Skip to content

Stop ignoring pygments vulnerability#260

Open
jsf9k wants to merge 1 commit into
developfrom
improvement/stop-ignoring-pygments-vuln
Open

Stop ignoring pygments vulnerability#260
jsf9k wants to merge 1 commit into
developfrom
improvement/stop-ignoring-pygments-vuln

Conversation

@jsf9k

@jsf9k jsf9k commented Apr 7, 2026

Copy link
Copy Markdown
Member

🗣 Description

This pull request modifies the pre-commit configuration for the pip-audit hook to stop ignoring a pygments-specific vulnerability (CVE-2026-4539).

💭 Motivation and context

Ignoring the vulnerability is no longer necessary now that pygments 2.20.0 has been released.

Resolves #257.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

This is no longer necessary now that pygments 2.20.0 has been
released.

Resolves #257.
@jsf9k jsf9k self-assigned this Apr 7, 2026
@jsf9k jsf9k added the kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release label Apr 7, 2026
@jsf9k jsf9k moved this to In Progress in Next Kraken Apr 7, 2026
@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label Apr 7, 2026
@jsf9k
jsf9k marked this pull request as ready for review April 7, 2026 14:40
Copilot AI review requested due to automatic review settings April 7, 2026 14:40
@jsf9k
jsf9k requested review from dav3r, felddy and mcdonnnj as code owners April 7, 2026 14:40
@jsf9k jsf9k moved this from In progress to Review in progress in Skeleton Maintenance Apr 7, 2026

@dav3r dav3r left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates the repository’s pre-commit security scanning configuration to ensure pip-audit no longer suppresses the pygments vulnerability (CVE-2026-4539), aligning the hook behavior with the fact that an upstream fix is now available.

Changes:

  • Removed the pip-audit --ignore-vuln CVE-2026-4539 configuration.
  • Removed the accompanying explanatory/TODO comments related to the temporary ignore.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release

Projects

Status: In Progress
Status: Reviewer approved

Development

Successfully merging this pull request may close these issues.

Revert #258 when possible

4 participants