darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-10 15:13:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

Updated pip-audit ignore-vulns

Browse Source 
This changeset updates the PYSEC notices to ignore to due versions that either cannot be fixed or are false positives.  Specifically, this changeset removes previously ignored vulnerability reports and adds PYSEC-2023-312 to the list because it is a false positive and refers to Redis itself, not the Python Redis client (see https://github.com/pypa/advisory-database/issues/237 for details).

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
2025-05-28 17:37:04 -04:00
parent e950e87ded
commit ba0daeaf76
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/checks.yml vendored
View File

@@ -144,8 +144,7 @@ jobs:
with:
inputs: requirements.txt
ignore-vulns: |
PYSEC-2024-60
PYSEC-2022-43162
PYSEC-2023-312
- name: Run npm audit
run: make npm-audit

2
.github/workflows/daily_checks.yml vendored
View File

@@ -29,6 +29,8 @@ jobs:
- uses: pypa/gh-action-pip-audit@v1.1.0
with:
inputs: requirements.txt
ignore-vulns: |
PYSEC-2023-312
- name: Run npm audit
run: make npm-audit