feat(python): skip dev dependencies (#3282)

This commit bumps the go-dep-parser version. This revents Trivy from detecting vulnerabilities in Poetry dev-dependency, so the document is also updated. Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
aquasecurity · Dec 12, 2022 · 08b55c3 · 08b55c3
1 parent 52300e6
commit 08b55c3
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/docs/docs/vulnerability/detection/language.md b/docs/docs/vulnerability/detection/language.md
@@ -7,7 +7,7 @@
 | Ruby     | Gemfile.lock                                                                               |     -     |     -      |        ✅        |        ✅        | included         |
 |          | gemspec                                                                                    |     ✅     |     ✅      |        -        |        -        | included         |
 | Python   | Pipfile.lock                                                                               |     -     |     -      |        ✅        |        ✅        | excluded         |
-|          | poetry.lock                                                                                |     -     |     -      |        ✅        |        ✅        | included         |
+|          | poetry.lock                                                                                |     -     |     -      |        ✅        |        ✅        | excluded         |
 |          | requirements.txt                                                                           |     -     |     -      |        ✅        |        ✅        | included         |
 |          | egg package[^1]                                                                            |     ✅     |     ✅      |        -        |        -        | excluded         |
 |          | wheel package[^2]                                                                          |     ✅     |     ✅      |        -        |        -        | excluded         |

diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/alicebob/miniredis/v2 v2.23.0
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
 	github.com/aquasecurity/defsec v0.82.6
-	github.com/aquasecurity/go-dep-parser v0.0.0-20221201113458-a9c692a73b93
+	github.com/aquasecurity/go-dep-parser v0.0.0-20221208150335-299772f066c4
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46

diff --git a/go.sum b/go.sum
@@ -193,8 +193,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
 github.com/aquasecurity/defsec v0.82.6 h1:whb9ygS+cANcvGSq51s44+hY3nU6OV3VOR2Q4dIz3kc=
 github.com/aquasecurity/defsec v0.82.6/go.mod h1:sUdW6pzASralDcs+CDOE+QpWfBJt3/PY1Qbg8CS5flg=
-github.com/aquasecurity/go-dep-parser v0.0.0-20221201113458-a9c692a73b93 h1:ndiO1fLbPSn7td7mg9UQ/a0bffpEx9ot9oh95vtmvMk=
-github.com/aquasecurity/go-dep-parser v0.0.0-20221201113458-a9c692a73b93/go.mod h1:ZCiGJgdQxCateSw3nPMwZvp9J/+nU8/3DcGY/NO71e4=
+github.com/aquasecurity/go-dep-parser v0.0.0-20221208150335-299772f066c4 h1:cFQv/JghmN6dC/vuu6JbDkziwhBgLPfQvyi/TxJN+6I=
+github.com/aquasecurity/go-dep-parser v0.0.0-20221208150335-299772f066c4/go.mod h1:ZCiGJgdQxCateSw3nPMwZvp9J/+nU8/3DcGY/NO71e4=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
 github.com/aquasecurity/go-mock-aws v0.0.0-20220726154943-99847deb62b0 h1:tihCUjLWkF0b1SAjAKcFltUs3SpsqGrLtI+Frye0D10=