.yml +++ b/.github/workflows/test-insecure.yml @@ -8,7 +8,7 @@ on: jobs: matrix: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: @@ -24,7 +24,7 @@ jobs: # case, to avoid confusion test-auto-requirements-txt-insecure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -49,7 +49,7 @@ jobs: # Same as above, but for a poetry lock file test-auto-poetry-insecure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -74,7 +74,7 @@ jobs: # Same as above, but for a Pipfile.lock test-auto-pipfile-insecure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -101,7 +101,7 @@ jobs: ### installs things in the root VM that the action runs on; this is what gets scanned. test-auto-environment-insecure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -132,7 +132,7 @@ jobs: ### Scans a recently built Docker container. This uses a few heuristics, defined in entrypoint.sh test-auto-docker-insecure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: diff --git a/.github/workflows/test-secure.yml b/.github/workflows/test-secure.yml index 5919f527..780127df 100644 --- a/.github/workflows/test-secure.yml +++ b/.github/workflows/test-secure.yml @@ -9,7 +9,7 @@ on: jobs: matrix: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: @@ -25,7 +25,7 @@ jobs: # case, to avoid confusion test-auto-requirements-txt-secure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -47,7 +47,7 @@ jobs: # Same as above, but for a poetry lock file test-auto-poetry-secure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -69,7 +69,7 @@ jobs: # Same as above, but for a Pipfile.lock test-auto-pipfile-secure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -93,7 +93,7 @@ jobs: ### installs things in the root VM that the action runs on; this is what gets scanned. test-auto-environment-secure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: @@ -121,7 +121,7 @@ jobs: ### Scans a recently built Docker container. This uses a few heuristics, defined in entrypoint.sh test-auto-docker-secure: needs: [ matrix ] - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 environment: main strategy: matrix: From 7d6dd5e4113647b472bff32fba241ebfc28b3dbf Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 8 Dec 2022 13:05:09 -0500 Subject: [PATCH 4/5] Update the OS mapping in the binaries file. --- binaries.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/binaries.py b/binaries.py index 035a865b..5e657ac6 100644 --- a/binaries.py +++ b/binaries.py @@ -19,7 +19,7 @@ class environment: def __init__(self): os_mapping = { "windows-latest": self.WIN, - "ubuntu-latest": self.LINUX, + "ubuntu-20.04": self.LINUX, "macos-latest": self.MACOS } self.os = os_mapping[os.getenv("BINARY_OS")] From 7b24998c616c67c15b77842f2a37dd1a43969b45 Mon Sep 17 00:00:00 2001 From: Yeison Vargas Date: Thu, 8 Dec 2022 13:15:16 -0500 Subject: [PATCH 5/5] Test integration for 2.3.4 --- .github/workflows/gh-action-integration-matrix.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/gh-action-integration-matrix.json b/.github/workflows/gh-action-integration-matrix.json index aa78948f..42bcaa5b 100644 --- a/.github/workflows/gh-action-integration-matrix.json +++ b/.github/workflows/gh-action-integration-matrix.json @@ -1,6 +1,3 @@ [ - {"version": "2.0.0"}, - {"version": "2.2.0"}, - {"version": "2.2.1"}, - {"version": "2.3.1"} + {"version": "2.3.4"} ]