Upgrade embedded pip to fix Safety warnings

pronovic · May 16, 2021 · 1e9d4b6 · 1e9d4b6
1 parent b8f6c73
commit 1e9d4b6
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
@@ -27,6 +27,12 @@ jobs:
         with:
           virtualenvs-create: true
           virtualenvs-in-project: true
+      - name: Upgrade embedded wheels in the virtualenv
+        # This is the recommended way to upgrade things like pip within the
+        # virtualenv.  If there is a vulnerability in pip, then Safety will
+        # alert on it, which is why it's important for these to be up-to-date.
+        # See: https://github.com/python-poetry/poetry/issues/1651#issuecomment-746486601
+        run: poetry run virtualenv --upgrade-embed-wheels
       - name: Install Dependencies
         run: poetry install -v
       - name: Run Tox test suite

diff --git a/run b/run
@@ -3,15 +3,26 @@
 
 # Setup the virtual environment via Poetry and install pre-commit hooks
 run_install() {
+
+   # Create and update the virtualenv
    poetry install -v
    if [ $? != 0 ]; then
       exit 1
    fi
 
+   # Upgrade packages within the virtualenv, like pip
+   # See: https://github.com/python-poetry/poetry/issues/1651#issuecomment-746486601
+   poetry run virtualenv --upgrade-embed-wheels --quiet | sed 's/^SystemExit: None/Completed updating embedded wheels/'
+   if [ $? != 0 ]; then
+      exit 1
+   fi
+
+   # Install the pre-commit hooks
    poetry run pre-commit install 
    if [ $? != 0 ]; then
       exit 1
    fi
+
 }
 
 # Activate the current Poetry virtual environment