From 9f7b56e1fb2d09dc7d14f78d117617fccb9ce5ec Mon Sep 17 00:00:00 2001 From: Nikita Sobolev Date: Mon, 15 Apr 2024 01:38:28 +0300 Subject: [PATCH] Ignore `bandit`'s CVE reported by `safety` It is a dev-dependency and there's no real vulnerability. This is why a job in my CI fails: https://github.com/PyCQA/isort/pull/2241 Link to CVE: https://data.safetycli.com/v/64484/f17 Or you can bump `bandit` to 1.7.8: https://pypi.org/project/bandit/1.7.8/ --- scripts/lint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lint.sh b/scripts/lint.sh index c85e7a63..0d27986f 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -7,5 +7,5 @@ poetry run black --target-version py38 --check . poetry run isort --profile hug --check --diff isort/ tests/ poetry run isort --profile hug --check --diff example_*/ poetry run flake8 isort/ tests/ -poetry run safety check -i 51457 -i 59587 # https://github.com/tiangolo/typer/discussions/674 +poetry run safety check -i 51457 -i 59587 -i 64484 # https://github.com/tiangolo/typer/discussions/674 poetry run bandit -r isort/ -x isort/_vendored