docs(ci): add justification comments for ignored CVEs per CodeRabbit review

rahuldass19 · rahuldass19 · commit 1479663ab273 · 2026-02-12T17:31:20.000+05:30
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -51,7 +51,9 @@ jobs:
             set -o pipefail
             /tmp/audit-env/bin/pip install pip-audit
             /tmp/audit-env/bin/pip-audit --strict --skip-editable --desc \
+              `# CVE-2025-8869: pip tar extraction vuln — build-only tool, not in runtime image` \
               --ignore-vuln CVE-2025-8869 \
+              `# CVE-2026-1703: pip wheel path traversal (CVSS 2.0 Low) — build-only, pinned hashes used` \
               --ignore-vuln CVE-2026-1703 \
               2>&1 | tee audit-results.txt
       - store_artifacts:
