chore: replace safety by pip-audit due to license change

Author: dynobo

.github/workflows/python.yaml

@@ -92,9 +92,12 @@ jobs:
       - name: Black
         if: always()
         run: poetry run black --check --diff .
-      - name: Safety
-        if: always()
-        run: poetry run safety check
+      - name: Pip-Audit
+        if: ${{ matrix.os  == 'ubuntu-22.04' }}
+        run:
+          bash -c "poetry run pip-audit --progress-spinner=off --strict -r
+          <(poetry export -f requirements.txt --with dev | sed 's/\[.*\]//g' |
+          sed -z 's/\n\W//g' | uniq )"
       - name: Pytest
         run: poetry run pytest -vv -m "not skip_on_gh" --cov --cov-report=xml
       - name: Coverage

.pre-commit-config.yaml

@@ -31,12 +31,17 @@ repos:
         entry: poetry run black src/normcap src/tests/ package/
         types: [python]
 
-      - id: safety
-        name: safety
+      - id: pip-audit
+        name: pip-audit
         stages: [commit]
         language: system
-        entry: poetry run safety check
-        types: [python]
+        entry:
+          bash -c "poetry run pip-audit --strict -r <(poetry export -f
+          requirements.txt --with dev | sed 's/\[.*\]//g' | sed -z 's/\n\W//g' |
+          uniq )"
+        # First `sed` removes potential "[<extra>]" after package names
+        # Second `sed` removes "\n" in front of "--hash" to get one line per package
+        # Final `uniq` is the used to de-duplicated those lines
         pass_filenames: false
 
       - id: ruff

package/platforms/utils.py

@@ -204,7 +204,7 @@ def patch_file(
 
         Indents the patch like the line after which it is inserted.
         """
-        patch_hash = hashlib.md5(patch.encode()).hexdigest()
+        patch_hash = hashlib.md5(patch.encode()).hexdigest()  # noqa: S324
 
         with open(file_path, encoding="utf8") as f:
             if f.read().find(patch_hash) > -1: