From 503e92df0fff72d4d388d0496a437247a7e8c45d Mon Sep 17 00:00:00 2001
From: Phil Gee <originalphil@gmail.com>
Date: Fri, 6 Mar 2026 16:02:43 +0000
Subject: [PATCH 1/2] AEA-5986 Remove pypi from if statement for package build.

---
 .github/workflows/tag-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index 1b3e7cd..4b61dd1 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -257,7 +257,7 @@ jobs:
                   PYTHON_CONFIGURE_OPTS: --enable-shared
 
             - name: Install Dependencies and Build Package
-              if: ${{ inputs.publish_packages != '' || inputs.pypi_publish }}
+              if: ${{ inputs.publish_packages != '' }}
               run: |
                   make install
                   make build

From f1bee4f9203059f51b3126a86db522894dbc278b Mon Sep 17 00:00:00 2001
From: Phil Gee <originalphil@gmail.com>
Date: Fri, 6 Mar 2026 16:41:50 +0000
Subject: [PATCH 2/2] AEA-5986 Add tar to trivy ignore.

---
 .trivyignore.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index eb821d1..244c6bf 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -19,3 +19,6 @@ vulnerabilities:
   - id: GHSA-qffp-2rhf-9h96
     statement: tar vulnerability accepted as risk - dependency of npm (multiple)
     expired_at: 2026-06-01
+  - id: CVE-2026-29786
+    statement: tar vulnerability accepted as risk - dependency of npm (multiple)
+    expired_at: 2026-06-01