From 8de8e08c6c7ae36f721ea886fb1937467fafc8fe Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 09:41:56 +0100 Subject: [PATCH 01/11] feat: migrate to using .safety-ignore,yml file --- check-vulnerabilities/.safety-ignore.yml | 48 ++++++++++++++++++++++++ check-vulnerabilities/action.yml | 33 ++-------------- doc/source/conf.py | 31 ++++++++++++--- 3 files changed, 76 insertions(+), 36 deletions(-) create mode 100644 check-vulnerabilities/.safety-ignore.yml diff --git a/check-vulnerabilities/.safety-ignore.yml b/check-vulnerabilities/.safety-ignore.yml new file mode 100644 index 000000000..061caea79 --- /dev/null +++ b/check-vulnerabilities/.safety-ignore.yml @@ -0,0 +1,48 @@ +# Copyright (C) 2022 - 2026 ANSYS, Inc. and/or its affiliates. +# SPDX-License-Identifier: MIT +# +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +# Safety ignore file for vulnerability checks +# This file contains vulnerability IDs that are accepted/ignored +# Format: YAML configuration for Safety CLI +# Documentation: https://docs.pyup.io/docs/safety-20-policy-file + +security: + ignore-vulnerabilities: + # List of vulnerability IDs to ignore + 52495: + reason: "Accepted vulnerability" + expires: null + 62044: + reason: "Accepted vulnerability" + expires: null + 67599: + reason: "Accepted vulnerability" + expires: null + 72236: + reason: "Accepted vulnerability" + expires: null + 76752: + reason: "Accepted vulnerability" + expires: null + 83150: + reason: "Accepted vulnerability" + expires: null diff --git a/check-vulnerabilities/action.yml b/check-vulnerabilities/action.yml index ee7e199c3..e36eec7e1 100644 --- a/check-vulnerabilities/action.yml +++ b/check-vulnerabilities/action.yml @@ -50,9 +50,7 @@ description: | .. jinja:: check-vulnerabilities {% for v_id in ignored_safety %} - {% if v_id != '' %} - `Vulnerability {{ v_id }} `_ - {% endif %} {% endfor %} .. important:: **Required GitHub Permissions** @@ -461,24 +459,6 @@ runs: python -m pip install -r "${GITHUB_ACTION_PATH}/requirements.txt" fi - - name: "Install wget on Windows" - if: runner.os == 'Windows' - shell: pwsh - run: | - # Check if wget is installed - if not, install it - if (-not (Get-Command wget -ErrorAction SilentlyContinue)) { - Write-Host "wget is not installed. Installing using Chocolatey..." - # Install wget using Chocolatey - choco install wget -y - } else { - Write-Host "wget is already installed." - } - - - name: "Download the list of ignored safety vulnerabilities" - shell: bash - run: | - wget https://raw.githubusercontent.com/ansys/actions/main/check-vulnerabilities/ignored-safety.txt - - name: "Run safety and bandit" shell: bash continue-on-error: true @@ -488,15 +468,8 @@ runs: SOURCE_DIRECTORY: ${{ inputs.source-directory }} run: | ${ACTIVATE_VENV_BANDIT_SAFETY} - # Load accepted safety vulnerabilities - mapfile ignored_safety_vulnerabilities < ignored-safety.txt - ignored_vulnerabilities='' - for pckg in ${ignored_safety_vulnerabilities[*]}; do ignored_vulnerabilities+="-i $pckg "; done - ignored_safety_vulnerabilities=${ignored_safety_vulnerabilities::-1} - echo "Ignored safety vulnerabilities: $ignored_vulnerabilities" - - # Run security tools - safety check -o bare --save-json info_safety.json --continue-on-error $ignored_vulnerabilities -r "${GITHUB_ACTION_PATH}/requirements-for-safety.txt" + # Run security tools using the .safety-ignore.yml policy file + safety check -o bare --save-json info_safety.json --continue-on-error --policy-file "${GITHUB_ACTION_PATH}/.safety-ignore.yml" -r "${GITHUB_ACTION_PATH}/requirements-for-safety.txt" if [[ "${BANDIT_CONFIGFILE}" == "" ]]; then CONFIGFILE="" @@ -523,7 +496,7 @@ runs: fi - name: "Uploading safety and bandit results" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: inputs.upload-reports == 'true' || ( failure() && inputs.upload-reports == 'true' ) with: name: vulnerability-results diff --git a/doc/source/conf.py b/doc/source/conf.py index c1d9c3eb7..9fd3c925a 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -18,7 +18,7 @@ ACTIONS_INPUTS_FIELDS = ("description", "required", "type", "default") ACCEPTED_LICENSES = BASE_DIR / "check-licenses" / "accepted-licenses.txt" IGNORED_PACKAGES = BASE_DIR / "check-licenses" / "ignored-packages.txt" -IGNORED_SAFETY = BASE_DIR / "check-vulnerabilities" / "ignored-safety.txt" +IGNORED_SAFETY = BASE_DIR / "check-vulnerabilities" / ".safety-ignore.yml" # Project information project = "Ansys Actions" @@ -312,8 +312,27 @@ def get_example_file_title(example_file): ] -# Dynamically load the file contents for accepted licenses and ignored packages -def load_file_lines_as_list(file_path): +def load_safety_ignore_vulnerabilities(file_path: pathlib.Path): + """Loads the vulnerability IDs from the safety ignore YAML file. + + Parameters + ---------- + file_path : ~pathlib.Path + The ``Path`` instance representing the YAML file location. + + Returns + ------- + list[str] + A list of vulnerability ID strings. + + """ + with file_path.open() as safety_ignore_file: + data = yaml.safe_load(safety_ignore_file) + vulnerabilities = data.get("security", {}).get("ignore-vulnerabilities", {}) + return list(vulnerabilities.keys()) + + +def load_file_lines_as_list(file_path: pathlib.Path): """Loads the lines of a file in the form of a Python list. Parameters @@ -331,7 +350,7 @@ def load_file_lines_as_list(file_path): This function is expected to be used for loading the contents of TXT files. """ - with open(file_path) as accepted_licenses_file: + with file_path.open() as accepted_licenses_file: return list(accepted_licenses_file.read().split("\n")) @@ -342,8 +361,8 @@ def load_file_lines_as_list(file_path): jinja_contexts["check-licenses"][var] = load_file_lines_as_list(file) # Check vulnerabilities -jinja_contexts["check-vulnerabilities"]["ignored_safety"] = load_file_lines_as_list( - IGNORED_SAFETY +jinja_contexts["check-vulnerabilities"]["ignored_safety"] = ( + load_safety_ignore_vulnerabilities(IGNORED_SAFETY) ) From 99cf2cb821dc6f902348de388834e204e77a7e84 Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 09:46:41 +0100 Subject: [PATCH 02/11] docs: add info for dvelopers --- check-vulnerabilities/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 check-vulnerabilities/README.md diff --git a/check-vulnerabilities/README.md b/check-vulnerabilities/README.md new file mode 100644 index 000000000..1e17381e9 --- /dev/null +++ b/check-vulnerabilities/README.md @@ -0,0 +1,12 @@ +# IMPORTANT: migration from `ignored-safety.txt` to `.safety-ignore.yml` + +We have migrated from using `ignored-safety.txt` to `.safety-ignore.yml` for managing ignored +vulnerabilities. Especially for `ansys/actions` maintainers, make sure that whenever a new +vulnerability is added to `.safety-ignore.yml`, it is also added to `ignored-safety.txt` until +the migration is complete. This ensures that the CI checks continue to function correctly +during the transition period. + +> [!IMPORTANT] +> The `ignored-safety.txt` file is still required for the consumers of this action to work properly. Old action +> versions will continue to use `ignored-safety.txt` until repository maintainers upgrade to the latest +> version of the action that supports `.safety-ignore.yml`. From 559445524c1b15b24d4135bb62b71e77d3a7d76e Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 09:46:54 +0100 Subject: [PATCH 03/11] fix: pre-commit --- check-vulnerabilities/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-vulnerabilities/README.md b/check-vulnerabilities/README.md index 1e17381e9..08212f452 100644 --- a/check-vulnerabilities/README.md +++ b/check-vulnerabilities/README.md @@ -6,7 +6,7 @@ vulnerability is added to `.safety-ignore.yml`, it is also added to `ignored-saf the migration is complete. This ensures that the CI checks continue to function correctly during the transition period. -> [!IMPORTANT] +> [!IMPORTANT] > The `ignored-safety.txt` file is still required for the consumers of this action to work properly. Old action > versions will continue to use `ignored-safety.txt` until repository maintainers upgrade to the latest > version of the action that supports `.safety-ignore.yml`. From f8a5a9675a91c07a94987ac850b51d2e2866508a Mon Sep 17 00:00:00 2001 From: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com> Date: Wed, 18 Mar 2026 08:50:16 +0000 Subject: [PATCH 04/11] chore: adding changelog file 1215.added.md [dependabot-skip] --- doc/source/changelog/1215.added.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/source/changelog/1215.added.md diff --git a/doc/source/changelog/1215.added.md b/doc/source/changelog/1215.added.md new file mode 100644 index 000000000..941515041 --- /dev/null +++ b/doc/source/changelog/1215.added.md @@ -0,0 +1 @@ +Migrate to using .safety-ignore,yml file From 3419c207c287290d63d93c11275819946be82e2a Mon Sep 17 00:00:00 2001 From: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com> Date: Wed, 18 Mar 2026 08:59:03 +0000 Subject: [PATCH 05/11] chore: adding changelog file 1215.added.md [dependabot-skip] --- doc/source/changelog/1215.added.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/changelog/1215.added.md b/doc/source/changelog/1215.added.md index 941515041..7f546a8ec 100644 --- a/doc/source/changelog/1215.added.md +++ b/doc/source/changelog/1215.added.md @@ -1 +1 @@ -Migrate to using .safety-ignore,yml file +Migrate to using \`\`.safety-ignore.yml\`\` file From ff200d116a9ba37449de9ebc8b621a99bbbf13a0 Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 10:25:27 +0100 Subject: [PATCH 06/11] feat: allow for custom safety file --- check-vulnerabilities/action.yml | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/check-vulnerabilities/action.yml b/check-vulnerabilities/action.yml index e36eec7e1..0fc6ecf91 100644 --- a/check-vulnerabilities/action.yml +++ b/check-vulnerabilities/action.yml @@ -105,6 +105,18 @@ inputs: required: false type: string + safety-configfile: + description: | + Path to a custom .safety-ignore.yml policy file to use with safety. + If not provided, the action will use its default policy file. Path + location should be relative to the repository root. For instance, if the policy + file is located in the ``/config`` folder of the repository and is named + ``my-safety-policy.yml``, the input should be set to ``config/my-safety-policy.yml``. + If the provided file does not exist, the action will fail with an error. + default: '' + required: false + type: string + source-directory: description: | The source folder of the repository to be evaluated by bandit. @@ -465,11 +477,24 @@ runs: env: ACTIVATE_VENV_BANDIT_SAFETY: ${{ steps.virtual-environment-activation-command.outputs.ACTIVATE_VENV_BANDIT_SAFETY }} BANDIT_CONFIGFILE: ${{ inputs.bandit-configfile }} + SAFETY_CONFIGFILE: ${{ inputs.safety-configfile }} SOURCE_DIRECTORY: ${{ inputs.source-directory }} run: | ${ACTIVATE_VENV_BANDIT_SAFETY} - # Run security tools using the .safety-ignore.yml policy file - safety check -o bare --save-json info_safety.json --continue-on-error --policy-file "${GITHUB_ACTION_PATH}/.safety-ignore.yml" -r "${GITHUB_ACTION_PATH}/requirements-for-safety.txt" + # Set the safety policy file to use + if [[ "${SAFETY_CONFIGFILE}" == "" ]]; then + SAFETY_POLICY_FILE="${GITHUB_ACTION_PATH}/.safety-ignore.yml" + else + SAFETY_POLICY_FILE="${GITHUB_WORKSPACE}/${SAFETY_CONFIGFILE}" + # Check if the provided policy file exists + if [[ ! -f "${SAFETY_POLICY_FILE}" ]]; then + echo "Error: The provided safety policy file '${SAFETY_CONFIGFILE}' does not exist in the repository." + exit 1 + fi + fi + + # Run security tools using the specified policy file + safety check -o bare --save-json info_safety.json --continue-on-error --policy-file "${SAFETY_POLICY_FILE}" -r "${GITHUB_ACTION_PATH}/requirements-for-safety.txt" if [[ "${BANDIT_CONFIGFILE}" == "" ]]; then CONFIGFILE="" From 31d514a970e66364e103a5f25f179c2fd33bad83 Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 12:10:01 +0100 Subject: [PATCH 07/11] feat: improve logging --- check-vulnerabilities/action.yml | 89 +++++++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 12 deletions(-) diff --git a/check-vulnerabilities/action.yml b/check-vulnerabilities/action.yml index 0fc6ecf91..048e82278 100644 --- a/check-vulnerabilities/action.yml +++ b/check-vulnerabilities/action.yml @@ -99,8 +99,9 @@ inputs: bandit-configfile: description: | Optional config file to use for selecting plugins, overriding defaults, - and customizing checks performed by bandit. - + and customizing checks performed by bandit. Path location should be relative + to the repository root. If the provided file does not exist, the action will + fail with an error. default: '' required: false type: string @@ -471,36 +472,100 @@ runs: python -m pip install -r "${GITHUB_ACTION_PATH}/requirements.txt" fi - - name: "Run safety and bandit" + - name: "Validate configuration files" + id: validate-config-files + shell: bash + env: + BANDIT_CONFIGFILE: ${{ inputs.bandit-configfile }} + SAFETY_CONFIGFILE: ${{ inputs.safety-configfile }} + run: | + # Initialize validation results + SAFETY_CONFIG_ERROR="false" + BANDIT_CONFIG_ERROR="false" + + # Check if provided safety policy file exists + if [[ "${SAFETY_CONFIGFILE}" != "" ]]; then + if [[ ! -f "${GITHUB_WORKSPACE}/${SAFETY_CONFIGFILE}" ]]; then + SAFETY_CONFIG_ERROR="true" + fi + fi + + # Check if provided bandit config file exists + if [[ "${BANDIT_CONFIGFILE}" != "" ]]; then + if [[ ! -f "${GITHUB_WORKSPACE}/${BANDIT_CONFIGFILE}" ]]; then + BANDIT_CONFIG_ERROR="true" + fi + fi + + # Set outputs + echo "SAFETY_CONFIG_ERROR=${SAFETY_CONFIG_ERROR}" >> ${GITHUB_OUTPUT} + echo "BANDIT_CONFIG_ERROR=${BANDIT_CONFIG_ERROR}" >> ${GITHUB_OUTPUT} + + - uses: ansys/actions/_logging@main + if: ${{ steps.validate-config-files.outputs.SAFETY_CONFIG_ERROR == 'true' }} + with: + level: "ERROR" + message: > + The provided safety policy file '${{ inputs.safety-configfile }}' does not exist in the repository. + + - uses: ansys/actions/_logging@main + if: ${{ steps.validate-config-files.outputs.BANDIT_CONFIG_ERROR == 'true' }} + with: + level: "ERROR" + message: > + The provided bandit config file '${{ inputs.bandit-configfile }}' does not exist in the repository. + + - uses: ansys/actions/_logging@main + with: + level: "INFO" + message: > + Running safety vulnerability checks. + + - name: "Run safety checks" shell: bash continue-on-error: true env: ACTIVATE_VENV_BANDIT_SAFETY: ${{ steps.virtual-environment-activation-command.outputs.ACTIVATE_VENV_BANDIT_SAFETY }} - BANDIT_CONFIGFILE: ${{ inputs.bandit-configfile }} SAFETY_CONFIGFILE: ${{ inputs.safety-configfile }} - SOURCE_DIRECTORY: ${{ inputs.source-directory }} run: | ${ACTIVATE_VENV_BANDIT_SAFETY} # Set the safety policy file to use if [[ "${SAFETY_CONFIGFILE}" == "" ]]; then SAFETY_POLICY_FILE="${GITHUB_ACTION_PATH}/.safety-ignore.yml" + echo "Using default safety policy file: ${SAFETY_POLICY_FILE}" else SAFETY_POLICY_FILE="${GITHUB_WORKSPACE}/${SAFETY_CONFIGFILE}" - # Check if the provided policy file exists - if [[ ! -f "${SAFETY_POLICY_FILE}" ]]; then - echo "Error: The provided safety policy file '${SAFETY_CONFIGFILE}' does not exist in the repository." - exit 1 - fi + echo "Using custom safety policy file: ${SAFETY_POLICY_FILE}" fi - # Run security tools using the specified policy file + # Run safety vulnerability checks safety check -o bare --save-json info_safety.json --continue-on-error --policy-file "${SAFETY_POLICY_FILE}" -r "${GITHUB_ACTION_PATH}/requirements-for-safety.txt" + - uses: ansys/actions/_logging@main + with: + level: "INFO" + message: > + Running bandit security checks. + + - name: "Run bandit checks" + shell: bash + continue-on-error: true + env: + ACTIVATE_VENV_BANDIT_SAFETY: ${{ steps.virtual-environment-activation-command.outputs.ACTIVATE_VENV_BANDIT_SAFETY }} + BANDIT_CONFIGFILE: ${{ inputs.bandit-configfile }} + SOURCE_DIRECTORY: ${{ inputs.source-directory }} + run: | + ${ACTIVATE_VENV_BANDIT_SAFETY} + # Set the bandit config file to use if [[ "${BANDIT_CONFIGFILE}" == "" ]]; then CONFIGFILE="" + echo "Using default bandit configuration" else - CONFIGFILE="-c ${BANDIT_CONFIGFILE}" + CONFIGFILE="-c ${GITHUB_WORKSPACE}/${BANDIT_CONFIGFILE}" + echo "Using custom bandit config file: ${GITHUB_WORKSPACE}/${BANDIT_CONFIGFILE}" fi + + # Run bandit security checks bandit ${CONFIGFILE} -r "${SOURCE_DIRECTORY}" -o info_bandit.json -f json --exit-zero - name: "Run advisory checks" From 8245b26565177491b44cbe9a2fa631aeebd06051 Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Wed, 18 Mar 2026 12:10:33 +0100 Subject: [PATCH 08/11] fix: pre-commit --- check-vulnerabilities/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-vulnerabilities/action.yml b/check-vulnerabilities/action.yml index 048e82278..ec7fdc384 100644 --- a/check-vulnerabilities/action.yml +++ b/check-vulnerabilities/action.yml @@ -489,7 +489,7 @@ runs: SAFETY_CONFIG_ERROR="true" fi fi - + # Check if provided bandit config file exists if [[ "${BANDIT_CONFIGFILE}" != "" ]]; then if [[ ! -f "${GITHUB_WORKSPACE}/${BANDIT_CONFIGFILE}" ]]; then From c431ebfc3ec852459b79e8ef2fbe6a76b8c0380b Mon Sep 17 00:00:00 2001 From: Muhammed Adedigba Date: Thu, 26 Mar 2026 18:15:17 +0100 Subject: [PATCH 09/11] fix: merge conflict --- check-vulnerabilities/action.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/check-vulnerabilities/action.yml b/check-vulnerabilities/action.yml index 9fa051d39..32f731a23 100644 --- a/check-vulnerabilities/action.yml +++ b/check-vulnerabilities/action.yml @@ -49,15 +49,10 @@ description: | .. jinja:: check-vulnerabilities -<<<<<<< feat/improve-vuln-action - {% for v_id in ignored_safety %} - - `Vulnerability {{ v_id }} `_ -======= {% for v_id in ignored_safety | select %} - `Vulnerability {{ v_id }} `_ {% else %} No safety vulnerabilities are accepted at this moment. ->>>>>>> main {% endfor %} .. important:: **Required GitHub Permissions** From 14811dac4d171229c5bf8d274f80d48330d6419a Mon Sep 17 00:00:00 2001 From: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Date: Fri, 27 Mar 2026 10:23:32 +0100 Subject: [PATCH 10/11] Update .safety-ignore.yml --- check-vulnerabilities/.safety-ignore.yml | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/check-vulnerabilities/.safety-ignore.yml b/check-vulnerabilities/.safety-ignore.yml index 061caea79..c4c874fca 100644 --- a/check-vulnerabilities/.safety-ignore.yml +++ b/check-vulnerabilities/.safety-ignore.yml @@ -28,21 +28,7 @@ security: ignore-vulnerabilities: # List of vulnerability IDs to ignore - 52495: - reason: "Accepted vulnerability" - expires: null - 62044: - reason: "Accepted vulnerability" - expires: null - 67599: - reason: "Accepted vulnerability" - expires: null - 72236: - reason: "Accepted vulnerability" - expires: null - 76752: - reason: "Accepted vulnerability" - expires: null - 83150: - reason: "Accepted vulnerability" - expires: null + # Example: + # 52495: + # reason: "Accepted vulnerability" + # expires: null From 811847a2db33b07a5c85726877e6c53ea5f5e051 Mon Sep 17 00:00:00 2001 From: Muhammed Adedigba Date: Fri, 27 Mar 2026 11:49:46 +0100 Subject: [PATCH 11/11] fix: handle empty vulnerability list correctly --- doc/source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/conf.py b/doc/source/conf.py index 9fd3c925a..29e392a4e 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -329,7 +329,7 @@ def load_safety_ignore_vulnerabilities(file_path: pathlib.Path): with file_path.open() as safety_ignore_file: data = yaml.safe_load(safety_ignore_file) vulnerabilities = data.get("security", {}).get("ignore-vulnerabilities", {}) - return list(vulnerabilities.keys()) + return list(vulnerabilities.keys()) if vulnerabilities else [] def load_file_lines_as_list(file_path: pathlib.Path):