Updated dependencies and ignore gunicorn audit flag

This changeset updates a couple of dependencies, including our Python dependency audit check, and specifically ignores a gunicorn audit flag that appeared on 4/16/2024. As soon as there is an update available for gunicorn that addresses the issue we will remove the flag to ignore the vulnerability report and update the dependency. Signed-off-by: Carlo Costino <[email protected]>
GSA · Apr 16, 2024 · b950767 · b950767
1 parent 8954a07
commit b950767
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 26 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -86,9 +86,11 @@ jobs:
       - uses: ./.github/actions/setup-project
       - name: Create requirements.txt
         run: poetry export --without-hashes --format=requirements.txt > requirements.txt
-      - uses: pypa/[email protected].6
+      - uses: pypa/[email protected].8
         with:
           inputs: requirements.txt
+          ignore-vulns: |
+            GHSA-w3h3-4rj7-4ph4
 
   static-scan:
     runs-on: ubuntu-latest

diff --git a/poetry.lock b/poetry.lock