fix: skip pygments CVE-2026-4539 in pip-audit (no upstream fix available)

madeinplutofabio · madeinplutofabio · commit e7e4bd28265a · 2026-03-25T21:36:01.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -64,7 +64,11 @@ jobs:
           pip install pip-audit
 
       - name: Run pip-audit
-        run: pip-audit
+        run: |
+          # Skip CVEs with no fix available upstream.
+          # CVE-2026-4539: pygments 2.19.2 — no patched version released yet.
+          # Remove --ignore-vuln flags as upstream fixes become available.
+          pip-audit --ignore-vuln CVE-2026-4539
 
   sbom:
     name: Generate SBOM
