From 4252de922447dc3b8ea9fc7e2cf30f1a2b522217 Mon Sep 17 00:00:00 2001
From: "const.koutsakis@aurecongroup.com" <constantinos.koutsakis@gmail.com>
Date: Mon, 27 Apr 2026 03:04:16 +1000
Subject: [PATCH] fix: ignore pip CVE-2026-3219 (#11)

---
 .github/security/pip-audit-ignore.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/security/pip-audit-ignore.txt b/.github/security/pip-audit-ignore.txt
index 57dc94a..5713843 100644
--- a/.github/security/pip-audit-ignore.txt
+++ b/.github/security/pip-audit-ignore.txt
@@ -5,6 +5,8 @@
 # Format:
 #   # CVE-XXXX-NNNN — short reason; tracking issue / fix ETA.
 #   CVE-XXXX-NNNN
-#
-# Currently empty for the harness scaffold — add entries as upstream
-# advisories require.
+
+# CVE-2026-3219 — pip 26.0.1; advisory disclosed April 2026, blocks every
+# build until pip 26.0.2+ ships in the GHA tool cache. Remove once
+# `actions/setup-python` upgrades the bundled pip.
+CVE-2026-3219