Skip to content

Releases: pypa/pip-audit

v2.10.0

01 Dec 23:42
@woodruffw woodruffw
v2.10.0
dec2165
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.10.0 Latest
Latest

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to
    retrieve vulnerabilities from a custom OSV service. This is useful for
    organizations that host their own mirror of the OSV database, or that
    have custom OSV records
    (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with
    --vulnerability-service=esms
    (#903).

Changed

  • The minimum version of Python is now 3.10
    (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files
    containing TOML 1.0.0 features
    (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their
    affected components via the affects field
    (#980)

Assets 2
Loading

v2.9.0

07 Apr 16:43
@woodruffw woodruffw
v2.9.0
89ba959
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.9.0

Added

  • pip-audit now supports PEP 751
    lockfiles. These lockfiles can be audited in "project" mode by
    passing --locked to pip-audit
    (#888)
Loading

v2.8.0

06 Feb 22:57
@woodruffw woodruffw
v2.8.0
888cf00
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.8.0

Added

  • pip-audit now allows some CLI flags to be configured via environment
    variables (#755)

Changed

  • The default cache locations on macOS and Linux now respect each platform's
    caching directory idioms (e.g. XDG)
    (#814)

  • The minimum version of Python is now 3.9
    (#846)

Loading

v2.7.3

30 Apr 19:26
@woodruffw woodruffw
v2.7.3
ca65afe
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.7.3

Fixed

  • Improved handling of temporary files on Windows
    (#757)

  • Fixed a subprocess deadlock on Windows
    (#756)

Loading

v2.7.2

29 Feb 16:05
@woodruffw woodruffw
v2.7.2
fa511eb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.7.2

Fixed

  • pip-audit now invokes pip with --keyring-provider=subprocess,
    partially fixing a regression that was introduced with another authentication
    fix in 2.6.2. This allows the interior pip to use keyring to perform
    third-party index authentication.

Full Changelog: v2.7.1...v2.7.2

Loading

v2.7.1

12 Feb 19:08
@woodruffw woodruffw
v2.7.1
2d37319
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.7.1

Fixed

  • Improved the error returned to users when their default temporary
    directory lacks execute permissions
    (#737)
Loading

v2.7.0

11 Jan 19:35
@woodruffw woodruffw
v2.7.0
27dfa6f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.7.0

Added

  • pip-audit now includes vulnerability aliases when --format=json is used,
    and also includes them in other output formats if specified by adding the
    flag --aliases
Loading

v2.6.3

08 Jan 03:43
@tetsuo-cpp tetsuo-cpp
v2.6.3
c2f4bd7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.6.3

Fixed

  • Removed a misleading warning message that resulted in user confusion
    (#719)
Loading

v2.6.2

19 Dec 03:48
@woodruffw woodruffw
v2.6.2
3e2cb18
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.6.2

Changed

  • pip-audit's minimum Python version is now 3.8.

Fixed

  • Fixed a hang caused by auditing requirements when resolving against
    an index that requires authentication, causing pip to wait indefinitely
    for credentials (#707)
Loading

v2.6.1

24 Jul 18:46
@woodruffw woodruffw
v2.6.1
d424209
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.6.1

Fixed

  • Fixed a crash on Windows caused by pip-audit's use of temporary files
    (#647)
Loading