.safety-policy-install.yml

# Safety policy file for packages needed for installation
# For documentation, see https://docs.pyup.io/docs/safety-20-policy-file

# Configuration for the 'safety check' command
security:

    # Ignore certain severities.
    # A number between 0 and 10, with the following significant values:
    # - 9: ignore all vulnerabilities except CRITICAL severity
    # - 7: ignore all vulnerabilities except CRITICAL & HIGH severity
    # - 4: ignore all vulnerabilities except CRITICAL, HIGH & MEDIUM severity
    ignore-cvss-severity-below: 0

    # Ignore unknown severities.
    # Should be set to False.
    ignore-cvss-unknown-severity: False

    # List of specific vulnerabilities to ignore.
    # {id}:                 # vulnerability ID
    #     reason: {text}    # optional: Reason for ignoring it. Will be reported in the Safety reports
    #     expires: {date}   # optional: Date when this ignore will expire
    ignore-vulnerabilities:
        38932:
            reason: Fixed cryptography version requires Python>=3.6 and is used there
        39252:
            reason: Fixed cryptography version 3.3 requires Python=2.7 or Python>=3.6 and is used there
        39525:
            reason: Fixed Jinja2 version is not used by Ansible sanity test
        39606:
            reason: Fixed cryptography version requires Python==2.7 or Python>=3.6 and is used there
        39611:
            reason: PyYAML full_load method or FullLoader is not used
        40291:
            reason: Fixed Pip version requires Python>=3.6 and is used there
        42559:
            reason: Fixed Pip version requires Python>=3.6 and is used there; Pip is not shipped with this package
        42923:
            reason: Fixed Ansible version is stated to be 0
        43975:
            reason: Fixed Urllib3 versions are excluded by requests
        51499:
            reason: Fixed Wheel version requires Python>=3.7 and is used there; Risk is on Pypi side
        52495:
            reason: Fixed Setuptools version requires Python>=3.7 and is used there; Risk is on Pypi side
        53048:
            reason: Fixed cryptography version requires Python>=3.6 and is used there
        53298:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53299:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53301:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53302:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53303:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53304:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53305:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53306:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        53307:
            reason: Fixed cryptography version 39.0.1 requires Python>=3.7 (fails on 3.6) and is used there
        54219:
            reason: Fixed ansible version is 2.10.0, but need to support ansible 2.9
        54229:
            reason: Not yet fixed in any ansible version, but need to support ansible 2.9
        54230:
            reason: Not yet fixed in any ansible version, but need to support ansible 2.9
        54564:
            reason: Fixed ansible version is 7.0.0, but need to support ansible 2.9
        58755:
            reason: Fixed requests version 2.31.0 requires Python>=3.7 and is used there
        59062:
            reason: Fixed cryptography version 41.0.0 requires Python>=3.7 and is used there
        59473:
            reason: Fixed cryptography version 41.0.2 requires Python>=3.7 and is used there
        59956:
            reason: Fixed certifi version 2023.07.22 requires Python>=3.6 and is used there
        60223:
            reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
        60224:
            reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
        60225:
            reason: Fixed cryptography version 41.0.3 requires Python>=3.7 and is used there
        61601:
            reason: Fixed urllib3 version 1.26.17 requires Python>=3.6 and is used there
        61893:
            reason: Fixed urllib3 version 1.26.18 requires Python>=3.6 and is used there
        62044:
            reason: Fixed pip version 23.3 requires Python>=3.7 and is used there
        62451:
            reason: Fixed cryptography version 41.0.4 requires Python>=3.7 and is used there
        62452:
            reason: Fixed cryptography version 41.0.5 requires Python>=3.7 and is used there
        62556:
            reason: Fixed cryptography version 41.0.6 requires Python>=3.7 and is used there
        63066:
            reason: Fixed ansible-core version 2.15.8 requires Python>=3.9 and is used on Python>=3.12
        64227:
            reason: Fixed Jinja2 version 3.1.3 requires Python>=3.7 and is used on Python>=3.8
        65278:
            reason: Fixed cryptography version 42.0.0 requires Python>=3.7 and is used there

    # Continue with exit code 0 when vulnerabilities are found.
    continue-on-vulnerability-error: False