ci: update CI workflow to use uv #82
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: [email protected] <[email protected]> Co-Authored-By: [email protected] <[email protected]>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![semgrep-code-assistant-ws[bot]](https://avatars.githubusercontent.com/u/6875813?s=60&v=4){kind=small}
README.md
Outdated
| Example output: | ||
|
|
||
| ``` | ||
| Finding: aws_secret="AKIAIMNOJVGFDXXXE4OA" |
There was a problem hiding this comment.
AWS Access Key ID Value detected. This is a sensitive credential and should not be hardcoded here. Instead, read this value from an environment variable or keep it in a separate, private file.
🧼 Fixed in commit 58a2422 🧼
| urllib3==1.26.19 ; python_version >= "3.11.dev0" and python_version < "3.12.dev0" | ||
| uvicorn[standard]==0.21.1 ; python_version >= "3.11.dev0" and python_version < "3.12.dev0" | ||
| uvloop==0.17.0 ; (sys_platform != "win32" and sys_platform != "cygwin") and platform_python_implementation != "PyPy" and python_version >= "3.11.dev0" and python_version < "3.12.dev0" | ||
| virtualenv==20.23.1 ; python_version >= "3.11.dev0" and python_version < "3.12.dev0" |
There was a problem hiding this comment.
Risk: Affected versions of virtualenv are vulnerable to Improper Neutralization of Special Elements used in a Command ('Command Injection') / Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). virtualenv allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing.
Fix: Upgrade this library to at least version 20.26.6 at llm-gateway/requirements.dev.txt:70.
Reference(s): GHSA-rqc4-2hc7-8c8v, CVE-2024-53899
💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-9be743e1-05bf-d877-55ed-816b77b3322e.
README.md
Outdated
| ``` | ||
| Finding: aws_secret="AKIAIMNOJVGFDXXXE4OA" | ||
| RuleID: aws-access-token | ||
| Secret AKIAIMNOJVGFDXXXE4OA |
There was a problem hiding this comment.
AWS Access Key ID Value detected. This is a sensitive credential and should not be hardcoded here. Instead, read this value from an environment variable or keep it in a separate, private file.
🧹 Fixed in commit 58a2422 🧹
README.md
Outdated
| --- a/checks_test.go | ||
| +++ b/checks_test.go | ||
| @@ -28,0 +37,1 @@ | ||
| + "aws_secret= \"AKIAIMNOJVGFDXXXE4OA\"": true, |
There was a problem hiding this comment.
AWS Access Key ID Value detected. This is a sensitive credential and should not be hardcoded here. Instead, read this value from an environment variable or keep it in a separate, private file.
✨ Fixed in commit 58a2422 ✨
… monitoring Co-Authored-By: [email protected] <[email protected]>
…ectories Co-Authored-By: [email protected] <[email protected]>
Update CI workflow to use uv
This PR updates the CI workflow to use uv instead of Poetry for dependency management.
Changes
Testing
✅ Successfully tested:
uv venvuv pip installLink to Devin run: https://app.devin.ai/sessions/2430149b78eb49f6bff9c52e97afdb17
Requested by: [email protected]