Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ignoring jinja2 vulnerability ID #505

Merged
merged 1 commit into from
Jun 12, 2024
Merged

fix: ignoring jinja2 vulnerability ID #505

merged 1 commit into from
Jun 12, 2024

Conversation

clatapie
Copy link
Contributor

jinja2 is a required dependency for the check-vulnerability.py scripts.
Due to jinja2 safety result, the check-vulnerabilities action is failing.

@clatapie clatapie self-assigned this Jun 12, 2024
@clatapie clatapie requested a review from a team as a code owner June 12, 2024 14:36
@ansys-reviewer-bot
Copy link
Contributor

Thanks for opening a Pull Request. If you want to perform a review write a comment saying:

@ansys-reviewer-bot review

@github-actions github-actions bot added the maintenance Generic maintenance related label Jun 12, 2024
@clatapie clatapie changed the title maint: ignoring jinja vulnerability ID fix: ignoring jinja vulnerability ID Jun 12, 2024
@clatapie clatapie changed the title fix: ignoring jinja vulnerability ID fix: ignoring jinja2 vulnerability ID Jun 12, 2024
@clatapie clatapie enabled auto-merge (squash) June 12, 2024 14:43
jorgepiloto
jorgepiloto approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@jorgepiloto jorgepiloto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great if we could add links or comments at some point for each number.

@clatapie clatapie merged commit 7419c6d into main Jun 12, 2024
16 checks passed
@clatapie clatapie deleted the maint/ignoring_jinja_vulnerability_id branch June 12, 2024 14:45
@SMoraisAnsys
Copy link
Contributor

@jorgepiloto Yeah, I do agree (that would also help to know when new releases patch the issues)
For the one added : https://data.safetycli.com/v/70612/97c/ and it affects versions >= 0
image

@clatapie
Copy link
Contributor Author

@jorgepiloto, as it's a .txt file, it should not be a problem indeed

@RobPasMue
Copy link
Member

Links are available in the rendered docs: https://actions.docs.ansys.com/version/dev/vulnerability-actions/index.html
Search for "Accepted safety vulnerabilities"

Comments would be fine too for explaining why we are ignoring it

@clatapie
Copy link
Contributor Author

Comments have been added in #506.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SMoraisAnsys SMoraisAnsys SMoraisAnsys approved these changes

@jorgepiloto jorgepiloto jorgepiloto approved these changes

Assignees

@clatapie clatapie

Labels
maintenance Generic maintenance related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@clatapie @SMoraisAnsys @RobPasMue @jorgepiloto