Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
pip-audit
now invokes pip
with --keyring-provider=subprocess
,
partially fixing a regression that was introduced with another authentication
fix in 2.6.2. This allows the interior pip
to use keyring
to perform
third-party index authentication.Full Changelog: https://github.com/pypa/pip-audit/compare/v2.7.1...v2.7.2
pip-audit
's minimum Python version is now 3.8.pip
to wait indefinitely
for credentials (#707)pip
with the --disable-pip
flag. This option can only be used with hashed requirements files or when the
--no-deps
flag has been provided
(#610)