From ba0daeaf7643ac77824faff3eb4f2b42130f0684 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 28 May 2025 17:37:04 -0400 Subject: [PATCH] Updated pip-audit ignore-vulns This changeset updates the PYSEC notices to ignore to due versions that either cannot be fixed or are false positives. Specifically, this changeset removes previously ignored vulnerability reports and adds PYSEC-2023-312 to the list because it is a false positive and refers to Redis itself, not the Python Redis client (see https://github.com/pypa/advisory-database/issues/237 for details). Signed-off-by: Carlo Costino --- .github/workflows/checks.yml | 3 +-- .github/workflows/daily_checks.yml | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 17de8332f..3f74ff3fb 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -144,8 +144,7 @@ jobs: with: inputs: requirements.txt ignore-vulns: | - PYSEC-2024-60 - PYSEC-2022-43162 + PYSEC-2023-312 - name: Run npm audit run: make npm-audit diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml index c2d3082a3..f5835f492 100644 --- a/.github/workflows/daily_checks.yml +++ b/.github/workflows/daily_checks.yml @@ -29,6 +29,8 @@ jobs: - uses: pypa/gh-action-pip-audit@v1.1.0 with: inputs: requirements.txt + ignore-vulns: | + PYSEC-2023-312 - name: Run npm audit run: make npm-audit