Tox Security Fix (#1242)

* checkpoint

* safety ignore

* update python matrix for data checks

* downloading census once

.github/workflows/data-checks.yml

@@ -2,7 +2,7 @@
 name: Data Checks
 on:
   pull_request:
-    branches: [ main ]  # runs on any PR against main
+    branches: [main] # runs on any PR against main
     paths:
       - "data/**"
 jobs:
@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         # checks all of the versions allowed in pyproject.toml
-        python-version: [3.7, 3.8, 3.9]
+        python-version: [3.8, 3.9]
     steps:
       # installs python
       # one execution of the tests per version listed above

.github/workflows/score-checks.yml

@@ -42,4 +42,4 @@ jobs:
           poetry run python3 data_pipeline/application.py generate-score-post -s aws
       - name: Generate Score Geo
         run: |
-          poetry run python3 data_pipeline/application.py geo-score -s aws
+          poetry run python3 data_pipeline/application.py geo-score

data/data-pipeline/pyproject.toml

@@ -13,10 +13,10 @@ ipython = "^7.31.1"
 jupyter = "^1.0.0"
 jupyter-contrib-nbextensions = "^0.5.1"
 matplotlib = "^3.4.2"
-numpy = "^1.21.0"
+numpy = "^1.22.1"
 pandas = "^1.2.5"
 pillow = "9.0.0"
-python = "^3.7.1"
+python = "^3.8"
 pypandoc = "^1.6.3"
 requests = "^2.25.1"
 tqdm = "4.62.0"

data/data-pipeline/tox.ini

@@ -1,7 +1,7 @@
 [tox]
 # required because we use pyproject.toml
 isolated_build = true
-envlist = py37, py38, py39, lint, checkdeps, pytest
+envlist = py38, py39, lint, checkdeps, pytest
 # only checks python versions installed locally
 skip_missing_interpreters = true
 
@@ -14,7 +14,7 @@ commands = black data_pipeline
 [testenv:checkdeps]
 # checks the dependencies for security vulnerabilities and open source licenses
 allowlist_externals = bash
-commands = safety check
+commands = safety check --ignore 44715  # known issue: https://github.com/pyupio/safety/issues/364
            bash scripts/run-liccheck.sh
 
 [testenv:pytest]