Skip to content
This repository has been archived by the owner on Feb 17, 2021. It is now read-only.

Commit

Permalink
Merge pull request #282 from staticdev/safety-ignore-tornado-vulnerab…
Browse files Browse the repository at this point in the history 
…ility

Ignore CVE-2020-28476 affecting tornado
  • Loading branch information
Thiago C. D'Ávila authored Feb 3, 2021
2 parents 04d18fe + e924811 commit 59ff202
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion noxfile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,9 @@ def safety(session: Session) -> None:
"""Scan dependencies for insecure packages."""
session.install("safety")
requirements = nox_poetry.export_requirements(session)
session.run("safety", "check", f"--file={requirements}", "--bare")
# Ignore CVE-2020-28476 affecting all versions of tornado
# https://github.com/tornadoweb/tornado/issues/2981
session.run("safety", "check", f"--file={requirements}", "--bare", "--ignore=39462")


@nox.session(python=python_versions)
Expand Down

0 comments on commit 59ff202

Please sign in to comment.