Ignore a particular ansible-core vulnerability

This is being done only temporarily, and only because there is no recent version of ansible-core that does not exhibit the vulnerability. Without this change we get a failure from the pip-audit pre-commit hook that we cannot do anything about. Co-authored-by: Jeremy Frasier <[email protected]>
cisagov · Nov 19, 2024 · d8b5718 · d8b5718
1 parent 0b58650
commit d8b5718
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -156,6 +156,11 @@ repos:
     hooks:
       - id: pip-audit
         args:
+          # We have to ignore this particular vulnerability in
+          # ansible-core>=2.11 as there is currently no fix.  See
+          # cisagov/cyhy_amis#842 for more details.
+          - --ignore-vuln
+          - GHSA-99w6-3xph-cx78
           # Add any pip requirements files to scan
           - --requirement
           - requirements-dev.txt