brainix · brainix · Jul 6, 2024 · May 15, 2024 · May 16, 2024 · May 21, 2024
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -45,7 +45,10 @@ jobs:
       run: |
         flake8 *\.py pottery/*\.py tests/*\.py --count --max-complexity=10 --statistics
         isort *\.py pottery/*\.py tests/*\.py --check-only --diff
-    - name: Check for security vulnerabilities with Bandit and Safety
+    - name: Check for security vulnerabilities with Bandit
       run: |
         bandit --recursive pottery
-        safety check --file requirements.txt
+    - name: Check for security vulnerabilities with Safety
+      uses: pyupio/safety-action@v1
+      with:
+        api-key: ${{ secrets.SAFETY_API_KEY }}
diff --git a/.safety-policy.yml b/.safety-policy.yml
@@ -0,0 +1,42 @@
+version: '3.0'
+
+scanning-settings:
+  max-depth: 6
+  exclude: []
+  include-files: []
+  system:
+    targets: []
+
+
+report:
+  dependency-vulnerabilities:
+    enabled: true
+    auto-ignore-in-report:
+      python:
+        environment-results: true
+        unpinned-requirements: true
+      cvss-severity: []
+      vulnerabilities:
+        70612:
+          reason: "We don't render Jinja templates"
+          expires: '2024-12-31'
+
+
+fail-scan-with-exit-code:
+  dependency-vulnerabilities:
+    enabled: true
+    fail-on-any-of:
+      cvss-severity:
+        - high
+        - critical
+        - medium
+      exploitability:
+        - high
+        - critical
+        - medium
+
+security-updates:
+  dependency-vulnerabilities:
+    auto-security-updates-limit:
+      - patch
+
diff --git a/Makefile b/Makefile
@@ -81,7 +81,7 @@ test:
 		echo Running isort on $($@_SOURCE_FILES) && \
 		isort $($@_SOURCE_FILES) --check-only --diff && \
 		bandit --recursive pottery && \
-		safety check
+		safety scan
 
 
 .PHONY: release

diff --git a/requirements-to-freeze.txt b/requirements-to-freeze.txt
@@ -54,3 +54,7 @@ requests>=2.20.0
 #   https://nvd.nist.gov/vuln/detail/CVE-2018-20060
 #   https://nvd.nist.gov/vuln/detail/CVE-2019-11324
 urllib3>=1.24.2
+
+# We don't need docutils at the top-level.  However, it's pulled in from
+# something else, and recent docutils doesn't support Python 3.8.
+docutils==0.20.1
diff --git a/requirements.txt b/requirements.txt
@@ -1,69 +1,71 @@
-annotated-types==0.6.0
-async-timeout==4.0.3
-Authlib==1.3.0
-bandit==1.7.8
-certifi==2024.2.2
+annotated-types==0.7.0
+Authlib==1.3.1
+bandit==1.7.9
+certifi==2024.7.4
 cffi==1.16.0
 charset-normalizer==3.3.2
 click==8.1.7
-coverage==7.4.4
-cryptography==42.0.5
+coverage==7.5.4
+cryptography==42.0.8
 docutils==0.20.1
 dparse==0.6.4b0
-flake8==7.0.0
+filelock==3.12.4
+flake8==7.1.0
 hiredis==2.3.2
-idna==3.6
-importlib_metadata==7.1.0
+idna==3.7
+importlib_metadata==8.0.0
 iniconfig==2.0.0
 isort==5.13.2
 jaraco.classes==3.4.0
 jaraco.context==5.3.0
-jaraco.functools==4.0.0
-Jinja2==3.1.3
-keyring==25.1.0
+jaraco.functools==4.0.1
+Jinja2==3.1.4
+keyring==25.2.1
 markdown-it-py==3.0.0
 MarkupSafe==2.1.5
-marshmallow==3.21.1
+marshmallow==3.21.3
 mccabe==0.7.0
 mdurl==0.1.2
 mmh3==4.1.0
-more-itertools==10.2.0
-mypy==1.9.0
+more-itertools==10.3.0
+mypy==1.10.1
 mypy-extensions==1.0.0
 nh3==0.2.17
-packaging==24.0
+packaging==24.1
 pbr==6.0.0
 pkginfo==1.10.0
-pluggy==1.4.0
-pycodestyle==2.11.1
+pluggy==1.5.0
+pycodestyle==2.12.0
 pycparser==2.22
-pydantic==2.6.4
-pydantic_core==2.16.3
+pydantic==2.8.2
+pydantic_core==2.20.1
 pyflakes==3.2.0
-Pygments==2.17.2
-pytest==8.1.1
-pytest-asyncio==0.23.6
+Pygments==2.18.0
+pytest==8.2.2
+pytest-asyncio==0.23.7
 pytest-cov==5.0.0
 PyYAML==6.0.1
 readme_renderer==43.0
-redis==5.1.0b4
-requests==2.31.0
+redis==5.1.0b7
+requests==2.32.3
 requests-toolbelt==1.0.0
 rfc3986==2.0.0
 rich==13.7.1
 ruamel.yaml==0.18.6
 ruamel.yaml.clib==0.2.8
-safety==3.1.0
+safety==3.2.4
 safety-schemas==0.0.2
-setuptools==69.2.0
+setuptools==70.2.0
 shellingham==1.5.4
 stevedore==5.2.0
-twine==5.0.0
-typer==0.12.1
-types-pyOpenSSL==24.0.0.20240311
-types-redis==4.6.0.20240311
-typing_extensions==4.11.0
-urllib3==2.2.1
+twine==5.1.1
+typer==0.12.3
+types-cffi==1.16.0.20240331
+types-pyOpenSSL==24.1.0.20240425
+types-redis==4.6.0.20240425
+types-setuptools==70.2.0.20240704
+typing_extensions==4.12.2
+urllib3==2.2.2
 uvloop==0.19.0
 wheel==0.43.0
-zipp==3.18.1
+zipp==3.19.2
diff --git a/setup.py b/setup.py
@@ -57,10 +57,10 @@
     ],
     keywords=pottery.__keywords__,
     python_requires='>=3.8, <4',
-    install_requires=('redis>=4.2.0rc1, <5', 'mmh3', 'typing_extensions'),
+    install_requires=('redis>=4.2.0rc1', 'mmh3', 'typing_extensions'),
     extras_require={},
     packages=find_packages(exclude=('contrib', 'docs', 'tests*')),
-    package_data={'pottery': ('py.typed',)},
-    data_files=tuple(),
+    package_data={'pottery': ['py.typed']},
+    data_files=[],
     entry_points={},
 )