I take it back, just ignore the new setuptools vuln

alifeee · alifeee · commit b899e20187a5 · 2025-05-31T12:13:19.000+01:00
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -24,11 +24,11 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
       - run: pip install -U pip
-      - run: pip install -U bandit pyupgrade pip-audit tox
+      - run: pip install -U bandit pyupgrade pip-audit tox setuptools
       - run: bandit --recursive --skip B105,B110,B311,B605,B607 --exclude ./.tox .
       - run: tox -e lint
       - run: tox -e py
       - run: shopt -s globstar && pyupgrade --py3-only **/*.py # --py36-plus
-      - run: pip-audit --ignore-vuln PYSEC-2023-228 # pip:PYSEC-2023-228
+      - run: pip-audit --ignore-vuln PYSEC-2023-228 --ignore-vuln PYSEC-2022-43012 --ignore-vuln GHSA-5rjg-fvgr-3xxf # pip:PYSEC-2023-228 setuptools:PYSEC-2022-43012 setuptools:GHSA-5rjg-fvgr-3xxf
       - run: tox -e build
       - run: tox -e doc
