diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ac589b617..b658bb60d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -14,10 +14,10 @@ jobs: name: publish to pypi on new release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: "3.10" diff --git a/.github/workflows/ci-core.yml b/.github/workflows/ci-core.yml index 320caccac..23a443720 100644 --- a/.github/workflows/ci-core.yml +++ b/.github/workflows/ci-core.yml @@ -23,10 +23,10 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" df -h - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: ${{ matrix.python-version }} @@ -70,7 +70,7 @@ jobs: poetry run coverage xml - name: Report coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/.github/workflows/ci-extensions.yml b/.github/workflows/ci-extensions.yml index 27d4d29ea..b4a7f6ff3 100644 --- a/.github/workflows/ci-extensions.yml +++ b/.github/workflows/ci-extensions.yml @@ -23,10 +23,10 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" df -h - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4 with: python-version: ${{ matrix.python-version }} @@ -164,7 +164,7 @@ jobs: poetry run coverage xml - name: Report coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/docker-compose.yml b/docker-compose.yml index 0b7760e78..bf1d6aaae 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: postgresql: - image: postgres:14.2-alpine + image: postgres:14.2-alpine@sha256:20e49432a20e1a63bb985977c32ec8f110bc609b93de35ad4f19c5486abcefaa environment: POSTGRES_USER: pandasai POSTGRES_PASSWORD: password123 diff --git a/extensions/sandbox/docker/pandasai_docker/Dockerfile b/extensions/sandbox/docker/pandasai_docker/Dockerfile index 2f39e00ac..5384d2af0 100644 --- a/extensions/sandbox/docker/pandasai_docker/Dockerfile +++ b/extensions/sandbox/docker/pandasai_docker/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.9 +FROM python:3.9@sha256:1f13ce12331c2d7d62f4f21a75e8794f4871bfeb95f4f480820cc077386652ff LABEL image_name="pandasai-sandbox" diff --git a/poetry.lock b/poetry.lock index 49dde38e1..1bebef338 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2090,4 +2090,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.1" python-versions = ">=3.8,<3.12" -content-hash = "e08d1c6485585ba5b0adeb77d16e308127cc01b85f99e1e41a802c9c2f4e9af2" +content-hash = "6b60ce0477948d5c79c351ac50c482cc6b28b00b64a48248f889f508a91cc307" diff --git a/pyproject.toml b/pyproject.toml index 87d890af1..3358bfa49 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -34,16 +34,16 @@ pyyaml = "^6.0.2" optional = true [tool.poetry.group.dev.dependencies] -pre-commit = "^3.2.2" -ruff = "^0.1.0" -codespell = "^2.2.0" -pytest = "^8.0.0" -pytest-mock = "^3.10.0" -pytest-env = "^0.8.1" -click = "^8.1.3" -coverage = "^7.2.7" -sourcery = "^1.11.0" -openai = "^1.60.0" +pre-commit = "3.5.0" +ruff = "0.1.15" +codespell = "2.4.1" +pytest = "8.3.5" +pytest-mock = "3.14.0" +pytest-env = "0.8.2" +click = "8.1.8" +coverage = "7.6.1" +sourcery = "1.33.0" +openai = "1.60.2" [tool.poetry.scripts] pai = "pandasai.cli.main:cli"