From f19ba919812944374a9e848632f503c6f9033073 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 23 Oct 2025 18:01:35 +0000
Subject: [PATCH 1/2] Configure Renovate

---
 renovate.json | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 renovate.json

diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..cc53953
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,22 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "assigneesFromCodeOwners": true,
+  "extends": [
+    "schedule:nonOfficeHours"
+  ],
+  "dependencyDashboard": true,
+  "enabledManagers": [
+    "pep621"
+  ],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "schedule": [
+      "* 4 * * 1"
+    ]
+  },
+  "vulnerabilityAlerts": {
+    "labels": [
+      "security"
+    ]
+  }
+}
\ No newline at end of file

From a44d2e364e084807b0fdaed52e8b56a8ddf756e9 Mon Sep 17 00:00:00 2001
From: Jonavelle Cuerdo <cuerdojonavelle@gmail.com>
Date: Fri, 24 Oct 2025 11:52:58 -0400
Subject: [PATCH 2/2] Ignore vulnerability GHSA-4xh5-x5gv-qwph

Why these changes are being introduced:
The vulnerability GHSA-4xh5-x5gv-qwph is triggering an error
from pip-audit, but technically running python >= 3.12 is
sufficient to mitigate the risk.  Until pip releases a new
release, even though we have no risk, pip-audit will continue
to fail.

How this addresses that need:
* Explicitly ignores the vulnerability during vulnerability
scanning.

Side effects of this change:
* None

Relevant ticket(s):
* None
---
 .pre-commit-config.yaml | 2 +-
 Makefile                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5c4da5e..eb7bc47 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -24,6 +24,6 @@ repos:
         types: ["python"]
       - id: pip-audit
         name: pip-audit
-        entry: uv run pip-audit
+        entry: uv run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
         language: system
         pass_filenames: false
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 139963e..a1c63d2 100644
--- a/Makefile
+++ b/Makefile
@@ -62,7 +62,7 @@ ruff: # Run 'ruff' linter and print a preview of errors
 	uv run ruff check .
 
 safety: # Check for security vulnerabilities
-	uv run pip-audit
+	uv run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
 
 lint-apply: black-apply ruff-apply # Apply changes with 'black' and resolve 'fixable errors' with 'ruff'