mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-31 04:41:56 -05:00
Updated dependencies and ignore gunicorn audit flag
This changeset updates a couple of dependencies, including our Python dependency audit check, and specifically ignores a gunicorn audit flag that appeared on 4/16/2024. As soon as there is an update available for gunicorn that addresses the issue we will remove the flag to ignore the vulnerability report and update the dependency. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
4
.github/workflows/checks.yml
vendored
4
.github/workflows/checks.yml
vendored
@@ -86,9 +86,11 @@ jobs:
|
||||
- uses: ./.github/actions/setup-project
|
||||
- name: Create requirements.txt
|
||||
run: poetry export --without-hashes --format=requirements.txt > requirements.txt
|
||||
- uses: pypa/gh-action-pip-audit@v1.0.6
|
||||
- uses: pypa/gh-action-pip-audit@v1.0.8
|
||||
with:
|
||||
inputs: requirements.txt
|
||||
ignore-vulns: |
|
||||
GHSA-w3h3-4rj7-4ph4
|
||||
|
||||
static-scan:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
Reference in New Issue
Block a user