diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94efbcf9..06203a87 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: # --ignore-vuln=CVE-... with a citation when the finding is # explicitly accepted per GOV-009 ยง"Vulnerability Response". # - # CVE-2026-3219: vulnerability in `pip` itself (the package + # CVE-2026-3219 / PYSEC-2026-196: vulnerability in `pip` itself (the package # manager), not a project dependency. The runner's pip is # supplied by GitHub's setup-python image and is not something # ZettelForge's pyproject can pin or upgrade. Risk-accepted @@ -58,7 +58,8 @@ jobs: # no persistent state. Re-evaluate when GitHub's images ship a # patched pip. pip-audit --strict \ - --ignore-vuln=CVE-2026-3219 + --ignore-vuln=CVE-2026-3219 \ + --ignore-vuln=PYSEC-2026-196 test: runs-on: ubuntu-latest