Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(python): skip dev dependencies #3282

Merged
merged 2 commits into from
Dec 12, 2022
Merged

feat(python): skip dev dependencies #3282

merged 2 commits into from
Dec 12, 2022

Conversation

Catminusminus
Copy link
Contributor

@Catminusminus Catminusminus commented Dec 8, 2022
edited by knqyf263
Loading

Description

This PR bumps the go-dep-parser version.

Currently, Trivy detects vulnerabilities in Poetry dev-dependencies.
This behavior is not consistent with that to Pipenv dev-dependencies, and skipping dev-dependencies is considered preferable.

Now this behavior fixed in the latest go-dep-parser.

This PR enables the new behavior.

Related issues

Related PRs

Remove this section if you don't have related PRs.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@Catminusminus
chore(deps): bump github.com/aquasecurity/go-dep-parser
0578474 
This commit bumps the go-dep-parser version. This revents Trivy from detecting vulnerabilities in Poetry dev-dependency, so the document is also updated.
@knqyf263
Copy link
Collaborator

Thanks for your PR. We need to merge some PRs before this one as this commit of go-dep-parser includes some changes.

@knqyf263
Copy link
Collaborator

We've merged all relevant PRs.
@DmitriyLewen Could you resolve conflicts and take care of this PR?

@knqyf263 knqyf263 changed the title chore(deps): bump github.com/aquasecurity/go-dep-parser feat(python): skip dev dependencies Dec 12, 2022
@knqyf263 knqyf263 merged commit 08b55c3 into aquasecurity:main Dec 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(poetry): skip dev dependencies
3 participants
@Catminusminus @knqyf263 @DmitriyLewen