fix: use pip freeze to verify what's actually installed and then run safety on a clean environment

nshalabh · nshalabh · commit 0f66acc5d4f0 · 2025-11-10T13:16:15.000-06:00
diff --git a/.github/workflows/safety.yml b/.github/workflows/safety.yml
@@ -45,10 +45,13 @@ jobs:
       #----------------------------------------------
       # Run Safety scan
       #----------------------------------------------
+      - name: Verify installed packages
+        run: |
+          poetry run pip list | grep -E "black|urllib3"
       - name: Safety scan
-        # continue-on-error: true
         env:
           API_KEY: ${{secrets.SAFETY_API_KEY}}
         run: |
           poetry run pip install safety
-          poetry run safety check || echo "Safety check completed with known vulnerabilities that are being addressed"
+          poetry run pip freeze > requirements-freeze.txt
+          poetry run safety check --file requirements-freeze.txt --ignore=66742 --ignore=77744
