Skip to content

Commit

Permalink
Ignore bandit's CVE reported by safety
Browse files Browse the repository at this point in the history
It is a dev-dependency and there's no real vulnerability.
This is why a job in my CI fails: PyCQA#2241

Link to CVE: https://data.safetycli.com/v/64484/f17

Or you can bump `bandit` to 1.7.8: https://pypi.org/project/bandit/1.7.8/
  • Loading branch information
sobolevn authored Apr 14, 2024
1 parent 7de1829 commit 9f7b56e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion scripts/lint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ poetry run black --target-version py38 --check .
poetry run isort --profile hug --check --diff isort/ tests/
poetry run isort --profile hug --check --diff example_*/
poetry run flake8 isort/ tests/
poetry run safety check -i 51457 -i 59587 # https://github.com/tiangolo/typer/discussions/674
poetry run safety check -i 51457 -i 59587 -i 64484 # https://github.com/tiangolo/typer/discussions/674
poetry run bandit -r isort/ -x isort/_vendored

0 comments on commit 9f7b56e

Please sign in to comment.