feat(deps): lock file maintenance

.gitea/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
@@ -64,19 +64,19 @@ jobs:
       #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
       #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
 
-      # - name: Set up environment for Snyk
-      #   run: |
-      #     uv pip freeze > requirements.txt
-      #     mv pyproject.toml pyproject.toml.bak
-      #     mv uv.lock uv.lock.bak
+      - name: Set up environment for Snyk
+        run: |
+          uv pip freeze > requirements.txt
+          mv pyproject.toml pyproject.toml.bak
+          mv uv.lock uv.lock.bak
 
-      # - name: Snyk SAST Scan
-      #   uses: snyk/actions/python@master
-      #   env:
-      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      #   with:
-      #     # command: snyk
-      #     args: snyk code test #--all-projects --exclude=.archive
+      - name: Snyk SAST Scan
+        uses: snyk/actions/python@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          # command: snyk
+          args: snyk code test #--all-projects --exclude=.archive
 
       # - name: Snyk Vulnerability Scan
       #   uses: snyk/actions/python@master
@@ -88,8 +88,8 @@ jobs:
       #     # command: snyk
       #     args: snyk test #--all-projects --exclude=.archive
       
-      # - name: Reverse set up environment for Snyk
-      #   run: |
-      #     rm -f requirements.txt
-      #     mv pyproject.toml.bak pyproject.toml
-      #     mv uv.lock.bak uv.lock
+      - name: Reverse set up environment for Snyk
+        run: |
+          rm -f requirements.txt
+          mv pyproject.toml.bak pyproject.toml
+          mv uv.lock.bak uv.lock

.gitea/workflows/release.yml

@@ -61,7 +61,7 @@ jobs:
           REPO: ${{ gitea.repository }}
 
       - name: Check out repository
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
           ref: ${{ needs.tag.outputs.tag_name }}

pyproject.toml

@@ -13,8 +13,8 @@ dependencies = [
     "requests<3.0.0,>=2.32.3",
 ]
 
-[dependency-groups]
-dev = [
+[tool.uv]
+dev-dependencies = [
     "black<26.1.1,>=26.1.0",
     "coverage<8.0.0,>=7.6.10",
     "isort<7.0.1,>=7.0.0",

renovate.json

@@ -11,8 +11,6 @@
   "semanticCommits": "enabled",
   "semanticCommitScope": "deps",
   "semanticCommitType": "feat",
-  "osvVulnerabilityAlerts": true,
-  "dependencyDashboardOSVVulnerabilitySummary": "all",
   "vulnerabilityAlerts": {
     "commitMessagePrefix": "[SECURITY] ",
     "enabled": true,
@@ -21,15 +19,5 @@
   },
   "lockFileMaintenance": {
     "enabled": true
-  },
-  "packageRules": [
-    {
-      "matchDepTypes": ["devDependencies"],
-      "automerge": true
-    },
-    {
-      "matchUpdateTypes": ["patch"],
-      "automerge": true
-    }
-  ]
+  }
 }