Merge pull request #156575 from fabaff/bump-checkov

checkov: 2.0.752 -> 2.0.753

pkgs/development/tools/analysis/checkov/default.nix

@@ -22,13 +22,13 @@ with py.pkgs;
 
 buildPythonApplication rec {
   pname = "checkov";
-  version = "2.0.727";
+  version = "2.0.753";
 
   src = fetchFromGitHub {
     owner = "bridgecrewio";
     repo = pname;
     rev = version;
-    hash = "sha256-hegbkmM8ZN6zO2iANGRr2QRW3ErdtwYaTo618uELev0=";
+    hash = "sha256-6CBe4BuztW3EoLWqGmuRmWfVfb1gP5cPEzYnyBtPEsE=";
   };
 
   nativeBuildInputs = with py.pkgs; [
@@ -60,6 +60,7 @@ buildPythonApplication rec {
     networkx
     packaging
     policyuniverse
+    prettytable
     pyyaml
     semantic-version
     tabulate
@@ -71,7 +72,6 @@ buildPythonApplication rec {
 
   checkInputs = with py.pkgs; [
     aioresponses
-    jsonschema
     mock
     pytest-asyncio
     pytest-mock
@@ -81,8 +81,11 @@ buildPythonApplication rec {
 
   postPatch = ''
     substituteInPlace setup.py \
-      --replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" \
+      --replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0"
-      --replace "jsonschema==3.0.2" "jsonschema>=3.0.2"
+  '';
+
+  preCheck = ''
+    export HOME=$(mktemp -d);
   '';
 
   disabledTests = [
@@ -92,6 +95,9 @@ buildPythonApplication rec {
     "TestSarifReport"
     # Will probably be fixed in one of the next releases
     "test_valid_cyclonedx_bom"
+    # Requires prettytable release which is only available in staging
+    "test_skipped_check_exists"
+    "test_record_relative_path_with_relative_dir"
   ];
 
   disabledTestPaths = [
@@ -101,6 +107,9 @@ buildPythonApplication rec {
     "tests/terraform/"
     # Performance tests have no value for us
     "performance_tests/test_checkov_performance.py"
+    # Requires prettytable release which is only available in staging
+    "tests/sca_package/"
+    "tests/test_runner_filter.py"
   ];
 
   pythonImportsCheck = [