Ignore vulnerability GHSA-4xh5-x5gv-qwph (#145)

* Ignore vulnerability GHSA-4xh5-x5gv-qwph
Why these changes are being introduced:

The vulnerability GHSA-4xh5-x5gv-qwph is triggering an error
from pip-audit, but technically running python >= 3.12 is
sufficient to mitigate the risk.  Until pip releases a new
release, even though we have no risk, pip-audit will continue
to fail.

How this addresses that need:
* Explicitly ignores the vulnerability during vulnerability
scanning.

Side effects of this change:
* None

Relevant ticket(s):
* None

Author: jonavellecuerdo

.pre-commit-config.yaml

@@ -24,6 +24,6 @@ repos:
         types: ["python"]
       - id: pip-audit
         name: pip-audit
-        entry: pipenv run pip-audit
+        entry: pipenv run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
         language: system
         pass_filenames: false

Makefile

@@ -59,14 +59,13 @@ ruff: # Run 'ruff' linter and print a preview of errors
 	pipenv run ruff check .
 
 safety: # Check for security vulnerabilities and verify Pipfile.lock is up-to-date
-	pipenv run pip-audit
+	pipenv run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
 	pipenv verify
 
 lint-apply: # Apply changes with 'black' and resolve 'fixable errors' with 'ruff'
 	black-apply ruff-apply 
 
 black-apply: # Apply changes with 'black'
-	pipenv run black .
 
 ruff-apply: # Resolve 'fixable errors' with 'ruff'
 	pipenv run ruff check --fix .

Pipfile.lock

@@ -46,7 +46,6 @@ ignore = [
     "PLR0912",
     "PLR0913",
     "PLR0915",
-    "S320",
     "S321",
 ]
 

pyproject.toml

@@ -1,4 +1,3 @@
-# ruff: noqa: E501, PT004
 import json
 from datetime import timedelta
 from unittest import mock

tests/conftest.py

@@ -45,6 +45,6 @@ def test_cloudwatchlogs_client_get_log_events_raise_error(
 ):
     with pytest.raises(
         ECSTaskLogStreamDoesNotExistError,
-        match="No log streams found for task id 'DOES_NOT_EXIST'.",
+        match=r"No log streams found for task id 'DOES_NOT_EXIST'.",
     ):
         assert cloudwatchlogs_client.get_log_events(task_id="DOES_NOT_EXIST")

tests/test_aws/test_cloudwatch.py

@@ -80,7 +80,7 @@ def test_client_run_raise_error_if_task_definition_does_not_exist(
     )
     with pytest.raises(
         ECSTaskDefinitionDoesNotExistError,
-        match="No task definition found for 'DOES_NOT_EXIST'.",
+        match=r"No task definition found for 'DOES_NOT_EXIST'.",
     ):
         bad_ecs_client.run(run_type="review")
 
@@ -114,7 +114,7 @@ def test_ecs_client_monitor_task_raise_error(
 
     with pytest.raises(
         ECSTaskRuntimeExceededTimeoutError,
-        match="Task runtime exceeded set timeout of 2 seconds.",
+        match=r"Task runtime exceeded set timeout of 2 seconds.",
     ):
         ecs_client.monitor_task(task_arn, timeout=2)
 
@@ -126,7 +126,7 @@ def test_ecs_client_get_task_status_success(ecs_client, mock_ecs_task_state_tran
 
 def test_ecs_client_get_task_status_raise_error(ecs_client):
     with pytest.raises(
-        ECSTaskDoesNotExistError, match="No tasks found for id 'DOES_NOT_EXIST'."
+        ECSTaskDoesNotExistError, match=r"No tasks found for id 'DOES_NOT_EXIST'."
     ):
         assert ecs_client.get_task_status(task_id="DOES_NOT_EXIST")
 

tests/test_aws/test_ecs.py

@@ -1,4 +1,3 @@
-# ruff: noqa: G004
 import base64
 import json
 import logging