ignore CVE that is not yet fixed in the package

See gitpython-developers/GitPython#1635

Author: ThunderKey

Diff for: tox.ini

@@ -22,7 +22,8 @@ commands =
   # find unsafe code
   bandit: bandit --recursive . --config pyproject.toml
   # find vulnerable dependencies
-  pip-audit: pip-audit
+  pip-audit: pip-audit \
+    --ignore-vuln GHSA-wfm5-v35h-vwf4  # until package is updated
   # find unused code
   vulture: vulture
   vulture_test: vulture tests python_tool_competition_2024