Skip to content

chore(deps-dev): bump cryptography from 46.0.5 to 46.0.7 #152

chore(deps-dev): bump cryptography from 46.0.5 to 46.0.7

chore(deps-dev): bump cryptography from 46.0.5 to 46.0.7 #152

Workflow file for this run

name: PR - Lint and Test
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
permissions:
contents: read
env:
step-security-allowed-endpoints: >
api.github.com:443
auth.safetycli.com:443
cli.codecov.io:443
data.safetycli.com:443
files.pythonhosted.org:443
github.com:443
ingest.codecov.io:443
keybase.io:443
o26192.ingest.us.sentry.io:443
pypi.org:443
pyup.io:443
release-assets.githubusercontent.com:443
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: block
allowed-endpoints: ${{ env.step-security-allowed-endpoints }}
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
- name: Install poetry
run: |
python -m pip install --upgrade pip
pipx install poetry
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"
- name: Install dependencies
run: |
poetry install
poetry run pip list
- name: Poetry check
run: |
poetry check --lock
- name: Lint with ruff
uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1 # v3.5.1
- name: Lint with pylint
run: |
poetry run pylint --disable=W,C,R,E -j 0 -rn -sn py_iam_expand/
# - name: Check types with mypy
# run: |
# poetry run mypy --strict py_iam_expand/
- name: Bandit
run: |
poetry run bandit -q -lll -x './tests' -r .
- name: Safety
# 70612: pre-existing ignore
# 84415, 84183, 82754: filelock TOCTOU vulns — patched version requires Python >=3.10, no fix for 3.9
# 83159: marshmallow DoS — patched version requires Python >=3.10, no fix for 3.9
run: |
poetry run safety check \
--ignore 70612 \
--ignore 84415 \
--ignore 84183 \
--ignore 82754 \
--ignore 83159
- name: Vulture
run: |
poetry run vulture --min-confidence 100 .
- name: Test with pytest
run: |
poetry run pytest -n auto --cov=./py_iam_expand --cov-report=xml tests
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
with:
token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]
slug: prowler-cloud/py-iam-expand