From 76df6bbabe8d8e9de54963c87aed667b67d54487 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 26 Mar 2026 10:24:43 -0700
Subject: [PATCH] run pip-audit only on production code

---
 .github/workflows/checks.yml       | 1 +
 .github/workflows/daily_checks.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index f36571ad9..d7d3e8a8b 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -93,6 +93,7 @@ jobs:
           inputs: requirements.txt
           ignore-vulns: |
             PYSEC-2023-312
+            CVE-2026-4539
 
   static-scan:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml
index 818657481..1777c99b8 100644
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup-project
       - name: Create requirements.txt
-        run: poetry export --only main --output requirements.txt
+        run: poetry export --output requirements.txt
       - uses: pypa/gh-action-pip-audit@v1.1.0
         with:
           inputs: requirements.txt