Switch from safety to pip-audit (#1918)

hikari-py · May 17, 2024 · 43fb2c6 · 43fb2c6
1 parent c9c8298
commit 43fb2c6
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 10 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -129,10 +129,10 @@ jobs:
             exit 1
           fi
 
-      - name: Safety
+      - name: Audit
         if: always()
         run: |
-          nox -s safety
+          nox -s audit
 
       - name: Mypy
         if: always()

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -94,7 +94,7 @@ This includes:
   - `test`
     - Run tests and installation of the package on different OS's and python versions.
   - `linting`
-    - Linting (`flake8`), type checking (`mypy`), safety (`safety`) and spelling (`codespell`).
+    - Linting (`flake8`), type checking (`mypy`), audit (`pip-audit`) and spelling (`codespell`).
   - `twemoji`
     - Force test all discord emojis.
   - `pages`

diff --git a/dev-requirements/audit.txt b/dev-requirements/audit.txt
@@ -0,0 +1 @@
+pip-audit
diff --git a/dev-requirements/safety.txt b/dev-requirements/safety.txt
diff --git a/pipelines/safety.nox.py → pipelines/audit.nox.py b/pipelines/safety.nox.py → pipelines/audit.nox.py
@@ -25,7 +25,17 @@
 
 
 @nox.session()
-def safety(session: nox.Session) -> None:
+def audit(session: nox.Session) -> None:
     """Perform dependency scanning."""
-    session.install("-r", "requirements.txt", *nox.dev_requirements("safety"))
-    session.run("safety", "check", "--full-report")
+    session.install(*nox.dev_requirements("audit"))
+    session.run(
+        "pip-audit",
+        "-r",
+        "requirements.txt",
+        "-r",
+        "server-requirements.txt",
+        "-r",
+        "speedup-requirements.txt",
+        "--aliases",
+        "on",
+    )