ci: add pip-audit pre-commit hook

2026-05-04 00:32:36 +00:00 · 2026-04-11 03:06:31 +08:00
parent ace9617722
commit 9537ba0413
3 changed files with 191 additions and 0 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -24,6 +24,14 @@ repos:
    rev: 0.11.3
    hooks:
      - id: uv-lock
+  - repo: local
+    hooks:
+      - id: pip-audit
+        name: pip-audit
+        entry: bash -c 'source .venv/bin/activate && uv run pip-audit --skip-editable --ignore-vuln CVE-2025-69872 --ignore-vuln CVE-2026-25645 --ignore-vuln CVE-2026-27448 --ignore-vuln CVE-2026-27459 --ignore-vuln PYSEC-2023-235' --
+        language: system
+        pass_filenames: false
+        stages: [pre-push, manual]
  - repo: https://github.com/commitizen-tools/commitizen
    rev: v4.10.1
    hooks: