Pip Audit Versions Save

Fixed

• Improved handling of temporary files on Windows (#757)

• Fixed a subprocess deadlock on Windows (#756)

Fixed

• pip-audit now invokes pip with --keyring-provider=subprocess, partially fixing a regression that was introduced with another authentication fix in 2.6.2. This allows the interior pip to use keyring to perform third-party index authentication.

Full Changelog: https://github.com/pypa/pip-audit/compare/v2.7.1...v2.7.2

Fixed

• Improved the error returned to users when their default temporary directory lacks execute permissions (#737)

Added

• pip-audit now includes vulnerability aliases when --format=json is used, and also includes them in other output formats if specified by adding the flag --aliases

Fixed

• Removed a misleading warning message that resulted in user confusion (#719)

Changed

• pip-audit's minimum Python version is now 3.8.

Fixed

• Fixed a hang caused by auditing requirements when resolving against an index that requires authentication, causing pip to wait indefinitely for credentials (#707)

Fixed

• Fixed a crash on Windows caused by pip-audit's use of temporary files (#647)

Added

• Added option to skip dependency resolution via pip with the --disable-pip flag. This option can only be used with hashed requirements files or when the --no-deps flag has been provided (#610)

Fixed

• Fixed a crash caused by incompatible dependency changes (#617)

Fixed

• Fixed a crash caused by incompatible dependency changes (#605)