From d87ba95d9cf58d83088fc48fd0e934b915fab176 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Thu, 4 Dec 2025 15:10:26 +0530
Subject: [PATCH] Ignore CVE-2025-13836

We dont care about this DoS enough, so ignore until a new version of
python 3.12 s released with the fix. Not updating past Python 3.12 for
this DoS.
---
 .github/workflows/ci.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.py b/.github/workflows/ci.py
index c71f416d9..1fd8b7789 100644
--- a/.github/workflows/ci.py
+++ b/.github/workflows/ci.py
@@ -220,6 +220,7 @@ IGNORED_DEPENDENCY_CVES = [
     # Python stdlib
     'CVE-2025-8194', # DoS in tarfile
     'CVE-2025-6069', # DoS in HTMLParser
+    'CVE-2025-13836', # DoS in http client reading from malicious server
     # glib
     'CVE-2025-4056', # Only affects Windows, on which we dont run
     # github.com/nwaples/rardecode/v2