Remove the Safety scanner from the pre-commit hooks and GitHub action

.github/workflows/tox.yml

@@ -30,7 +30,6 @@ jobs:
       - name: Install dependencies
         run: poetry install -v
       - name: Upgrade embedded tools within virtualenv
-        # Safety will alert on these even though they aren't technically dependencies
         run: poetry run pip install --upgrade pip setuptools wheel
       - name: Run Tox test suite
         run: poetry run tox -c .toxrc -e "checks,coverage"

.pre-commit-config.yaml

@@ -35,13 +35,6 @@ repos:
         entry: poetry run isort .
         pass_filenames: false
         language: system
-  - repo: local
-    hooks:
-      - id: system
-        name: Safety
-        entry: poetry run safety check
-        pass_filenames: false
-        language: system
   - repo: local
     hooks:
       - id: system

Changelog

@@ -1,3 +1,7 @@
+Version 0.1.14     unreleased
+
+	* Remove the Safety scanner from the pre-commit hooks and GitHub action.
+
 Version 0.1.13     14 Nov 2021
 
 	* Adjust dependencies and build process to support Python 3.10.

DEVELOPER.md

@@ -8,7 +8,7 @@ This code should work equivalently on MacOS, Linux, and Windows.
 
 This project uses [Poetry](https://python-poetry.org/) to manage Python packaging and dependencies.  Most day-to-day tasks (such as running unit tests from the command line) are orchestrated through Poetry.  
 
-A coding standard is enforced using [Black](https://github.com/psf/black), [isort](https://pypi.org/project/isort/) and [Pylint](https://www.pylint.org/).  Python 3 type hinting is validated using [MyPy](https://pypi.org/project/mypy/).  Additional code security standards are enforced [Safety](https://github.com/pyupio/safety).
+A coding standard is enforced using [Black](https://github.com/psf/black), [isort](https://pypi.org/project/isort/) and [Pylint](https://www.pylint.org/).  Python 3 type hinting is validated using [MyPy](https://pypi.org/project/mypy/).
 
 ## Pre-Commit Hooks
 
@@ -282,22 +282,6 @@ source ~/.bash_profile
 |Make console active on message in stderr|_Checked_|
 |Output filters|`$FILE_PATH$:$LINE$:$COLUMN.*`|
 
-##### Run Safety Checks
-
-|Field|Value|
-|-----|-----|
-|Name|`Run Safety Checks`|
-|Description|`Run the Safety code checks`|
-|Group|`Developer Tools`|
-|Program|`$ProjectFileDir$/run`|
-|Arguments|`safety`|
-|Working directory|`$ProjectFileDir$`|
-|Synchronize files after execution|_Checked_|
-|Open console for tool outout|_Checked_|
-|Make console active on message in stdout|_Unchecked_|
-|Make console active on message in stderr|_Unchecked_|
-|Output filters|_Empty_|
-
 #### Windows
 
 On Windows, PyCharm has problems invoking the `run` script, even via the Git
@@ -352,22 +336,6 @@ can be used instead.
 |Make console active on message in stderr|_Checked_|
 |Output filters|`$FILE_PATH$:$LINE$:$COLUMN.*`|
 
-##### Run Safety Checks
-
-|Field|Value|
-|-----|-----|
-|Name|`Run Safety Checks`|
-|Description|`Run the Safety code checks`|
-|Group|`Developer Tools`|
-|Program|`powershell.exe`|
-|Arguments|`-executionpolicy bypass -File utils\tools.ps1 safety`|
-|Working directory|`$ProjectFileDir$`|
-|Synchronize files after execution|_Checked_|
-|Open console for tool outout|_Checked_|
-|Make console active on message in stdout|_Unchecked_|
-|Make console active on message in stderr|_Unchecked_|
-|Output filters|_Empty_|
-
 ## Release Process
 
 ### Documentation

docs/requirements.txt

@@ -3,7 +3,7 @@ astroid==2.8.5; python_version >= "3.6" and python_version < "4.0"
 atomicwrites==1.4.0; python_version >= "3.6" and python_full_version < "3.0.0" and sys_platform == "win32" or sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.4.0"
 attrs==21.2.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 babel==2.9.1; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
-backports.entry-points-selectable==1.1.1; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "2.7"
+backports.entry-points-selectable==1.1.1; python_version >= "2.7" and python_full_version >= "3.6.1"
 black==21.10b0; python_full_version >= "3.6.2"
 certifi==2021.10.8; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
 cfgv==3.3.1; python_full_version >= "3.6.1"
@@ -12,15 +12,14 @@ click==8.0.3; python_version >= "3.6" and python_full_version >= "3.6.2"
 colorama==0.4.4; sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.6.2" and platform_system == "Windows" and python_version < "4.0" and (python_version >= "3.6" and python_full_version < "3.0.0" and sys_platform == "win32" or sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.5.0")
 coverage==6.1.2; python_version >= "3.6"
 coveralls==3.3.1; python_version >= "3.5"
-distlib==0.3.3; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
+distlib==0.3.3; python_full_version >= "3.6.1"
 docopt==0.6.2; python_version >= "3.5"
 docutils==0.17.1; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
-dparse==0.5.1; python_version >= "3.5"
-filelock==3.3.2; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
+filelock==3.3.2; python_full_version >= "3.6.1" and python_version >= "3.6"
 identify==2.3.5; python_full_version >= "3.6.1"
 idna==3.3; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
 imagesize==1.3.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
-importlib-metadata==4.8.2; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.2"
+importlib-metadata==4.8.2; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.2" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6")
 iniconfig==1.1.1; python_version >= "3.6"
 isort==5.10.1; python_full_version >= "3.6.1" and python_version < "4.0"
 jinja2==3.0.3; python_version >= "3.6"
@@ -32,21 +31,20 @@ mypy==0.910; python_version >= "3.5"
 nodeenv==1.6.0; python_full_version >= "3.6.1"
 packaging==21.2; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pathspec==0.9.0; python_full_version >= "3.6.2"
-platformdirs==2.4.0; python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.6.2" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6")
+platformdirs==2.4.0; python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.6.2"
 pluggy==1.0.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pre-commit==2.15.0; python_full_version >= "3.6.1"
 py==1.11.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pygments==2.10.0; python_version >= "3.6"
 pylint==2.11.1; python_version >= "3.6" and python_version < "4.0"
-pyparsing==2.4.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.3.0" and python_version >= "3.6"
+pyparsing==2.4.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pytest-testdox==2.0.1; python_version >= "3.5"
 pytest==6.2.5; python_version >= "3.6"
 pytz==2021.3; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
 pyyaml==6.0; python_version >= "3.6" and python_full_version >= "3.6.1"
 regex==2021.11.10; python_full_version >= "3.6.2"
 requests==2.26.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
-safety==1.10.3; python_version >= "3.5"
-six==1.16.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
+six==1.16.0; python_full_version >= "3.6.1"
 snowballstemmer==2.1.0; python_version >= "3.6"
 sphinx-autoapi==1.8.4; python_version >= "3.6"
 sphinx==4.3.0; python_version >= "3.6"
@@ -65,4 +63,4 @@ unidecode==1.3.2; python_version >= "3.6"
 urllib3==1.26.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version < "4" and python_version >= "3.6"
 virtualenv==20.10.0; python_full_version >= "3.6.1"
 wrapt==1.13.3; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4.0" or python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.5.0"
-zipp==3.6.0; python_version < "3.8" and python_version >= "3.6"
+zipp==3.6.0; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.1"

pyproject.toml

@@ -39,7 +39,6 @@ black = "^21.10b0"
 mypy = "^0.910"
 isort = "^5.10.0"
 sphinx-autoapi = "^1.8.4"
-safety = "^1.10.3"
 coveralls = "^3.3.1"
 
 [tool.black]

run

@@ -11,7 +11,6 @@ run_install() {
    fi
 
    # Upgrade embedded packages within the virtualenv
-   # Safety will alert on these even though they aren't technically dependencies
    # This command sometimes returns $?=1 on Windows, even though it succeeds <sigh>
    poetry run pip install --quiet --upgrade pip wheel setuptools 2>/dev/null
 
@@ -75,23 +74,6 @@ run_mypy() {
    echo "done"
 }
 
-# Run the Safety code checker
-run_safety() {
-   echo "Running safety checks..."
-
-   poetry run which safety > /dev/null
-   if [ $? != 0 ]; then
-      run_install
-   fi
-
-   poetry run safety check $*
-   if [ $? != 0 ]; then
-      exit 1
-   fi
-
-   echo "done"
-}
-
 # Run the black code formatter
 run_black() {
    echo "Running black formatter..."
@@ -327,9 +309,6 @@ case $1 in
    isort)
       run_isort
       ;;
-   safety)
-      run_safety
-      ;;
    mypy)
       run_mypy
       ;;
@@ -346,8 +325,6 @@ case $1 in
       echo ""
       run_isort --check-only
       echo ""
-      run_safety --bare
-      echo ""
       run_mypy
       echo ""
       run_pylint

utils/tools.ps1

@@ -29,10 +29,5 @@ Switch ($command)
       Write-Output "Running pylint checks..." 
       poetry run pylint -j 0 src/uciparse tests
     }
-
-    safety {
-      Write-Output "Running safety checks..." 
-      poetry run safety check
-    }
 }