ignore CVE-2019-8341. it is disputed and should not impact users

lyz-code · Jul 11, 2024 · 950d2a3 · 950d2a3
1 parent b17c466
commit 950d2a3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 43 deletions.
diff --git a/.safety-policy.yml b/.safety-policy.yml
diff --git a/Makefile b/Makefile
@@ -224,7 +224,10 @@ security:
 	@echo "- Testing security -"
 	@echo "--------------------"
 
-	pdm run safety scan
+	# Ignoring 70612 (CVE-2019-8341). It is disputed and no fix is apparent, and
+	# the related dependencies are only used at dev time so do not present as
+	# great a risk to users of autoimport.
+	pdm run safety check --ignore 70612
 	@echo ""
 	pdm run bandit -r src