run pip-audit only on production code

This commit is contained in:
Kenneth Kehl
2026-03-26 10:19:15 -07:00
parent dbfe67db31
commit b4196f1c5e
2 changed files with 4 additions and 5 deletions

View File

@@ -26,14 +26,13 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-project
- name: Create requirements.txt
# Currently there is an unresolved vulnerability in 2.19.2 of pygments
# which is used by pytest. Ignore dev dependencies vulnerabilities for now
run: poetry export --only main --output requirements.txt
- uses: pypa/gh-action-pip-audit@v1.1.0
with:
inputs: requirements.txt
ignore-vulns: |
PYSEC-2023-312
CVE-2026-4539
- name: Upload pip-audit artifact
uses: actions/upload-artifact@v4
with: