Merge pull request #534 from sir-gon/security

sir-gon · web-flow · commit 7a4720012c36 · 2024-07-20T11:03:07.000-04:00
[Security] [python] CVE-2024-6345 | CWE-94 | SNYK-PYTHON-SETUPTOOLS-7…
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -19,7 +19,11 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk-code.sarif
+          args: >
+            --print-deps
+            --file=requirements.txt
+            --command=python3
+            --sarif-file-output=snyk-code.sarif
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3
         with:
diff --git a/requirements.txt b/requirements.txt
@@ -19,7 +19,6 @@ pylint==3.2.5
 pyright==1.1.372
 pytest==8.2.2
 pytest-cov==5.0.0
-setuptools==71.0.4 # not directly required, pinned by Snyk to avoid a vulnerability
 tomli==2.0.1
 tomlkit==0.13.0
 typing_extensions==4.12.2
