|
@@ -130,8 +130,10 @@ jobs:
|
|
|
- name: Run pip-audit
|
|
- name: Run pip-audit
|
|
|
id: pip-audit
|
|
id: pip-audit
|
|
|
run: |
|
|
run: |
|
|
|
- pip-audit --desc on --format json --output pip-audit-results.json || echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
|
|
|
|
|
- pip-audit --desc on || true
|
|
|
|
|
|
|
+ # CVE-2026-4539: low-severity ReDoS in Pygments AdlLexer (indirect dep via mkdocs-material/pytest/rich).
|
|
|
|
|
+ # No fix available yet. Remove --ignore-vuln once Pygments releases a patched version.
|
|
|
|
|
+ pip-audit --desc on --format json --output pip-audit-results.json --ignore-vuln CVE-2026-4539 || echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
|
|
|
|
|
+ pip-audit --desc on --ignore-vuln CVE-2026-4539 || true
|
|
|
|
|
|
|
|
- name: Upload audit results
|
|
- name: Upload audit results
|
|
|
if: always()
|
|
if: always()
|
maziggy