|
@@ -1,15 +0,0 @@
|
|
|
-#!/usr/bin/env bash
|
|
|
|
|
-# Local pip-audit wrapper — mirrors the ignore list in
|
|
|
|
|
-# .github/workflows/security.yml so `./scripts/pip-audit.sh` matches what CI sees.
|
|
|
|
|
-# Keep both sides in sync when adding or removing ignores.
|
|
|
|
|
-#
|
|
|
|
|
-# CVE-2025-45768 (PYSEC-2025-183 / GHSA-65pc-fj4g-8rjx): disputed by PyJWT
|
|
|
|
|
-# maintainers; no fix version exists. Bambuddy uses secrets.token_urlsafe(64)
|
|
|
|
|
-# (~86 chars) and rejects file-loaded secrets shorter than 32 chars
|
|
|
|
|
-# (backend/app/core/auth.py:177, :184). Safe to ignore permanently.
|
|
|
|
|
-set -euo pipefail
|
|
|
|
|
-source /opt/claude/projects/bambuddy/venv/bin/activate
|
|
|
|
|
-
|
|
|
|
|
-exec pip-audit \
|
|
|
|
|
- --ignore-vuln CVE-2025-45768 \
|
|
|
|
|
- "$@"
|
|
|
maziggy