Fix SARIF location parser to handle col-range format (e.g. 9:12-22) #189
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pip Audit | |
| # TODO: Remove --ignore-vuln GHSA-4xh5-x5gv-qwph once pip 25.3 is released | |
| # This vulnerability affects pip itself and the fix is available but not yet in a numbered release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| audit: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: python:3.12 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Upgrade pip to latest version | |
| run: pip install --upgrade pip | |
| - name: Check pip version | |
| run: pip --version | |
| - name: Install pip-audit | |
| run: pip install pip-audit | |
| - name: Upgrade setuptools | |
| run: pip install --upgrade setuptools | |
| - name: Audit Python Dependencies in api | |
| run: | | |
| cd api | |
| # Temporarily ignore GHSA-4xh5-x5gv-qwph (pip vulnerability) until pip 25.3 is released | |
| # This vulnerability affects pip itself, not project dependencies | |
| pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph | |
| - name: Audit Python Dependencies in controller | |
| run: | | |
| cd controller | |
| # Temporarily ignore GHSA-4xh5-x5gv-qwph (pip vulnerability) until pip 25.3 is released | |
| # This vulnerability affects pip itself, not project dependencies | |
| pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph |