Skip to content
This repository has been archived by the owner on Jan 6, 2022. It is now read-only.

Commit

Permalink
safety: Ignore pillow 6.2.2 vulnerabilities
Browse files Browse the repository at this point in the history 
These are vulnerabilities related to processing of malicious images,
and since we don't expose image uploading to 3rd parties on this site,
somewhat reasonable to ignore.

There is no planned 6.2.3 release of pillow to fix this (see
python-pillow/Pillow#4750) and wagtail 2.7.x
requires this as of today.  Possibly the 2.7 branch of wagail will
relax this requirement, but until then I think it's best to ignore
these.
  • Loading branch information
@chigby
chigby committed Jul 7, 2020
1 parent 41df6b5 commit f83a631
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities
@for req_file in `find . -type f -name '*requirements.txt'`; do \
echo "Checking file $$req_file" \
&& safety check --ignore 36351 --ignore 36546 --ignore 36533 --ignore 36534\
--ignore=38449 --ignore=38450 --ignore=38451 --ignore=38452\
--ignore 36541 --ignore 38197 --ignore 38198 --full-report -r $$req_file \
&& echo -e '\n' \
|| exit 1; \
Expand Down

0 comments on commit f83a631

Please sign in to comment.