Python Audit #143
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python Audit | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| jobs: | |
| pip_audit: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out source | |
| uses: actions/checkout@v3 | |
| - name: Merge requirements | |
| run: contrib/deterministic-build/filter_deterministic_requirements.py > requirements.txt | |
| - name: Run Audit | |
| uses: pypa/gh-action-pip-audit@v1.1.0 | |
| with: | |
| inputs: requirements.txt | |
| # PYSEC-2022-43012, PYSEC-2022-43017 and PYSEC-2023-228 are only at build time | |
| # Will go away once setuptools, wheel and pip is bumped | |
| # GHSA-wj6h-64fc-37mp is only for P-256 curve which isn't used in bitcoin | |
| # GHSA-jjg7-2v4v-x38h is a minor issue that will be fixed on idna bump (>=3.7) | |
| # PYSEC-2024-60 is a minor issue that will be fixed on idna bump (>=3.7) | |
| # GHSA-9wx4-h78v-vm56 is not applicable, fixed in requests >= 2.32.0 | |
| # GHSA-9hjg-9r4m-mvj7 is not applicable (.netrc not used), fixed in request >= 2.32.4 | |
| # GHSA-pq67-6m6q-mj2v is not applicable (PoolManager not used), fixed in urllib >= 2.5.0 | |
| # GHSA-4xh5-x5gv-qwph is not applicable (we have pinned packages by hash), fixed in pip >= 25.3 (planned) | |
| # PYSEC-2025-49 is not applicable (we have pinned packages by hash), fixed in setuptools >= 78.1.0 | |
| # GHSA-xqrq-4mgf-ff32 is not applicable (we do not allow imports), fixed in future >= ?? | |
| # GHSA-79v4-65xg-pq4g is not applicable (we are not using wheels), fixed in cryptography >= 44.0.1 | |
| # GHSA-8qvm-5x2c-j2w7 is not applicable (we are using the UPD backend), fixed in protobuf >= 5.29.5 | |
| ignore-vulns: | | |
| PYSEC-2022-43012 | |
| PYSEC-2022-43017 | |
| PYSEC-2023-228 | |
| GHSA-wj6h-64fc-37mp | |
| GHSA-jjg7-2v4v-x38h | |
| PYSEC-2024-60 | |
| GHSA-9wx4-h78v-vm56 | |
| GHSA-9hjg-9r4m-mvj7 | |
| GHSA-pq67-6m6q-mj2v | |
| GHSA-4xh5-x5gv-qwph | |
| PYSEC-2025-49 | |
| GHSA-xqrq-4mgf-ff32 | |
| GHSA-79v4-65xg-pq4g | |
| GHSA-8qvm-5x2c-j2w7 |