Merge pull request #444 from pyupio/develop

2.3.5 Patch

.github/workflows/build.yml

@@ -9,7 +9,7 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
 
     steps:

.github/workflows/gh-action-integration-matrix.json

@@ -1,6 +1,3 @@
 [
-  {"version": "2.0.0"},
-  {"version": "2.2.0"},
-  {"version": "2.2.1"},
-  {"version": "2.3.1"}
+  {"version": "2.3.4"}
 ]

.github/workflows/main.yml

@@ -4,7 +4,7 @@ on: [ push ]
 
 jobs:
     test:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 python-version: [ "3.6", "3.7", "3.8", "3.9", "3.10", "3.11" ]
@@ -32,7 +32,7 @@ jobs:
 
         strategy:
             matrix:
-                os: ['windows-latest', 'ubuntu-latest', 'macos-latest']
+                os: ['windows-latest', 'ubuntu-20.04', 'macos-latest']
         env:
             BINARY_OS: '${{ matrix.os }}'
         steps:
@@ -60,13 +60,13 @@ jobs:
                   path: dist/safety-win-x86_64.exe
                   if-no-files-found: error
             - uses: actions/upload-artifact@v3
-              if: ${{ matrix.os == 'ubuntu-latest' }}
+              if: ${{ matrix.os == 'ubuntu-20.04' }}
               with:
                   name: safety-linux-i686
                   path: dist/safety-linux-i686
                   if-no-files-found: error
             - uses: actions/upload-artifact@v3
-              if: ${{ matrix.os == 'ubuntu-latest' }}
+              if: ${{ matrix.os == 'ubuntu-20.04' }}
               with:
                   name: safety-linux-x86_64
                   path: dist/safety-linux-x86_64
@@ -81,7 +81,7 @@ jobs:
 
     deploy-pypi:
         needs: build-binaries
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-20.04
 
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
 
@@ -105,7 +105,7 @@ jobs:
 
     create-gh-release:
         needs: deploy-pypi
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-20.04
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         permissions:
             contents: write

.github/workflows/test-insecure.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   matrix:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
@@ -24,7 +24,7 @@ jobs:
   # case, to avoid confusion
   test-auto-requirements-txt-insecure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -49,7 +49,7 @@ jobs:
   # Same as above, but for a poetry lock file
   test-auto-poetry-insecure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -74,7 +74,7 @@ jobs:
   # Same as above, but for a Pipfile.lock
   test-auto-pipfile-insecure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -101,7 +101,7 @@ jobs:
   ### installs things in the root VM that the action runs on; this is what gets scanned.
   test-auto-environment-insecure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -132,7 +132,7 @@ jobs:
   ### Scans a recently built Docker container. This uses a few heuristics, defined in entrypoint.sh
   test-auto-docker-insecure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:

.github/workflows/test-secure.yml

@@ -9,7 +9,7 @@ on:
 
 jobs:
   matrix:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
@@ -25,7 +25,7 @@ jobs:
   # case, to avoid confusion
   test-auto-requirements-txt-secure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -47,7 +47,7 @@ jobs:
   # Same as above, but for a poetry lock file
   test-auto-poetry-secure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -69,7 +69,7 @@ jobs:
   # Same as above, but for a Pipfile.lock
   test-auto-pipfile-secure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -93,7 +93,7 @@ jobs:
   ### installs things in the root VM that the action runs on; this is what gets scanned.
   test-auto-environment-secure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:
@@ -121,7 +121,7 @@ jobs:
   ### Scans a recently built Docker container. This uses a few heuristics, defined in entrypoint.sh
   test-auto-docker-secure:
     needs: [ matrix ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     environment: main
     strategy:
       matrix:

CHANGELOG.md

@@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file.
 The format is partly based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) and [PEP 440](https://peps.python.org/pep-0440/)
 
+## [Unreleased] 2.3.5.dev
+
 ## [2.3.4] - 2022-12-07
 - Removed LegacyVersion use; this fixes the issue with packaging 22.0.
 - Fixed typos in the README.

binaries.py

@@ -19,7 +19,7 @@ class environment:
     def __init__(self):
         os_mapping = {
             "windows-latest": self.WIN,
-            "ubuntu-latest": self.LINUX,
+            "ubuntu-20.04": self.LINUX,
             "macos-latest": self.MACOS
         }
         self.os = os_mapping[os.getenv("BINARY_OS")]

safety/VERSION

@@ -1 +1 @@
-2.3.4
+2.3.5.dev

setup.cfg

@@ -39,7 +39,7 @@ install_requires =
     setuptools>=19.3
     Click>=8.0.2
     requests
-    packaging>=21.0
+    packaging>=21.0,<22.0
     dparse>=0.6.2
     ruamel.yaml>=0.17.21
     dataclasses==0.8; python_version=="3.6"