Filter out another form of the same CVE

.github/workflows/ci.py

@@ -205,8 +205,8 @@ def install_grype() -> str:
 
 IGNORED_DEPENDENCY_CVES = [
     # Python stdlib
-    'CVE-2025-8194',  # DoS in tarfile
-    'CVE-2025-6069',  # DoS in HTMLParser
+    'CVE-2025-8194', 'BIT-python-2025-8194',  # DoS in tarfile
+    'CVE-2025-6069', 'BIT-python-2025-6069', # DoS in HTMLParser
 ]
 
 
@@ -222,7 +222,7 @@ def check_dependencies() -> None:
     dest = os.path.join(SW, 'macos')
     os.makedirs(dest, exist_ok=True)
     install_bundle(dest, os.path.basename(dest))
-    if (cp := subprocess.run([grype, '--config', gc, '--fail-on', 'medium', SW])).returncode != 0:
+    if (cp := subprocess.run([grype, '--config', gc, '--only-fixed', '--fail-on', 'medium', SW])).returncode != 0:
         raise SystemExit(cp.returncode)
     # Now test against the SBOM
     import runpy
@@ -233,7 +233,7 @@ def check_dependencies() -> None:
     runpy.run_path('bypy-src')
     sys.argv, sys.stdout = orig
     print(buf.getvalue())
-    if (cp := subprocess.run([grype, '--config', gc, '--fail-on', 'medium'], input=buf.getvalue().encode())).returncode != 0:
+    if (cp := subprocess.run([grype, '--config', gc, '--only-fixed', '--fail-on', 'medium'], input=buf.getvalue().encode())).returncode != 0:
         raise SystemExit(cp.returncode)
 
 

bypy/sources.json

@@ -86,12 +86,12 @@
     },
 
     {
-        "name": "sqlite 3500400",
+        "name": "sqlite 3.50.4",
         "spdx": "blessing",
         "unix": {
             "file_extension": "tar.gz",
             "hash": "sha256:a3db587a1b92ee5ddac2f66b3edb41b26f9c867275782d46c3a088977d6a5b18",
-            "urls": ["https://www.sqlite.org/2025/{name}-autoconf-{version}.{file_extension}"]
+            "urls": ["https://www.sqlite.org/2025/{name}-autoconf-3500400.{file_extension}"]
         }
     },