drop safety (#295)

GitHub has dependency alerts and dependency security updates that can replace `safety`. For the past few months, safety has been raising vulnerability errors for `pip` and now `jinja2`. The latter is a dependency of `safety` itself, and both CVEs are disputed. Which is breaking CI for us.
iterative · Jun 15, 2024 · fe4c7a0 · fe4c7a0
1 parent 8ff6a55
commit fe4c7a0
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 10 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -45,8 +45,8 @@ jobs:
         pip --version
         nox --version
 
-    - name: Lint code and check dependencies
-      run: nox -s lint safety
+    - name: Lint code
+      run: nox -s lint
 
     - name: Run tests
       run: nox -s tests-${{ matrix.nox_pyv || matrix.pyv }} -- --cov-report=xml

diff --git a/noxfile.py b/noxfile.py
@@ -40,14 +40,6 @@ def lint(session: nox.Session) -> None:
     session.run("python", "-m", "mypy")
 
 
-@nox.session
-def safety(session: nox.Session) -> None:
-    """Scan dependencies for insecure packages."""
-    session.install(".[dev]", *pip_dev_flags)
-    session.install("safety")
-    session.run("safety", "check", "--full-report")
-
-
 @nox.session
 def build(session: nox.Session) -> None:
     session.install("build", "setuptools", "twine")