From c03c5315eb7ef411d2dd3f67c60d848752cd3ff5 Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Mon, 23 Feb 2026 19:49:18 -0600
Subject: [PATCH] Add pip-audit and pnpm audit steps to CI workflow

---
 .gitea/workflows/ci.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 4964a65..0e83f3f 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -32,8 +32,12 @@ jobs:
               run: pip install poetry
             - name: Setup Python environment
               run: task setup:be
+            - name: pip-audit
+              run: poetry run pip install pip-audit && poetry run pip-audit
             - name: Install Node dependencies
               run: task deps:fe
+            - name: pnpm audit
+              run: pnpm audit --audit-level=high
             - name: Lint
               run: |
                   set -o pipefail
@@ -57,6 +61,8 @@ jobs:
                   version: "3.46.3"
             - name: Install dependencies
               run: task deps:fe
+            - name: pnpm audit
+              run: pnpm audit --audit-level=high
             - name: Determine version
               id: version
               run: |
@@ -111,6 +117,10 @@ jobs:
               run: pip install poetry
             - name: Install dependencies
               run: task install
+            - name: pip-audit
+              run: poetry run pip install pip-audit && poetry run pip-audit
+            - name: pnpm audit
+              run: pnpm audit --audit-level=high
             - name: Run language tests
               run: |
                   set -o pipefail