From 408a3248888289221243c668845989033b295c02 Mon Sep 17 00:00:00 2001
From: Teo Zosa <erinzosa@ucla.edu>
Date: Fri, 25 Feb 2022 16:19:48 -0800
Subject: [PATCH] :green_heart: Ignore `numpy` security vulnerability

Fixes
```
poetry run tox -e security --
security create: /Users/TeofiloZosa/Developer/personal/pytudes/.tox/security
security installdeps: safety
security installed: certifi==2021.10.8,charset-normalizer==2.0.12,click==8.0.4,dparse==0.5.1,idna==3.3,packaging==21.3,pyparsing==3.0.7,PyYAML==6.0,requests==2.27.1,safety==1.10.3,toml==0.10.2,urllib3==1.26.8
security run-test-pre: PYTHONHASHSEED='2751242999'
security run-test: commands[0] | safety check --full-report -r /Users/TeofiloZosa/Developer/personal/pytudes/requirements-all.txt
+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
| checked 181 packages, using free DB (updated once a month)                   |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| numpy                      | 1.22.2    | >0                       | 44715    |
+==============================================================================+
| All versions of Numpy are affected by CVE-2021-41495: A null Pointer         |
| Dereference vulnerability exists in numpy.sort, in the PyArray_DescrNew      |
| function due to missing return-value validation, which allows attackers to   |
| conduct DoS attacks by repetitively creating sort arrays.                    |
| https://github.com/numpy/numpy/issues/19038                                  |
+==============================================================================+
ERROR: InvocationError for command /Users/TeofiloZosa/Developer/personal/pytudes/.tox/security/bin/safety check --full-report -r requirements-all.txt (exited with code 255) (exited with code 255)
_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ summary _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
ERROR:   security: commands failed
make[1]: *** [tox-security] Error 1
make: *** [scan-dependencies] Error 2
```
---
 tox.ini | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 5a0e0938..3057ea63 100644
--- a/tox.ini
+++ b/tox.ini
@@ -87,4 +87,8 @@ commands = pre-commit run {posargs} -vv --all-files --color always
 [testenv:security]
 skip_install = true
 deps = safety
-commands = safety check --full-report -r {toxinidir}/requirements-all.txt
+commands =
+    safety check \
+        --ignore=44715 \
+        --full-report \
+        -r {toxinidir}/requirements-all.txt