Skip to content

Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory#161

Merged
rolandpg merged 2 commits into
masterfrom
copilot/fix-pip-audit-job-failure
Jun 8, 2026
Merged

Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory#161
rolandpg merged 2 commits into
masterfrom
copilot/fix-pip-audit-job-failure

Conversation

Copilot AI commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Summary

The pip-audit job failed because the accepted pip vulnerability was reported as PYSEC-2026-196 while CI only ignored CVE-2026-3219. This updates the workflow to ignore both IDs for the same accepted runner-provided pip issue.

Related issue

Issue linking is handled automatically.

Changes

  • Workflow advisory-ID alignment
    • Updated .github/workflows/ci.yml in pip-audit step to ignore both identifiers for the same vulnerability:
      • CVE-2026-3219
      • PYSEC-2026-196
  • Inline policy note update
    • Clarified comment text to document the CVE/PYSEC dual-ID mapping.
pip-audit --strict \
  --ignore-vuln=CVE-2026-3219 \
  --ignore-vuln=PYSEC-2026-196

Testing

  • Tests pass (pytest tests/ -v)
  • Linting passes (ruff check src/zettelforge/)
  • New tests added for new functionality
  • No new external infrastructure dependencies without discussion

Copilot AI changed the title [WIP] Fix failing GitHub Actions job pip-audit Fix pip-audit CI failure by ignoring PYSEC alias for accepted pip advisory Jun 5, 2026
Copilot AI requested a review from rolandpg June 5, 2026 17:29
@rolandpg rolandpg marked this pull request as ready for review June 8, 2026 00:51
Copilot AI review requested due to automatic review settings June 8, 2026 00:51

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the CI pip-audit workflow step to treat CVE-2026-3219 and its PYSEC-2026-196 alias as the same risk-accepted, runner-provided pip vulnerability, preventing false CI failures when the advisory is reported under the alternate identifier.

Changes:

  • Added PYSEC-2026-196 alongside CVE-2026-3219 to the pip-audit --ignore-vuln list.
  • Updated the inline workflow comment to document the CVE/PYSEC dual-ID mapping for the accepted runner pip advisory.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rolandpg rolandpg self-requested a review June 8, 2026 00:52
@rolandpg rolandpg merged commit 2427132 into master Jun 8, 2026
14 checks passed
@rolandpg rolandpg deleted the copilot/fix-pip-audit-job-failure branch June 8, 2026 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants