Merge pull request #2438 from cisagov/2430-failing-github-actions-che…

…ck-check-for-vulnerabilities-backend_python-push

Set snyk and safety to suppress scrapy vulnerability until 2024-06-01.

backend/.snyk

@@ -5,9 +5,9 @@ version: v1.22.1
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 
 ignore: 
-    # ignore scrapy 2.9.0 for 6 months.
+    # ignore scrapy 2.x.x for 6 months.
     SNYK-PYTHON-SCRAPY-40690: 
         - '*':
-            reason: No fix available for version 2.9.x
-            expires: 2023-11-01T00:00:00.000Z
+            reason: No fix available up to version 2.11.0
+            expires: 2024-06-01T00:00:00.000Z
 patch: {}

backend/worker/.safety-policy.yml

@@ -8,7 +8,7 @@ security: # configuration for the `safety check` command
   ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False.
   ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period)
     # We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore.
-    54672: # Vulnerability found in scrapy version 2.9.0
+    54672: # Vulnerability found in scrapy version >= 0.7
       reason: No fix currently available # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports
-      expires: '2023-11-01' # We will revisit for a fix in 6 months.
+      expires: '2024-06-01' # We will revisit for a fix in 6 months.
   continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities. We recommend you set this to False.