github.com/Homebrew/brew-pip-audit issues | Ecosyste.ms: OpenCollective

auto-pr: fix setup-homebrew, env usage

woodruffw opened this pull request over 1 year ago

audit.yml: try fixing formula2requirements

woodruffw opened this pull request over 1 year ago

generate-prs: skip recon-ng

woodruffw opened this pull request over 1 year ago

Don't try to bump pypy

alex opened this pull request over 1 year ago

generate-prs: ignore pypy

woodruffw opened this pull request over 1 year ago

Skip offlineimap for now

alex opened this pull request over 1 year ago

generate-prs: add gyb to skip list

woodruffw opened this pull request over 1 year ago

Only run the auto-pr job if audit succeeded

alex opened this pull request over 1 year ago

Skip third-party formulae

woodruffw opened this pull request over 1 year ago

Consider switching back to `pip-audit`

woodruffw opened this issue over 1 year ago

generate-prs: exclude two formula

alex opened this pull request over 1 year ago

Ensure python is installed before sending PRs

alex opened this pull request over 1 year ago

allow updating non-pypi resources

alex opened this pull request over 1 year ago

Don't remove the bottle block

alex opened this pull request over 1 year ago

generate-prs: bump revision with PRs

woodruffw opened this pull request over 1 year ago

generate-prs: remove ping req

woodruffw opened this pull request over 1 year ago

Increase PR limit per run

alex opened this pull request over 1 year ago

pip-audit-bulk: render step summary

woodruffw opened this pull request over 1 year ago

Switch to using osv-scanner, which will be much faster

alex opened this pull request over 1 year ago

Don't use --require-hashes with pip-audit

alex opened this pull request almost 2 years ago

Write out a summary of the results of the script to GITHUB_STEP_SUMMARY

alex opened this pull request almost 2 years ago

generate-prs: increase PR limit

alex opened this pull request almost 2 years ago

generate-prs: better logging

woodruffw opened this pull request almost 2 years ago

generate-prs: more debugging

woodruffw opened this pull request almost 2 years ago

generate-prs: skip PRs that don't patch vulns

woodruffw opened this pull request almost 2 years ago

auto-pr: switch to setup-homebrew action

woodruffw opened this pull request almost 2 years ago

Time out the auto-pr workflow after 60 minutes

alex opened this pull request almost 2 years ago

auto-pr: remove pipgrip

woodruffw opened this pull request almost 2 years ago

Re-enable auto PRs

alex opened this pull request almost 2 years ago

Remove formula restriction but lower pr limit

alex opened this pull request almost 2 years ago

Re-add support for generating PRs only for known formula

alex opened this pull request almost 2 years ago

disable auto-pr until we fix it

alex opened this pull request almost 2 years ago

[auto-pr] pring brew version for debugability

alex opened this pull request almost 2 years ago

Limit the number of PRs we send per run

alex opened this pull request almost 2 years ago

Sort formula processing in scripts

alex opened this pull request almost 2 years ago

formula2requirements: blow away old requirements

woodruffw opened this pull request almost 2 years ago

pip-audit-bulk: clean up orphaned audits

woodruffw opened this pull request almost 2 years ago

[formula2requirements] clean up when a formula removes all requirements

alex opened this pull request almost 2 years ago

auto-pr: configure `git` user

nandahkrishna opened this pull request almost 2 years ago

PR automation: follow-ups

woodruffw opened this issue almost 2 years ago

README: reflow, docs

woodruffw opened this pull request almost 2 years ago

auto-pr: automatically run after we finish auditing

alex opened this pull request almost 2 years ago

Ignore another wheel-specific GHSA

alex opened this pull request almost 2 years ago

Bump gitpython from 3.1.29 to 3.1.30 in /requirements

dependabot[bot] opened this pull request about 2 years ago

Better organize how we ignore vulns

alex opened this pull request about 2 years ago

workflows/auto-pr: be more forceful

woodruffw opened this pull request about 2 years ago

install pipgrip explicitly

alex opened this pull request about 2 years ago

workflows/auto-pr: forward HOMEBREW_GITHUB_API_TOKEN from secrets to env

woodruffw opened this pull request about 2 years ago

Attempt to automatically generate PRs fixing things

alex opened this pull request about 2 years ago

Actions job can't push to main due to protected branch

alex opened this issue about 2 years ago

Bump actions/checkout from 2 to 3

dependabot[bot] opened this pull request over 2 years ago

Bump actions/setup-python from 2 to 4

dependabot[bot] opened this pull request over 2 years ago

Attempt to auto-send PRs to brew

alex opened this issue over 2 years ago

fixes #4 -- delete old audit jsons if there's no vulnerabilities left

alex opened this pull request over 2 years ago

Remove existing audit results if all vulnerabilities fixed

alex opened this issue over 2 years ago

Refactor bulk auditing

woodruffw opened this pull request over 2 years ago

If a dependency doesn't have any vulnerabilities, remove it from the results

woodruffw opened this issue over 2 years ago

Added a github action to run this

alex opened this pull request almost 3 years ago