run pip-audit only on production code

2026-05-10 02:58:42 -04:00 · 2026-03-26 10:07:16 -07:00
parent 2f7afb4d57
commit dbfe67db31
2 changed files with 6 additions and 4 deletions
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -26,7 +26,9 @@ jobs:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-project
      - name: Create requirements.txt
-        run: poetry export --output requirements.txt
+        # Currently there is an unresolved vulnerability in 2.19.2 of pygments
+        # which is used by pytest.  Ignore dev dependencies vulnerabilities for now
+        run: poetry export --only main --output requirements.txt
      - uses: pypa/gh-action-pip-audit@v1.1.0
        with:
          inputs: requirements.txt