/
.safety-policy-all.yml
160 lines (155 loc) · 7.9 KB
/
.safety-policy-all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Safety policy file
# For documentation, see https://docs.pyup.io/docs/safety-20-policy-file
#
# Generally package vulnerabilites listed in the ignore-vulnerabilities
# list below are there because:
# 1. There is no release that resolves the vulnerability. In this case, there
# should also be an expire entry to remind the pywbem team to recheck
# 2. The required version of a package to resolve the issue is not available
# for all of the python version supported by pywbem. In that case, the
# vulnerability will remain ignored until such time as the versions of
# python that cannot support the required version of the package are no
# longer supported by pywbem.
#
# The way to see python version limitations for package versions
# as defined for pywbem is to filter the file minimum-constraints.txt
# for the package name. Multiple entries for same package name imply
# different minimum versions for different python releases.
# Configuration for the 'safety check' command
security:
# Ignore certain severities.
# A number between 0 and 10, with the following significant values:
# - 9: ignore all vulnerabilities except CRITICAL severity
# - 7: ignore all vulnerabilities except CRITICAL & HIGH severity
# - 4: ignore all vulnerabilities except CRITICAL, HIGH & MEDIUM severity
ignore-cvss-severity-below: 0
# Ignore unknown severities.
# Should be set to False.
ignore-cvss-unknown-severity: False
# List of specific vulnerabilities to ignore.
# {id}: # vulnerability ID
# reason: {text} # optional: Reason for ignoring it. Will be reported in the Safety reports
# expires: {date} # optional: Date when this ignore will expire
ignore-vulnerabilities:
37504:
reason: Fixed Twine version 2.0.0 requires Python>=3.6 and is used there
37765:
reason: psutil, affected <=5.6.5
39525:
reason: jinja2, affected <2.11.3
39606:
reason: Cryptography < 3.3.2, cryptography cannot be upgraded to 3.3.2 on < py35
40072:
reason: Lxml, affected <4.6.3, Only python 3.10+ allows version 4.6.3
40380:
reason: Jupyter Notebook, affected <6.1.5, python 2.7-3.5 limited to older versions
40381:
reason: Jupyter Notebook, affected <6.0.2, python 2.7-3.5 limited to older versions
40383:
reason: Jupyter Notebook, affected <5.7.6, python 2.7-3.5 limited to older versions
40384:
reason: Jupyter Notebook, affected <5.7.6, python 2.7-3.5 limited to older versions
40385:
reason: Jupyter Notebook, affected <5.7.3, python 2.7-3.5 limited to older versions
40386:
reason: Jupyter Notebook, affected <5.4.1, python 2.7-3.5 limited to older versions
42253:
reason: Jupyter Notebook, affected <5.7.1, python 2.7-3.5 limited to older versions
42254:
reason: Jupyter Notebook, affected <5.7.2, python 2.7-3.5 limited to older versions
43366:
reason: Lxml, affected <4.6.5, Only python 3.11 allows version 4.6.5
44634:
reason: IPython, affected <5.11, python 2.7, 3.5, 3.6 limited to older versions
47833:
reason: Fixed Click version 8.0.0 requires Python>=3.6 and is used there
50463:
reason: ipywidgets, affected <8.0.0rc2, python 2.7-3.6 limited to older versions
50571:
reason: dparse, affected <0.5.2, Python 2.7 and 3.5 limited to older versions
50664:
reason: ipywidgets, affected <8.0.0, python 2.7-3.6 limited to older versions
50748:
reason: Lxml, affected <4.9.1, Only python 3.11 allows version 4.9.1
50792:
reason: Nbconvert, affected <6.5.1
51358:
reason: safety, affected <2.2.0, Python 2.7 and 3.5 limited to older versions
51457:
reason: Py package is no longer being fixed (latest version 1.11.0)
53048:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53269:
reason: IPython, affected <8.10.0, python 2.7, 3.5, 3.6 limited to older versions
53298:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53299:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53301:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53302:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53303:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53304:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53305:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53306:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
53307:
reason: Cryptography, affected <39.0.1, python 2.7/3.5 do not support rqd. 39.0.1
54678:
reason: Jupyter Notebook, affected <5.7.8, python 2.7-3.5 limited to older versions
54679:
reason: jinja2, affected <2.10.1
54682:
reason: Jupyter Notebook, affected <5.5.0, python 2.7-3.5 limited to older versions
54684:
reason: Jupyter Notebook, affected <6.4.12, python 2.7-3.5 limited to older versions
54687:
reason: pywin32, affected <301, python 2.7-3.9 limited to older versions
54689:
reason: Jupyter Notebook, affected <5.7.11, python 2.7-3.5 limited to older versions
54713:
reason: Jupyter Notebook, affected <6.4.10, python 2.7-3.5 limited to older versions
54717:
reason: Jupyter Core, affected <4.11.2
59062:
reason: Fixed cryptography version 41.0.0 requires Python>=3.7 and is used there
59071:
reason: Fixed tornado version 6.3.2 requires Python>=3.8 and is used there
59473:
reason: Fixed cryptography version 41.0.2 requires Python>=3.7 and is used there
60223:
reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
60224:
reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
60225:
reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
61949:
reason: Fixed tornado version 6.3.3 requires Python>=3.8 and is used there
62451:
reason: Fixed cryptography version 41.0.4 requires Python>=3.7 and is used there
62452:
reason: Fixed cryptography version 41.0.5 requires Python>=3.7 and is used there
62556:
reason: Fixed cryptography version 41.0.6 requires Python>=3.7 and is used there
62817:
reason: Fixed prompt-toolkit version 3.0.13 requires Python>=3.6 and is used there
64227:
reason: Jinja2, ver 3.1.3 fixes scripting vulnerability, requires Python >= 3.7
65029:
reason: Jupyter-Server, Fixed version 2.7.2 requires Python >= 3.8 and used there
65278:
reason: crypography, Fixed version 42.0.1 requires Python >=3.7 and used there
65358:
reason: Jupyter-Server, Fixed version 2.11.2 requires Python >= 3.8 and used there
65510:
reason: Fixed cryptography version 42.0.0 requires Python>=3.7 and is used there
65581:
reason: Fixed tornado version 6.3.3 requires Python>=3.8 and is used there
65647:
reason: Fixed cryptography version 42.0.5 requires Python>=3.7 and is used there
# Continue with exit code 0 when vulnerabilities are found.
continue-on-vulnerability-error: False