Exclude CVE-2026-4539 from pip-audit scans (#259)

thomas-chauchefoin-tob · web-flow · commit 7a3c2569b1c3 · 2026-03-26T23:46:26.000+01:00
This is an unfixed ReDoS in pygments, pulled by pytest. We can 
safely ignore it and Dependabot will pick up the update at some point.
diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml
@@ -45,3 +45,5 @@ jobs:
         uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266 # v1.1.0
         with:
           virtual-environment: /tmp/pip-audit-env
+          ignore-vulns: |
+            CVE-2026-4539
