-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check --bare still outputs announcements #483
Comments
As a workaround, we filter out the annoucement with
|
@khink, thank you for this issue report; we are evaluating the best behavior for announcements under a bare output. The ignore flag doesn't work for announcements, but it's an excellent idea to consider. As an immediate solution, I asked the team to remove the announcement on Safety 2.x. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Running
safety check --bare
used to only fail if there was a concrete advisory that need patching.I could choose to temporarily ignore that advisory with
--ignore=<advisory>
But the announcement about the curl vulnerability (https://safetycli.com/research/curl-cve-2023-38545-python) is always shown, even when running with
--bare
Adding
--ignore=special-advisory:-curl-high-severity-vulnerability:-https://bit.ly/3feapsm
does not make safety exit without output, the announcement is still shown.This breaks our (and i suspect others') CI pipelines.
I would expect
--bare
to work in such a way that its output could be silenced.Currently, it seems there is no way for
safety --bare
to run without output.What I Did
The text was updated successfully, but these errors were encountered: