@@ -26,18 +26,22 @@ jobs:
2626 steps :
2727 - uses : actions/checkout@v3
2828 - name : install python
29- uses : actions/setup-python@v3.1.2
29+ uses : actions/setup-python@v4
3030 with :
3131 python-version : ${{env.pythonversion}}
3232 - name : create local poetry install
3333 run : |
3434 python -m venv .venv
3535 source .venv/bin/activate
36+ pip install --upgrade pip setuptools
3637 python -m pip install poetry
3738 poetry install
3839uses : trailofbits/gh-action-pip-audit@v1.0.0
3940 with :
4041 virtual-environment : .venv
42+ ignore-vulns : |
43+ GHSA-w596-4wvx-j9j6 # subversion related git dep, dependency for pytest. This is no impact here.
44+ GHSA-2p9h-ccw7-33gf # invalid ddos comment on the cleo package
4145
4246lint :
4347 name : Linter
4751 - name : Checkout
4852 uses : actions/checkout@v3
4953 - name : Setup Python 3.9
50- uses : actions/setup-python@v4.3.0
54+ uses : actions/setup-python@v4
5155 with :
5256 python-version : ${{env.pythonversion}}
5357 # ----------------------------------------------
6468 # ----------------------------------------------
6569 - name : Load cached venv
6670 id : cached-poetry-dependencies
67- uses : actions/cache@v3.0.11
71+ uses : actions/cache@v3
6872 with :
6973 path : .venv
7074 key : venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
@@ -119,7 +123,7 @@ jobs:
119123 - name : Checkout
120124 uses : actions/checkout@v3
121125 - name : Setup Python ${{ matrix.pyver }}
122- uses : actions/setup-python@v4.3.0
126+ uses : actions/setup-python@v4
123127 with :
124128 python-version : ${{ matrix.pyver }}
125129 # ----------------------------------------------
@@ -136,7 +140,7 @@ jobs:
136140 # ----------------------------------------------
137141 - name : Load cached venv
138142 id : cached-poetry-dependencies
139- uses : actions/cache@v3.0.11
143+ uses : actions/cache@v3
140144 with :
141145 path : .venv
142146 key : venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
0 commit comments