testing pip-audit

[davidslusser]

User description

testing pip-audit

---

CodeAnt-AI Description

Add dependency auditing and update code quality checks

What Changed

• Added a new pull request check that scans installed Python packages for known security issues
• Changed the Ruff workflow from formatting checks to static code analysis on push
• Updated the README to show the new workflow badges and recommend Python 3.12 or newer for local setup

Impact

✅ Earlier dependency security checks
✅ Clearer code quality feedback on pushes
✅ Up-to-date setup guidance for local development

🔄 Retrigger CodeAnt AI Review

Details

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

[codeant-ai]

🟠 Architect Review — HIGH

pip-audit was added to project.optional-dependencies.dev but not to [tool.fawltydeps].ignore_unused, even though all other dev-only tools in the dev extra are listed there; this will cause the existing fawltydeps workflow (which installs .[dev]) to report pip-audit as an unused dependency and fail.

Suggestion: Add pip-audit to the [tool.fawltydeps].ignore_unused list so the existing dependency-consistency workflow continues to pass when the new dev tool is installed via the dev extra.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** pyproject.toml
**Line:** 36:36
**Comment:**
	*HIGH: `pip-audit` was added to `project.optional-dependencies.dev` but not to `[tool.fawltydeps].ignore_unused`, even though all other dev-only tools in the `dev` extra are listed there; this will cause the existing fawltydeps workflow (which installs `.[dev]`) to report `pip-audit` as an unused dependency and fail.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

[codeant-ai]

CodeAnt AI finished reviewing your PR.