Open widal001 opened 11 months ago
@widal001, thank you for the detailed issue report; there is a proposed solution on #477; we will release a 3.0 Safety version with improved capabilities and a fix for this; however, we still need to address if we'll release a new beta version with these fixes only.
Safety 3.0 is going to be released this month.
@widal001, thank you for the detailed issue report; there is a proposed solution on #477; we will release a 3.0 Safety version with improved capabilities and a fix for this; however, we still need to address if we'll release a new beta version with these fixes only.
Safety 3.0 is going to be released this month.
Is there any update on this fix?
I see that 2.4.0b2 was released, but it appears to still have this problem.
We have been told 3.0 was imminent since at least August. https://github.com/pyupio/safety/issues/447#issuecomment-1665766714 https://github.com/pyupio/safety/issues/478#issuecomment-1665744067 https://github.com/pyupio/safety/issues/480#issuecomment-1665739709
Is the pyup/safetey team able to provide a fix for this while we wait for 3.0 to come out? Or provide feedback to #477?
I can confirm that version 3.0.1 of pyup/safety
can now ignore vulnerabilities based on the policy_file, while versions 2.X did not work as expected.
Description
Running
safety check
raises a vulnerability and fails the check even though the corresponding vulnerability id is added toignore-vulnerabilities:
in thesafety-policy.yml
file. The checks pass when the vulnerability id is passed explicitly tosafety check --ignore=51457
What I Did
Running
safety check
Running the safety check as is produces the following result
Note that the command does seem to be picking up the security policy file:
Additionally the
.safety-policy.yml
file does explicitly list51457
in theignore-vulnerabilities
section:Running
safety check --ignore
When the vulnerability id is explicitly passed as part of the
safety check
command, the vulnerability is successfully ignored: