From 8e936ccd0db6f1a1b86acf72e9f9fb64b38a58e2 Mon Sep 17 00:00:00 2001
From: behnazh-w <behnaz.hassanshahi@oracle.com>
Date: Thu, 17 Aug 2023 20:02:02 +1000
Subject: [PATCH] chore(deps): use CVE-2023-40267 alias for the audit check

Looks like `pip-audit` is not recognizing `PYSEC-2023-137` as an alias
for `GHSA-pr76-5cm5-w9cj`. Switching to `CVE-2023-40267` ID instead to avoid
duplicate errors bu `pip-audit`.

GitHub Advisory: https://osv.dev/vulnerability/GHSA-pr76-5cm5-w9cj
PYSEC Advisory: https://github.com/pypa/advisory-database/blob/a3bd5be966a999b065ac798d13795760c2e13d43/vulns/gitpython/PYSEC-2023-137.yaml

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 0aec17c63..a0e13aad5 100644
--- a/Makefile
+++ b/Makefile
@@ -225,14 +225,14 @@ requirements.txt: pyproject.toml
 # editable mode (like the one in development here) because they may not have
 # a PyPI entry; also print out CVE description and potential fixes if audit
 # found an issue.
-# TODO: do not ignore GHSA-pr76-5cm5-w9cj once the patch is out.
+# TODO: do not ignore CVE-2023-40267 once the patch is out.
 # See: https://github.com/ishepard/pydriller/issues/280
 .PHONY: audit
 audit:
 	if ! $$(python -c "import pip_audit" &> /dev/null); then \
 	  echo "No package pip_audit installed, upgrade your environment!" && exit 1; \
 	fi;
-	python -m pip_audit --skip-editable --desc on --fix --dry-run --ignore-vuln GHSA-pr76-5cm5-w9cj
+	python -m pip_audit --skip-editable --desc on --fix --dry-run --ignore-vuln CVE-2023-40267
 
 # Run some or all checks over the package code base.
 .PHONY: check check-code check-bandit check-flake8 check-lint check-mypy check-go check-actionlint