check --bare still outputs announcements

[khink]

• safety version: 2.3.4, 2.3.5
• Python version: 3.9.18
• Operating System: Ubuntu Linux

Description

Running safety check --bare used to only fail if there was a concrete advisory that need patching. I could choose to temporarily ignore that advisory with --ignore=<advisory>

But the announcement about the curl vulnerability (https://safetycli.com/research/curl-cve-2023-38545-python) is always shown, even when running with --bare Adding --ignore=special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm does not make safety exit without output, the announcement is still shown. This breaks our (and i suspect others') CI pipelines.

I would expect --bare to work in such a way that its output could be silenced.

Currently, it seems there is no way for safety --bare to run without output.

What I Did

$ safety check --bare
special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm
$ safety check --bare --ignore=special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm
special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm
$ safety check --bare --ignore=special-advisory # try a variant
special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm

[khink]

As a workaround, we filter out the annoucement with sed in CI:

python -m safety check --bare | sed 's/special-advisory:-curl-high-severity-vulnerability:-https:\/\/bit.ly\/3feapsm//g'

[yeisonvargasf]

@khink, thank you for this issue report; we are evaluating the best behavior for announcements under a bare output. The ignore flag doesn't work for announcements, but it's an excellent idea to consider.

As an immediate solution, I asked the team to remove the announcement on Safety 2.x.