jared
8effb24761
-r requirements.txt causes pip-audit to spawn an internal venv which calls ensurepip, failing with exit 127 on the standalone Python build. --local avoids the venv. CVE-2026-3219 is in pip itself (not our deps) so we ignore it explicitly with --ignore-vuln. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>