From 1ab8aba44c5ed96afcf2b45e0f60e22c8aae1468 Mon Sep 17 00:00:00 2001 From: Amrit Krishnan Date: Tue, 3 Sep 2024 09:12:00 -0400 Subject: [PATCH 1/3] Ignore pytorch pip audit vulnerability (#680) Co-authored-by: GitHub Actions --- .github/workflows/code_checks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code_checks.yml index 8d62e0ccd..29c4c7db6 100644 --- a/.github/workflows/code_checks.yml +++ b/.github/workflows/code_checks.yml @@ -47,3 +47,5 @@ jobs: uses: pypa/gh-action-pip-audit@v1.0.8 with: virtual-environment: .venv/ + ignore-vulns: | + GHSA-pg7h-5qx3-wjr3 From 108dd900e5e5799064913c85332db0f15b122e26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 09:55:48 -0400 Subject: [PATCH 2/3] Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 (#673) --- .github/workflows/code_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code_checks.yml index 29c4c7db6..381588d53 100644 --- a/.github/workflows/code_checks.yml +++ b/.github/workflows/code_checks.yml @@ -44,7 +44,7 @@ jobs: poetry install --with test --all-extras pre-commit run --all-files - name: pip-audit (gh-action-pip-audit) - uses: pypa/gh-action-pip-audit@v1.0.8 + uses: pypa/gh-action-pip-audit@v1.1.0 with: virtual-environment: .venv/ ignore-vulns: | From bc18269d3710b631d88a51f75564d06486956dc5 Mon Sep 17 00:00:00 2001 From: Amrit Krishnan Date: Tue, 3 Sep 2024 09:59:17 -0400 Subject: [PATCH 3/3] Update codecov.yml --- codecov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codecov.yml b/codecov.yml index 72f5c36ef..b1b6a5dcf 100644 --- a/codecov.yml +++ b/codecov.yml @@ -1,5 +1,5 @@ codecov: - require_ci_to_pass: true + require_ci_to_pass: false notify: after_n_builds: 2 wait_for_ci: yes