chore: prep 2.8.0

.github/workflows/release.yml

@@ -13,7 +13,6 @@ jobs:
 
     permissions:
       # Used to authenticate to PyPI via OIDC.
-      # Used to sign the release's artifacts with sigstore-python.
       id-token: write
 
       # Used to attach signing artifacts to the published release.
@@ -37,8 +36,3 @@ jobs:
     - name: publish
       uses: pypa/gh-action-pypi-publish@release/v1
 
-    - name: sign
-      uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
-      with:
-        inputs: ./dist/*.tar.gz ./dist/*.whl
-        release-signing-artifacts: true

.pre-commit-config.yaml

@@ -27,7 +27,7 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pypa/pip-audit
-    rev: v2.7.3
+    rev: v2.8.0
     hooks:
       - id: pip-audit
   - repo: https://github.com/rhysd/actionlint

CHANGELOG.md

@@ -8,6 +8,8 @@ All versions prior to 0.0.9 are untracked.
 
 ## [Unreleased]
 
+## [2.8.0]
+
 ### Added
 
 * `pip-audit` now allows some CLI flags to be configured via environment
@@ -616,7 +618,8 @@ All versions prior to 0.0.9 are untracked.
   dependency errors ([#146](https://github.com/pypa/pip-audit/pull/146))
 
 <!-- Release URLs -->
-[Unreleased]: https://github.com/pypa/pip-audit/compare/v2.7.3...HEAD
+[Unreleased]: https://github.com/pypa/pip-audit/compare/v2.8.0...HEAD
+[2.8.0]: https://github.com/pypa/pip-audit/compare/v2.7.3...v2.8.0
 [2.7.3]: https://github.com/pypa/pip-audit/compare/v2.7.2...v2.7.3
 [2.7.2]: https://github.com/pypa/pip-audit/compare/v2.7.1...v2.7.2
 [2.7.1]: https://github.com/pypa/pip-audit/compare/v2.7.0...v2.7.1

README.md

@@ -107,7 +107,7 @@ For example, using `pip-audit` via `pre-commit` to audit a requirements file:
 
 ```yaml
   - repo: https://github.com/pypa/pip-audit
-    rev: v2.7.3
+    rev: v2.8.0
     hooks:
       -   id: pip-audit
           args: ["-r", "requirements.txt"]

pip_audit/__init__.py

@@ -2,4 +2,4 @@
 The `pip_audit` APIs.
 """
 
-__version__ = "2.7.3"
+__version__ = "2.8.0"