From cc5a0cf20bb72de207a1cec3e49f9fe4b3943ff7 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:32:55 +0000 Subject: [PATCH 1/2] chore(ci): remove Snyk workflow for security monitoring --- .../snyk.yml | 0 .gitea/workflows/ci.yml | 34 +++++++++---------- renovate.json | 2 ++ 3 files changed, 19 insertions(+), 17 deletions(-) rename .gitea/{workflows => workflows-disabled}/snyk.yml (100%) diff --git a/.gitea/workflows/snyk.yml b/.gitea/workflows-disabled/snyk.yml similarity index 100% rename from .gitea/workflows/snyk.yml rename to .gitea/workflows-disabled/snyk.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 5afd216..138740b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -64,19 +64,19 @@ jobs: # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Set up environment for Snyk - run: | - uv pip freeze > requirements.txt - mv pyproject.toml pyproject.toml.bak - mv uv.lock uv.lock.bak + # - name: Set up environment for Snyk + # run: | + # uv pip freeze > requirements.txt + # mv pyproject.toml pyproject.toml.bak + # mv uv.lock uv.lock.bak - - name: Snyk SAST Scan - uses: snyk/actions/python@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # command: snyk - args: snyk code test #--all-projects --exclude=.archive + # - name: Snyk SAST Scan + # uses: snyk/actions/python@master + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # # command: snyk + # args: snyk code test #--all-projects --exclude=.archive # - name: Snyk Vulnerability Scan # uses: snyk/actions/python@master @@ -88,8 +88,8 @@ jobs: # # command: snyk # args: snyk test #--all-projects --exclude=.archive - - name: Reverse set up environment for Snyk - run: | - rm -f requirements.txt - mv pyproject.toml.bak pyproject.toml - mv uv.lock.bak uv.lock + # - name: Reverse set up environment for Snyk + # run: | + # rm -f requirements.txt + # mv pyproject.toml.bak pyproject.toml + # mv uv.lock.bak uv.lock diff --git a/renovate.json b/renovate.json index a37de40..ce7e6b9 100644 --- a/renovate.json +++ b/renovate.json @@ -11,6 +11,8 @@ "semanticCommits": "enabled", "semanticCommitScope": "deps", "semanticCommitType": "feat", + "osvVulnerabilityAlerts": true, + "dependencyDashboardOSVVulnerabilitySummary": "all", "vulnerabilityAlerts": { "commitMessagePrefix": "[SECURITY] ", "enabled": true, -- 2.49.1 From fa00d5775b137d472bd12b2881bd65b712ee0898 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:35:22 +0000 Subject: [PATCH 2/2] chore(deps): reorganize dev dependencies under dependency-groups --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index a3a1f58..c6e1926 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,8 +13,8 @@ dependencies = [ "requests<3.0.0,>=2.32.3", ] -[tool.uv] -dev-dependencies = [ +[dependency-groups] +dev = [ "black<26.1.1,>=26.1.0", "coverage<8.0.0,>=7.6.10", "isort<7.0.1,>=7.0.0", -- 2.49.1