iam-sayco
commented
1 month ago +1
I have the same feelings about it. We have a dev dependency moto which has its sub-dependency outdated.
And it's causing our pipelines to fail, but the dev environment shouldn't block us.
I would be happy to see the ignore-group option to prevent certain groups from being audited.
Currently dependencies from dev and other optional poetry groups are included in poetry audit output and there does not seem to be a way to remove them.
I discovered this when I added pytest as an optional dev dependency to my project. I think poetry-audit should either ignore extra dependency groups by default or provide an option to do so like poetry show does:
--without=dev