From a9d2468757cfe1c8491927dc7dae6107fda31be7 Mon Sep 17 00:00:00 2001
From: skshetry <18718008+skshetry@users.noreply.github.com>
Date: Sat, 15 Jun 2024 20:35:00 +0545
Subject: [PATCH] drop safety (#169)

GitHub has dependency alerts and dependency security updates
that can replace `safety`.

For the past few months, safety has been raising vulnerability
errors for `pip` and now `jinja2`. The latter is a dependency
of `safety` itself, and both CVEs are disputed.

Which is breaking CI for us.
---
 .github/workflows/tests.yml | 4 ++--
 noxfile.py                  | 8 --------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b35c2dc..f46fc78 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -41,8 +41,8 @@ jobs:
           pip --version
           nox --version
 
-      - name: Lint code and check dependencies
-        run: nox -s lint safety
+      - name: Lint code
+        run: nox -s lint
 
       - name: Run tests
         run: nox -s tests-${{ matrix.pyv }} -- --cov-report=xml
diff --git a/noxfile.py b/noxfile.py
index 0531307..18847a7 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -38,14 +38,6 @@ def lint(session: nox.Session) -> None:
     session.run("python", "-m", "mypy")
 
 
-@nox.session
-def safety(session: nox.Session) -> None:
-    """Scan dependencies for insecure packages."""
-    session.install(".[dev]")
-    session.install("safety")
-    session.run("safety", "check", "--full-report")
-
-
 @nox.session
 def build(session: nox.Session) -> None:
     session.install("build", "setuptools", "twine")