Skip to content

Commit

Permalink
🔒 Temporarily ignore CVE-2022-42969
Browse files Browse the repository at this point in the history 
Must remove dependence on transitive dependencies:
```
❯ poetry show py
name         : py
version      : 1.11.0
description  : library with cross-python path, ini-parsing, io, code, log facilities

required by
- pytest-forked *
- pyzmq *
- tox >=1.4.17
```

Note:
  - `pytest-forked` removed as of tox `3.0.0`
  - tox does not use affected part of the library, and 4.0 will remove
  py dependency completely.
  • Loading branch information
@TeoZosa
TeoZosa committed Nov 26, 2022
1 parent e5191d0 commit 479a988
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion tox.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,4 +91,5 @@ wheel = {[base_configs]wheel}
[testenv:security]
skip_install = true
deps = safety
commands = safety check --full-report -r {toxinidir}/requirements-all.txt
commands = safety check --full-report -r {toxinidir}/requirements-all.txt \
--ignore=51457 # CVE-2022-42969

0 comments on commit 479a988

Please sign in to comment.