From f1fbc31365df03bdfe41b01e85f9d47b93355aa1 Mon Sep 17 00:00:00 2001
From: Cory Francis Myers <cory@freedom.press>
Date: Mon, 2 Oct 2023 15:27:36 -0700
Subject: [PATCH] chore(safety): ignore GitPython CVEs CVE-2023-{40590,41040}

GitPython is a development-only dependency of Bandit, which will be
obsoleted by #6961.  In the meantime:

- CVE-2023-40590 (Safety 60789) affects Windows, which we don't support.
- CVE-2023-41040 (Safety 60841) is not exploitable for our use of
  GitPython via Bandit.
---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index c8d0bfac15..2e2eac2414 100644
--- a/Makefile
+++ b/Makefile
@@ -167,6 +167,8 @@ safety:  ## Run `safety check` to check python dependencies for vulnerabilities.
                 --ignore 58912 \
                 --ignore 59473 \
                 --ignore 60350 \
+		--ignore 60789 \
+		--ignore 60841 \
 		--full-report -r $$req_file \
 		&& echo -e '\n' \
 		|| exit 1; \