Updated CI

.trivyignore

@@ -1,3 +1,13 @@
 # Dockerfile USER directive (DS-0002): Bambuddy runs as a single-host
 # Docker container where root is needed for device access and FFmpeg.
 DS-0002
+
+# util-linux hostname canonicalization (LOW, no fix available in Debian bookworm).
+# Affects mount, login, libuuid1, libsmartcols1, etc. — not exploitable in container context.
+CVE-2026-3184
+
+# libtiff denial-of-service bugs (pulled in by ffmpeg, not directly used).
+# No fix available in Debian bookworm.
+CVE-2025-61143
+CVE-2025-61144
+CVE-2025-61145

backend/tests/unit/services/test_virtual_printer.py

@@ -127,7 +127,7 @@ class TestVirtualPrinterInstance:
         """Verify received file is added to pending list in review mode."""
         instance.mode = "review"
 
-        file_path = Path("/tmp/test.3mf")
+        file_path = Path("/tmp/test.3mf")  # nosec B108
 
         with patch.object(instance, "_queue_file", new_callable=AsyncMock) as mock_queue:
             await instance.on_file_received(file_path, "192.168.1.100")
@@ -138,7 +138,7 @@ class TestVirtualPrinterInstance:
     @pytest.mark.asyncio
     async def test_on_file_received_archives_immediately(self, instance):
         """Verify file is archived in immediate mode."""
-        file_path = Path("/tmp/test.3mf")
+        file_path = Path("/tmp/test.3mf")  # nosec B108
 
         with patch.object(instance, "_archive_file", new_callable=AsyncMock) as mock_archive:
             await instance.on_file_received(file_path, "192.168.1.100")