chore: ignoring aiohttp vulnerability

algorandfoundation · Nov 8, 2023 · 8293f99 · 8293f99
1 parent ce9fd61
commit 8293f99
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/check-python.yaml b/.github/workflows/check-python.yaml
@@ -25,7 +25,8 @@ jobs:
       - name: Audit with pip-audit
         run: |
           # audit non dev dependencies, no exclusions
-          poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
+          # This is a temporary fix for PYSEC-2022-43059 as the vulnerability is withdrawn. See https://github.com/pypa/advisory-database/pull/169
+          poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt --ignore-vuln "PYSEC-2022-43059"
 
           # audit all dependencies, with exclusions.
           # If a vulnerability is found in a dev dependency without an available fix,