Ignoring a vulnerability without a fix yet

VectorInstitute · Jan 9, 2025 · ba746ea · ba746ea
1 parent 624a529
commit ba746ea
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/static_code_checks.yaml b/.github/workflows/static_code_checks.yaml
@@ -43,7 +43,9 @@ jobs:
           virtual-environment: .venv/
           # Ignoring vulnerability in cryptography
           # Fix is 43.0.1 but flwr 1.9 depends on < 43
+          # GHSA-cjgq-5qmw-rcj6 is a Keras vulnerability that has no fix yet
           ignore-vulns: |
             GHSA-h4gh-qq45-vh27
             GHSA-q34m-jh98-gwm2
             GHSA-f9vj-2wh5-fj8j
+            GHSA-cjgq-5qmw-rcj6