fix(ci): upgrade pip before security audit to avoid pip-self CVEs (#16)

KYBvWHxW · tbag999 · claude · web-flow · commit dfaad39cd430 · 2026-04-29T00:38:55.000+08:00
pip 25.3 pre-installed on CI runners has CVE-2026-1703 and CVE-2026-3219. Upgrading pip before running pip-audit avoids false positives. Closes #15 Co-authored-by: gss <tbag9199@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -59,6 +59,7 @@ jobs:
       - uses: actions/setup-python@v5
         with:
           python-version: "3.12"
+      - run: python -m pip install --upgrade pip
       - run: pip install pip-audit bandit
       - name: Install project
         run: pip install -e ".[dev]"
