Python Audit #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Python Audit | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * *' | |
jobs: | |
pip_audit: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Check out source | |
uses: actions/checkout@v3 | |
- name: Merge requirements | |
# btchip-python is borked (and abandoned?) | |
run: > | |
cat contrib/deterministic-build/requirements-binaries.txt | |
contrib/deterministic-build/requirements-build-wine.txt | |
contrib/deterministic-build/requirements-hw.txt | |
contrib/deterministic-build/requirements-pip.txt | |
contrib/deterministic-build/requirements.txt | |
| grep -v btchip-python > requirements.txt | |
- name: Run Audit | |
uses: pypa/[email protected] | |
with: | |
inputs: requirements.txt | |
# PYSEC-2022-43012, PYSEC-2022-43017 and PYSEC-2023-228 are only at build time | |
# Will go away once setuptools, wheel and pip is bumped | |
# GHSA-wj6h-64fc-37mp is only for P-256 curve which isn't used in bitcoin | |
ignore-vulns: | | |
PYSEC-2022-43012 | |
PYSEC-2022-43017 | |
PYSEC-2023-228 | |
GHSA-wj6h-64fc-37mp |