Skip to content

Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory#161

Draft
Copilot wants to merge 2 commits into
masterfrom
copilot/fix-pip-audit-job-failure
Draft

Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory#161
Copilot wants to merge 2 commits into
masterfrom
copilot/fix-pip-audit-job-failure

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 5, 2026
edited
Loading

Summary

The pip-audit job failed because the accepted pip vulnerability was reported as PYSEC-2026-196 while CI only ignored CVE-2026-3219. This updates the workflow to ignore both IDs for the same accepted runner-provided pip issue.

Related issue

Issue linking is handled automatically.

Changes

  • Workflow advisory-ID alignment
    • Updated .github/workflows/ci.yml in pip-audit step to ignore both identifiers for the same vulnerability:
      • CVE-2026-3219
      • PYSEC-2026-196
  • Inline policy note update
    • Clarified comment text to document the CVE/PYSEC dual-ID mapping.
pip-audit --strict \
  --ignore-vuln=CVE-2026-3219 \
  --ignore-vuln=PYSEC-2026-196

Testing

  • Tests pass (pytest tests/ -v)
  • Linting passes (ruff check src/zettelforge/)
  • New tests added for new functionality
  • No new external infrastructure dependencies without discussion

Copilot AI changed the title [WIP] Fix failing GitHub Actions job pip-audit Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory Jun 5, 2026
Copilot AI requested a review from rolandpg June 5, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rolandpg rolandpg Awaiting requested review from rolandpg rolandpg is a code owner

Assignees

@rolandpg rolandpg

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rolandpg