Ruff: Address migrations, reduce redundancy, and remove Flake8

[Maffooch]

Addresses the following:

• Update our ruff.toml to rename TRIO to ASYNC (per their migration blog post)
• Update the renovate config to ignore the the requirements-lint.txt file to prevent duplicate PRs from renovate and dependabot
• Remove flake8 GHAs as we are now using ruff, and then simplify the ruff lint GHA

[sc-6758]

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request focus on updates to the configuration of the GitHub Actions workflow for the Ruff linter, the Ruff linter configuration file, and the Renovate bot configuration. From an application security perspective, these changes are generally positive and do not introduce any obvious security vulnerabilities.

The key security-related changes include the removal of the pull_request_target event trigger in the GitHub Actions workflow, which is a security improvement, and the exclusion of certain dependencies from automatic updates by the Renovate bot, which can help maintain control over dependencies with a higher risk profile.

While these changes do not directly address security vulnerabilities, they demonstrate a security-conscious approach to managing the project's development and dependency management processes. It's important to continue reviewing the project's dependencies and their security implications on a regular basis to ensure the overall security posture of the application.

Files Changed:

1. .github/workflows/ruff.yml:

   • Removed the pull_request_target event trigger and added the pull_request event trigger, which is a security improvement.
   • Simplified the conditional logic for checking out the code, making the workflow easier to understand and maintain.

2. ruff.toml:

   • Removed the "TRIO" rule from the select list in the [lint] section, indicating that the project is no longer using the trio library.
   • The Ruff configuration file can be used to enable security-focused linting rules, which should be reviewed to ensure appropriate security checks are in place.

3. .github/renovate.json:

   • Updated the ignorePaths section to exclude certain files and directories from automatic updates.
   • Added the ignoreDeps section to exclude the mysql and rabbitmq dependencies from automatic updates, which may be a security-conscious decision.
   • Configured the commitMessageExtra and commitMessageSuffix options to provide more detailed information in the commit messages generated by Renovate.
   • Added the registryAliases section to use a different registry URL for the bitnami package source.

Powered by DryRun Security

[mtesauro]

Approved