Skip to content

gitlab-ci: ignore safety errors about DoS vulns not important in CI tests

Hans-Christoph Steiner requested to merge eighthave/issuebot:ignore-safety-errors-about-dos-vulns into master

These deps come from Debian, and a DoS in this CI job would just result in a job failure.

-> Vulnerability found in wheel version 0.34.2
   Vulnerability ID: 51499
   Affected spec: <0.38.1
   ADVISORY: Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue
   discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier
   allows remote attackers to cause a denial of service via attacker controlled
   input to wheel cli.https://pyup.io/posts/pyup-discovers-redos-
   vulnerabilities-in-top-python-packages
   CVE-2022-40898
   For more information, please visit https://pyup.io/v/51499/f17
-> Vulnerability found in setuptools version 52.0.0
   Vulnerability ID: 52495
   Affected spec: <65.5.1
   ADVISORY: Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python
   Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
   to cause a denial of service via HTML in a crafted package or custom
   PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in
   package_index.py.https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-
   in-top-python-packages
   CVE-2022-40897
   For more information, please visit https://pyup.io/v/52495/f17

Merge request reports