Use standard python lockfiles
Problem to solve
We currently use our own format for dependencies on Python, that is deps.yaml
and sources.yaml
from makes.
This forces us to support more complex flows and not benefit from Skims SCA.
Makes now supports a new makePythonEnvironment
that directly supports standard poetry.lock
lockfiles, let's migrate to that.
Intended users
Devs
Permissions and Security
N/A
Proposal
Migrate everything to makePythonEnvironment
and poetry.lock
.
Test plan
N/A
Steps
-
Make sure that the code contributions checklist has been followed.
What does success look like, and how can we measure that?
-
Everything migrated to makePythonEnvironment
-
All Python projects use pyproject.toml
andpoetry.lock
-
Skims successfully parses and reports over poetry.lock
files on both Universe and Makes
Links / references
Edited by Daniel Salazar