Merge pull request #517 from rstudio/mm-snyk

Update for Snyk

Author: mmarchetti

.github/workflows/snyk.yml

@@ -38,12 +38,9 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install -e '.[test]'
+          pip install -r requirements.txt
 
       - uses: snyk/actions/setup@master
 
-      - name: Run Snyk (setup.py)
-        run: snyk monitor --file="setup.py" --package-manager=pip --project-name="setup.py" --org=${{ env.SNYK_ORG }}
-
       - name: Run Snyk (requirements.txt)
         run: snyk monitor --file="requirements.txt" --package-manager=pip --project-name="requirements.txt" --org=${{ env.SNYK_ORG }}

requirements.txt

@@ -0,0 +1,34 @@
+# This file is just for Snyk scanning,
+# because it doesn't understand pyproject.toml
+# unless it uses Poetry.
+# https://github.com/snyk/snyk-python-plugin/issues/147
+
+# build-system.requires
+setuptools>=61
+setuptools_scm[toml]>=3.4
+wheel
+
+# project.dependencies
+six>=1.14.0
+click>=7.0.0
+pip>=10.0.0
+semver>=2.0.0,<3.0.0
+pyjwt>=2.4.0
+black==22.3.0
+
+# project.optional-dependencies.test
+coverage
+flake8-pyproject
+flake8
+httpretty
+ipykernel
+mypy
+nbconvert
+pytest-cov
+pytest-mypy
+pytest
+setuptools_scm[toml]
+twine
+types-click
+types-Flask
+types-six