mirrors/kitty
1
0
Fork 0
mirror of https://github.com/kovidgoyal/kitty synced 2026-06-06 01:05:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Filter out another form of the same CVE

Browse Source
This commit is contained in:
Kovid Goyal
2025-09-17 23:14:40 +05:30
parent 87856efa49
commit c4cb9cdbb7
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/ci.py vendored
View File

@@ -205,8 +205,8 @@ def install_grype() -> str:
IGNORED_DEPENDENCY_CVES = [
# Python stdlib
'CVE-2025-8194', # DoS in tarfile
'CVE-2025-6069', # DoS in HTMLParser
'CVE-2025-8194', 'BIT-python-2025-8194', # DoS in tarfile
'CVE-2025-6069', 'BIT-python-2025-6069', # DoS in HTMLParser
]
@@ -222,7 +222,7 @@ def check_dependencies() -> None:
dest = os.path.join(SW, 'macos')
os.makedirs(dest, exist_ok=True)
install_bundle(dest, os.path.basename(dest))
if (cp := subprocess.run([grype, '--config', gc, '--fail-on', 'medium', SW])).returncode != 0:
if (cp := subprocess.run([grype, '--config', gc, '--only-fixed', '--fail-on', 'medium', SW])).returncode != 0:
raise SystemExit(cp.returncode)
# Now test against the SBOM
import runpy
@@ -233,7 +233,7 @@ def check_dependencies() -> None:
runpy.run_path('bypy-src')
sys.argv, sys.stdout = orig
print(buf.getvalue())
if (cp := subprocess.run([grype, '--config', gc, '--fail-on', 'medium'], input=buf.getvalue().encode())).returncode != 0:
if (cp := subprocess.run([grype, '--config', gc, '--only-fixed', '--fail-on', 'medium'], input=buf.getvalue().encode())).returncode != 0:
raise SystemExit(cp.returncode)