run pip-audit only on production code

2026-05-08 01:58:01 -04:00 · 2026-03-26 10:19:15 -07:00
parent dbfe67db31
commit b4196f1c5e
2 changed files with 4 additions and 5 deletions
--- a/.ds.baseline
+++ b/.ds.baseline
@@ -151,7 +151,7 @@
        "filename": ".github/workflows/daily_checks.yml",
        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
        "is_verified": false,
-        "line_number": 65,
+        "line_number": 64,
        "is_secret": false
      },
      {
@@ -159,7 +159,7 @@
        "filename": ".github/workflows/daily_checks.yml",
        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
        "is_verified": false,
-        "line_number": 81,
+        "line_number": 80,
        "is_secret": false
      }
    ],
@@ -374,5 +374,5 @@
      }
    ]
  },
-  "generated_at": "2026-03-26T17:07:05Z"
+  "generated_at": "2026-03-26T17:19:11Z"
 }
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -26,14 +26,13 @@ jobs:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-project
      - name: Create requirements.txt
-        # Currently there is an unresolved vulnerability in 2.19.2 of pygments
-        # which is used by pytest.  Ignore dev dependencies vulnerabilities for now
        run: poetry export --only main --output requirements.txt
      - uses: pypa/gh-action-pip-audit@v1.1.0
        with:
          inputs: requirements.txt
          ignore-vulns: |
            PYSEC-2023-312
+            CVE-2026-4539
      - name: Upload pip-audit artifact
        uses: actions/upload-artifact@v4
        with: