Skip to content

Releases: pypa/pip-audit

Release 2.5.4

29 Mar 08:11
@tetsuo-cpp tetsuo-cpp
v2.5.4
83780af
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.5.4

Changed

  • Refactored index-url option to not override user pip config by default,
    unless specified (#565)

Fixed

  • Fixed bug with the --fix flag where new requirements were sometimes being
    appended to requirement files instead of patching the existing requirement
    (#577)

  • Fixed a crash caused by auditing requirements files that refer to other
    requirements files (#568)

Assets 18
Loading

v2.5.3

23 Mar 22:06
@woodruffw woodruffw
v2.5.3
e14a2db
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.5.3

Changed

  • Further simplified pip-audit's dependency resolution to remove inconsistent
    behaviour when using hashed requirements or the --no-deps flag
    (#540)

Fixed

  • Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs
    (#572)
Assets 16
Loading

v2.5.2

20 Mar 17:38
@woodruffw woodruffw
v2.5.2
82b12d5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.5.2

Fixed

  • Fixed a loose dependency constraint for CycloneDX SBOM generation
    (#558)
Assets 16
Loading

Release 2.5.1

17 Mar 15:28
@woodruffw woodruffw
v2.5.1
111bdb0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.5.1

Fixed

  • Fixed a crash on Windows caused by multiple open file handles to
    input requirements (#551)
Assets 16
Loading

Release 2.5.0

16 Mar 10:58
@tetsuo-cpp tetsuo-cpp
v2.5.0
d5ca197
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.5.0

Changed

  • Improved error messaging when a requirements input or indirect dependency
    has an invalid (non-PEP 440) requirements specifier
    (#507)

  • pip-audit's handling of dependency resolution has been significantly
    refactored and simplified (#523)

Fixed

  • Fixed a potential crash on invalid unicode in subprocess streams
    (#536)
Assets 16
Loading

Release 2.4.15

31 Jan 17:33
@woodruffw woodruffw
v2.4.15
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
6662d0d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.15

Fixed

  • Fixed an issue where hash checking would fail when using third-party indices
    (#462)

  • Fixed the behavior of the --skip-editable flag, which had regressed
    with an internal API change
    (#499)

  • Fixed a dependency resolution bug that can potentially be triggered when
    multiple packages have the same subdependency
    (#488)

Assets 6
Loading

Release 2.4.14

20 Jan 19:55
@woodruffw woodruffw
v2.4.14
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
f6d1b7e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.14

Fixed

  • Fixed a dependency resolution failure caused by incorrect handling of
    a PEP 440 edge case around prerelease versions
    (#477)
Assets 6
Loading

Release 2.4.13

10 Jan 18:36
@woodruffw woodruffw
v2.4.13
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
b3cd253
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.13

Fixed

  • Added a lower bound on packaging to ensure that non-normalized versions
    are handled correctly (#471)
Assets 6
Loading

Release 2.4.12

29 Dec 16:36
@woodruffw woodruffw
v2.4.12
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: AO6WS0M16fkfBJfSfkEHY5TigVGZQh8yIMrEHmGfIVs Learn about vigilant mode.
d406600
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.12

Fixed

  • Fixed pip-audit's virtual environment creation and upgrade behavior,
    preventing spurious vulnerability reports
    (#454)

  • Users are now warned if a pip-audit invocation is ambiguous, e.g.
    if they've installed pip-audit globally but are asking for an audit
    of a loaded virtual environment
    (#451)

Assets 6
Loading

Release 2.4.11

28 Dec 14:56
@woodruffw woodruffw
v2.4.11
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
dddcf24
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.11

Fixed

  • Fixed a crash triggered when a package specifies an invalid version
    specifier for its requires-python version
    (#447)
Assets 6
Loading