diff --git a/.github/workflows/check-python.yaml b/.github/workflows/check-python.yaml index 8de12e30..7d7d6d79 100644 --- a/.github/workflows/check-python.yaml +++ b/.github/workflows/check-python.yaml @@ -25,7 +25,8 @@ jobs: - name: Audit with pip-audit run: | # audit non dev dependencies, no exclusions - poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt + # This is a temporary fix for PYSEC-2022-43059 as the vulnerability is withdrawn. See https://github.com/pypa/advisory-database/pull/169 + poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt --ignore-vuln "PYSEC-2022-43059" # audit all dependencies, with exclusions. # If a vulnerability is found in a dev dependency without an available fix,