Temporarily ignore safety check for pyca/cryptography

This ignores the safety check failure for CVE-2018-10903. As the flaw is in AES-GCM (SecureDrop app server does not make use of AES-GCM), and that updating the dependency may require updating to Xenial or potentially introducing further risk, let's set safety to (temporarily) ignore this vulnerability. See issue #3677 for more information.
freedomofpress · Aug 1, 2018 · 6ba90da · 6ba90da
1 parent 7854621
commit 6ba90da
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -111,7 +111,7 @@ build-debs: ## Builds and tests debian packages
 safety: ## Runs `safety check` to check python dependencies for vulnerabilities
 	@for req_file in `find . -type f -name '*requirements.txt'`; do \
 		echo "Checking file $$req_file" \
-		&& safety check --full-report -r $$req_file \
+		&& safety check --ignore 36351 --full-report -r $$req_file \
 		&& echo -e '\n' \
 		|| exit 1; \
 	done