You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running safety check --bare used to only fail if there was a concrete advisory that need patching.
I could choose to temporarily ignore that advisory with --ignore=<advisory>
But the announcement about the curl vulnerability (https://safetycli.com/research/curl-cve-2023-38545-python) is always shown, even when running with --bare
Adding --ignore=special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm does not make safety exit without output, the announcement is still shown.
This breaks our (and i suspect others') CI pipelines.
I would expect --bare to work in such a way that its output could be silenced.
Currently, it seems there is no way for safety --bare to run without output.
@khink, thank you for this issue report; we are evaluating the best behavior for announcements under a bare output. The ignore flag doesn't work for announcements, but it's an excellent idea to consider.
As an immediate solution, I asked the team to remove the announcement on Safety 2.x.
Description
Running
safety check --bare
used to only fail if there was a concrete advisory that need patching.I could choose to temporarily ignore that advisory with
--ignore=<advisory>
But the announcement about the curl vulnerability (https://safetycli.com/research/curl-cve-2023-38545-python) is always shown, even when running with
--bare
Adding
--ignore=special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm
does not make safety exit without output, the announcement is still shown.This breaks our (and i suspect others') CI pipelines.
I would expect
--bare
to work in such a way that its output could be silenced.Currently, it seems there is no way for
safety --bare
to run without output.What I Did
The text was updated successfully, but these errors were encountered: