From ae36822837efb054d338b4efdf3946cb7fccb941 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Fri, 23 Jan 2026 19:07:02 +0530
Subject: [PATCH] Ignore a bunch of CVes in python that havent actually had
 their fixes released yet.

---
 .github/workflows/ci.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/ci.py b/.github/workflows/ci.py
index d0f0fe9f9..1d56c9174 100644
--- a/.github/workflows/ci.py
+++ b/.github/workflows/ci.py
@@ -213,6 +213,15 @@ IGNORED_DEPENDENCY_CVES = [
     'CVE-2025-13836', # DoS in http client reading from malicious server
     'CVE-2025-12084', # DoS in xml.dom.minidom unused in kitty
     'CVE-2025-13837', # DoS in plistlib reading plist. We only use plistlib for writing
+    # python stdlib all these are erroneously marked as fixed in python 3.15
+    # when it hasnt even been released. Sigh.
+    'CVE-2026-0865',
+    'CVE-2025-15282',
+    'CVE-2026-0672',
+    'CVE-2025-15366',
+    'CVE-2025-15367',
+    'CVE-2025-12781',
+    'CVE-2025-11468',
     # glib
     'CVE-2025-4056', # Only affects Windows, on which we dont run
     # github.com/nwaples/rardecode/v2