diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index 1b3e7cd..4b61dd1 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -257,7 +257,7 @@ jobs:
                   PYTHON_CONFIGURE_OPTS: --enable-shared
 
             - name: Install Dependencies and Build Package
-              if: ${{ inputs.publish_packages != '' || inputs.pypi_publish }}
+              if: ${{ inputs.publish_packages != '' }}
               run: |
                   make install
                   make build
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index eb821d1..244c6bf 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -19,3 +19,6 @@ vulnerabilities:
   - id: GHSA-qffp-2rhf-9h96
     statement: tar vulnerability accepted as risk - dependency of npm (multiple)
     expired_at: 2026-06-01
+  - id: CVE-2026-29786
+    statement: tar vulnerability accepted as risk - dependency of npm (multiple)
+    expired_at: 2026-06-01