Skip to content

Commit

Permalink
safety: Ignore pillow 6.2.2 vulnerabilities
Browse files Browse the repository at this point in the history
These are vulnerabilities related to processing of malicious images,
and since we don't expose image uploading to 3rd parties on this site,
somewhat reasonable to ignore.

There is no planned 6.2.3 release of pillow to fix this (see
python-pillow/Pillow#4750) and wagtail 2.7.x
requires this as of today.  Possibly the 2.7 branch of wagail will
relax this requirement, but until then I think it's best to ignore
these.
  • Loading branch information
chigby committed Jul 7, 2020
1 parent f1c9308 commit 59bc635
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities
pip install --upgrade safety && \
for req_file in `find . -type f -name '*requirements.txt'`; do \
echo "Checking file $$req_file" \
&& safety check --full-report --stdin --ignore 38197 --ignore 38198 < $$req_file \
&& safety check --full-report --stdin --ignore 38449 --ignore 38450 --ignore 38451 --ignore 38452 --ignore 38197 --ignore 38198 < $$req_file \
&& echo -e '\n' \
|| exit 1; \
done
Expand Down

0 comments on commit 59bc635

Please sign in to comment.