Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added ignore for safety alert 62044 #7039

Merged
merged 1 commit into from
Oct 27, 2023
Merged

Added ignore for safety alert 62044 #7039

merged 1 commit into from
Oct 27, 2023

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Ready for review

Description of Changes

This alert affects pip >23.3 and involves a possible exploit when downloading packages from a mercurial repo. We don't do that, so it's safe to ignore this in development requirements files.

(This is not yet failing in make safety, but will once the public db is updated. Centralised check is failing already.)

Testing

  • CI is passing
  • make safety passes locally
  • logic for adding the ignore looks sound

@zenmonkeykstop
Added ignore for safety alert 62044
2f27bdb 
This alert affects pip >23.3 and involves a possible exploit when downloading
packages from a mercurial repo. We don't do that, so it's safe to ignore this
in development requirements files
@zenmonkeykstop zenmonkeykstop requested a review from a team as a code owner October 27, 2023 14:53
@codecov-commenter
Copy link

We're currently processing your upload. This comment will be updated when the results are available.

@legoktm legoktm merged commit 881b08a into develop Oct 27, 2023
12 checks passed
@legoktm legoktm deleted the safety-ignore-62044 branch October 27, 2023 15:28
@legoktm legoktm mentioned this pull request Oct 27, 2023
Merged
3 tasks
legoktm added a commit to freedomofpress/fpf-misc-resources that referenced this pull request Oct 30, 2023
@legoktm
Ignore CVE-2023-5752 in pip, we don't install from hg repos
64327c0 
Already suppressed in <freedomofpress/securedrop#7039>.
legoktm added a commit to freedomofpress/fpf-misc-resources that referenced this pull request Oct 30, 2023
@legoktm
Ignore CVE-2023-5752 in pip, we don't install from hg repos
782f368 
Already suppressed in <freedomofpress/securedrop#7039>.
@legoktm legoktm mentioned this pull request Oct 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legoktm legoktm legoktm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zenmonkeykstop @codecov-commenter @legoktm