Bump the pip group across 1 directory with 2 updates #124

	name: Snyk Security

	on:
	push:
	branches: ["main" ]
	pull_request:

	permissions:
	contents: read

	jobs:
	snyk:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v3

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: "3.11"

	- name: Set up Snyk CLI to check for security issues
	# Snyk can be used to break the build when it detects security issues.
	# In this case we want to upload the SAST issues to GitHub Code Scanning
	uses: snyk/actions/setup@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Install and configure Poetry
	uses: snok/install-poetry@v1

	- name: Install dependencies
	run: \|
	poetry install

	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/python-3.10@master
	continue-on-error: true # To make sure that SARIF upload gets called
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	args: --skip-unresolved --severity-threshold=high --sarif-file-output=snyk.sarif
	command: test --all-projects

	# - name: Upload result to GitHub Code Scanning
	# uses: github/codeql-action/upload-sarif@v2
	# with:
	# sarif_file: snyk.sarif

Provide feedback