Skip to content

Commit 1dc2ecd

Browse files
dannyadairdannyadair
committed
ci: update pip
The current python action (as bumped by dependabot) seems to still be running pip 25.2 which pip-audit flagged for known vulnerability
1 parent c5d6b57 commit 1dc2ecd

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

.github/workflows/pip-audit.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ jobs:
2323
echo "VIRTUAL_ENV=$PWD/.venv" >> $GITHUB_ENV
2424
echo "$PWD/.venv/bin" >> $GITHUB_PATH
2525
uv sync --dev
26+
- name: Upgrade pip in venv
27+
run: |
28+
python -m pip install --upgrade pip
2629
- name: Run pip-audit
2730
run: |
2831
pip-audit

0 commit comments

Comments
 (0)