From fbb4727a31fa2d41431ccc0bf20e15c4b58e04ef Mon Sep 17 00:00:00 2001
From: Teo Zosa <erinzosa@ucla.edu>
Date: Mon, 21 Nov 2022 09:48:44 +0900
Subject: [PATCH] :lock: Ignore CVE-2022-42969 until tox 4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Used by tox:
```
❯ poetry show py
 name         : py
 version      : 1.11.0
 description  : library with cross-python path, ini-parsing, io, code, log facilities

required by
 - tox >=1.4.17
```

But tox does not use the affected part of the library
- ref: https://github.com/tox-dev/tox/issues/2524#issuecomment-1298932829
---
 tox.ini | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 1b958c324..3960b8674 100644
--- a/tox.ini
+++ b/tox.ini
@@ -90,7 +90,8 @@ commands = pre-commit run {posargs} -vv --all-files --color always
 [testenv:security]
 skip_install = true
 deps = safety
-commands = safety check --full-report -r {toxinidir}/requirements-all.txt
+commands = safety check --full-report -r {toxinidir}/requirements-all.txt \
+    --ignore=51457 # CVE-2022-42969
 
 [testenv:docs]
 extras =