Skip to content

poetry audit check on PR #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 17, 2025
Merged

poetry audit check on PR #117

merged 7 commits into from
Oct 17, 2025

Conversation

@heerener
Copy link
Contributor

@heerener heerener commented Oct 13, 2025
edited
Loading

Fixes https://github.com/openbraininstitute/prod-platform-architecture/issues/110

For now it just comments on pull requests, but eventually this can be changed to fail the check if vulnerabilities are found.

@heerener heerener force-pushed the heeren/checks branch 5 times, most recently from 75474e0 to 8387e6b Compare October 13, 2025 11:32
@github-actions
Copy link

poetry audit report

Loading...
Scanning 84 packages...

• cryptography installed 43.0.1 affected >=42.0.0,<44.0.1 CVE CVE-2024-12797
• h11 installed 0.14.0 affected <0.16.0 CVE CVE-2025-43859
• jinja2 installed 3.1.4 affected <3.1.5 CVE CVE-2024-56326
• jinja2 installed 3.1.4 affected <3.1.6 CVE CVE-2025-27516
• jinja2 installed 3.1.4 affected >=3.0.0a1,<3.1.5 CVE CVE-2024-56201
• python-multipart installed 0.0.9 affected <0.0.18 CVE CVE-2024-53981
• requests installed 2.32.3 affected <2.32.4 CVE CVE-2024-47081
• setuptools installed 74.1.2 affected <78.1.1 CVE CVE-2025-47273
• starlette installed 0.37.2 affected <0.40.0 CVE CVE-2024-47874
• starlette installed 0.37.2 affected <0.47.2 CVE CVE-2025-54121
• urllib3 installed 2.2.2 affected >=2.2.0,<2.5.0 CVE CVE-2025-50182
• urllib3 installed 2.2.2 affected <2.5.0 CVE CVE-2025-50181
• virtualenv installed 20.26.4 affected <20.26.6 CVE PVE-2024-73456
• virtualenv installed 20.26.4 affected <20.26.6 CVE CVE-2024-53899

14 vulnerabilities found in 9 packages

@heerener heerener marked this pull request as ready for review October 13, 2025 14:30
@heerener heerener requested a review from bilalesi October 13, 2025 14:30
@heerener heerener changed the title pip-audit check on PR poetry audit check on PR Oct 13, 2025
@heerener heerener merged commit 6f1a0be into develop Oct 17, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bilalesi bilalesi bilalesi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@heerener @bilalesi