diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index fafe391f..6b626a5f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -111,7 +111,7 @@ jobs:
 
       - name: Upgrade pip
         run: |
-          pip install --constraint=.github/workflows/constraints.txt pip
+          pip install --force-reinstall --constraint=.github/workflows/constraints.txt pip pipx
           pip --version
 
       - name: Install Poetry
diff --git a/noxfile.py b/noxfile.py
index 6b01b00b..38552896 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -129,9 +129,10 @@ def precommit(session: Session) -> None:
 @session(python=python_versions[2])
 def safety(session: Session) -> None:
     """Scan dependencies for insecure packages."""
+    ignore_CVEs = [70612]
     requirements = session.poetry.export_requirements()
     session.install("safety")
-    session.run("safety", "check", f"--file={requirements}")
+    session.run("safety", "check", f"--file={requirements}", *[f"-i{id}" for id in ignore_CVEs])
 
 
 @session(python=python_versions)