| 123456789101112131415 |
- #!/usr/bin/env bash
- # Local pip-audit wrapper — mirrors the ignore list in
- # .github/workflows/security.yml so `./scripts/pip-audit.sh` matches what CI sees.
- # Keep both sides in sync when adding or removing ignores.
- #
- # CVE-2025-45768 (PYSEC-2025-183 / GHSA-65pc-fj4g-8rjx): disputed by PyJWT
- # maintainers; no fix version exists. Bambuddy uses secrets.token_urlsafe(64)
- # (~86 chars) and rejects file-loaded secrets shorter than 32 chars
- # (backend/app/core/auth.py:177, :184). Safe to ignore permanently.
- set -euo pipefail
- source /opt/claude/projects/bambuddy/venv/bin/activate
- exec pip-audit \
- --ignore-vuln CVE-2025-45768 \
- "$@"
|
