safety: Ignore pillow 6.2.2 vulnerabilities

These are vulnerabilities related to processing of malicious images, and since we don't expose image uploading to 3rd parties on this site, somewhat reasonable to ignore. There is no planned 6.2.3 release of pillow to fix this (see python-pillow/Pillow#4750) and wagtail 2.7.x requires this as of today. Possibly the 2.7 branch of wagail will relax this requirement, but until then I think it's best to ignore these.
freedomofpress · Jul 7, 2020 · 59bc635 · 59bc635
1 parent f1c9308
commit 59bc635
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -116,7 +116,7 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities
 	pip install --upgrade safety && \
 		for req_file in `find . -type f -name '*requirements.txt'`; do \
 			echo "Checking file $$req_file" \
-			&& safety check --full-report --stdin --ignore 38197 --ignore 38198 < $$req_file \
+			&& safety check --full-report --stdin --ignore 38449 --ignore 38450 --ignore 38451 --ignore 38452 --ignore 38197 --ignore 38198 < $$req_file \
 			&& echo -e '\n' \
 			|| exit 1; \
 		done