"safety" has identified security vulnerability in all 5.x versions released so far

[ramittal]

Describe the bug
Report from "safety"

| package | installed | affected | ID |
+============================+===========+==========================+==========+
| coverage | 5.5 | <6.0b1 | 41002 |
+==============================================================================+
| Coverage 6.0b1 starts to use a modern hash algorithm (sha256) when fingerprinting for high-security environments. |
+==============================================================================+

To Reproduce
How can we reproduce the problem? Include coverage project in any python code and run safety. We use poetry and have dependency defined listed below.

Answer the questions below:

1. What version of Python are you using? 3.7

2. What version of coverage.py are you using? 5.5

3. What versions of what packages do you have installed? Listed below

4. What code are you running? private repo, just running

5. What commands did you run?
   safety check --full-report
   Above command fails, while ignoring 41002 (like below) passes
   safety check --full-report -I 41002

Expected behavior
We should not have to ignore 41002 vulnerability identified by safety and it should succeed. This appears to be security issue identified due to old hashing algorithm used.

Additional context
Reporting, with request to release the secure version of the package soon.

Poetry dependency defined:
[tool.poetry.dependencies]
click = "^7.0"
python = "^3.7"
python-dateutil = "^2.8.1"

[tool.poetry.dev-dependencies]
black = "^19.10b0"
coverage = {extras = ["toml"], version = "^5.0.3"}
darglint = "^1.1.3"
flake8 = "^3.7.9"
flake8-annotations = "^2.0.0"
flake8-bandit = "^2.1.2"
flake8-docstrings = "^1.5.0"
flake8-isort = "^2.8.0"
isort = "^4.3.21"
numpy = "^1.19.1"
pytest = "^5.2"
pytest-cov = "^2.8.1"
pytype = "^2020.2"
safety = "^1.9.0"
sphinx = "^3.0.4"
sphinx-click = "^2.7.1"
sphinx-autodoc-typehints = "^1.10.3"
sphinx-rtd-theme = "^0.5.0"
testfixtures = "^6.14.0"
xarray = "^0.16.1"
xdoctest = "^0.11.0"

Packages installed:

• Installing greenlet (1.1.0)
• Installing h11 (0.12.0)
• Installing sniffio (1.2.0)
• Installing typing-extensions (3.10.0.0)
• Installing httpcore (0.12.3)
• Installing pydantic (1.8.2)
• Installing rfc3986 (1.5.0)
• Installing sqlalchemy (1.4.22)
• Installing db-tools-core (1.4.1)
• Installing httpx (0.17.1)
• Installing markupsafe (2.0.1)
• Installing numpy (1.19.5)
• Installing psutil (5.8.0)
• Installing pytz (2021.1)
• Installing tenacity (7.0.0)
• Installing alabaster (0.7.12)
• Installing babel (2.9.1)
• Installing cached-property (1.5.2)
• Installing docutils (0.16)
• Installing imagesize (1.2.0)
• Installing jinja2 (3.0.1)
• Installing locket (0.2.1)
• Installing memory-profiler (0.58.0)
• Updating packaging (20.9 -> 21.0)
• Installing pandas (1.1.5)
• Installing pygments (2.9.0)
• Installing pymysql (1.0.2)
• Installing snowballstemmer (2.1.0)
• Installing sphinxcontrib-applehelp (1.0.2)
• Installing sphinxcontrib-devhelp (1.0.2)
• Installing sphinxcontrib-htmlhelp (2.0.0)
• Installing sphinxcontrib-jsmath (1.0.1)
• Installing sphinxcontrib-qthelp (1.0.3)
• Installing sphinxcontrib-serializinghtml (1.1.5)
• Installing toolz (0.11.1)
• Installing attrs (21.2.0)
• Installing cftime (1.5.0)
• Installing cloudpickle (1.6.0)
• Installing fsspec (2021.7.0)
• Installing influxdb (5.3.1)
• Installing numexpr (2.7.3)
• Installing pluggy (0.13.1)
• Installing more-itertools (8.8.0)
• Installing scipy (1.6.1)
• Installing test-support (0.1.3)
• Installing py (1.10.0)
• Installing structlog (20.2.0)
• Installing sphinx (3.5.4)
• Installing partd (1.2.0)
• Installing wcwidth (0.2.5)
• Installing asv (0.4.2)
• Installing core-maths (0.0.10)
• Installing dask (2021.7.2)
• Installing future (0.18.2)
• Installing h5py (2.10.0)
• Installing parse (1.19.0)
• Installing redis (3.5.3)
• Installing sphinx-rtd-theme (0.5.2)
• Installing tables (3.6.1)
• Installing pydoe (0.3.8)
• Installing smmap (4.0.0)
• Installing netcdf4 (1.5.7)
• Installing pytest (5.4.3)
• Installing xarray (0.16.2)
• Installing dataframe-io (1.0.5)
• Installing frozendict (1.2)
• Installing gitdb (4.0.7)
• Installing pycodestyle (2.7.0)
• Installing mccabe (0.6.1)
• Installing pyflakes (2.3.1)
• Installing pbr (5.6.0)
• Installing flake8 (3.9.2)
• Installing gitpython (3.1.20)
• Installing networkx (2.6.2)
• Installing stevedore (3.3.0)
• Installing toml (0.10.2)
• Installing transforms (1.1.1)
• Installing appdirs (1.4.4)
• Installing bandit (1.7.0)
• Installing configargparse (1.5.1)
• Installing dparse (0.5.1)
• Installing coverage (5.5)
• Installing flake8-polyfill (1.0.2)
• Installing importlab (0.6.1)
• Installing isort (4.3.21)
• Installing ninja (1.10.2)
• Installing pydocstyle (6.1.1)
• Installing regex (2021.7.6)
• Installing pathspec (0.9.0)
• Installing python-json-logger (2.0.2)
• Installing tabulate (0.8.9)
• Installing tblib (1.7.0)
• Installing testfixtures (6.18.0)
• Installing typed-ast (1.4.3)
• Installing black (19.10b0)
• Installing darglint (1.8.0)
• Installing flake8-annotations (2.6.2)
• Installing flake8-bandit (2.1.2)
• Installing flake8-docstrings (1.6.0)
• Installing flake8-isort (2.9.1)
• Installing pytest-cov (2.12.1)
• Installing safety (1.10.3)
• Installing pytype (2020.2.6)
• Installing sphinx-autodoc-typehints (1.12.0)
• Installing xdoctest (0.11.0)
• Installing sphinx-click (2.7.1)

[nedbat]

This is a duplicate of #1198. Please express your displeasure to the "safety" team, who did not bother to ask me about this.