Skip to content

Commit

Permalink
safety: Ignore pillow 6.2.2 vulnerabilities
Browse files Browse the repository at this point in the history
These are vulnerabilities related to processing of malicious images,
and since we don't expose image uploading to 3rd parties on this site,
somewhat reasonable to ignore.

There is no planned 6.2.3 release of pillow to fix this (see
python-pillow/Pillow#4750) and wagtail 2.7.x
requires this as of today.  Possibly the 2.7 branch of wagail will
relax this requirement, but until then I think it's best to ignore
these.
  • Loading branch information
chigby committed Jul 7, 2020
1 parent c69fbf5 commit 231b6e1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities
pip install --upgrade safety && \
for req_file in `find . -type f -name '*requirements.txt'`; do \
echo "Checking file $$req_file" \
&& safety check --full-report -r $$req_file \
&& safety check --full-report --ignore=38449 --ignore=38450 --ignore=38451 --ignore=38452 -r $$req_file \
&& echo -e '\n' \
|| exit 1; \
done
Expand Down

0 comments on commit 231b6e1

Please sign in to comment.