Release 2.4.10

[2.4.10]

Fixed

• Fixed a crash triggered when no vulnerabilities are found with some
  configurations (#437)

Release 2.4.9

[2.4.9]

Fixed

• The --output flag will no longer produce an empty file in the event
  of a failure within pip-audit itself, making it easier to distinguish
  between audit failures being reported by pip-audit and pip-audit's
  own errors (#432)

• Removed pin on packaging now that our dependency pins it for us
  (#429)

Release 2.4.8

[2.4.8]

Fixed

• Pin maximum version of packaging dependency to avoid installing the new
  22.0 version which is incompatible with pip-requirements-parser
  (#427)

Release 2.4.7

Fixed

• Fixed a timestamp parsing bug that occurred with some vulnerability
  reports provided by the OSV service
  (#416)

Release 2.4.6

Fixed

• Fixed an incorrect interaction between --desc=auto and --format=json;
  --desc=auto now includes the description in the generated JSON report,
  as intended (#399)

• Fixed a bug in dependency resolution with third-party indices where
  relative URLs were not resolved correctly (#411, #412)

Release 2.4.5

Fixed

• Fixed an issue where audits done with the PyPI vulnerability service (the
  default) were not correctly filtered by "withdrawn" status; "withdrawn"
  vulnerabilities are now excluded
  (#393)

• Fixed an issue where audits done with the OSV vulnerability service (-s osv)
  were not correctly filtered by "withdrawn" status; "withdrawn" vulnerabilities
  are now excluded (#386)

• Fixed pip-audit's handling of URL-style requirements in --no-deps mode
  (URL requirements are now treated as skipped, rather than producing
  an error due to a lack of pinning)
  (#395)

Release 2.4.4

Changed

• pip-audit is now a PyPA member project, and lives under
  pypa/pip-audit!

• Improved error message for when unpinned URL requirements are found during an
  audit with the --no-deps flag
  (#355)

Fixed

• Fixed an issue where packages on PyPI with no published versions trigger a
  dependency resolution failure instead of being skipped
  (#357)

• Fixed an incorrect assertion triggering for non-editable URL requirements that
  don't have an egg fragment
  (#359)

v2.4.3

Fixed

• Fixed a regression in requirements auditing that was introduced during the move from pip-api to pip-requirements-parser where editable installs without an egg fragment would cause audits to crash (#331)

v2.4.2

Fixed

• CLI: the --format=markdown and --format=columns output formats are no longer broken by long vulnerability descriptions from the OSV and PyPI vulnerability sources (#323)

Release 2.4.1

[2.4.1]

Fixed

• Fixed a breakage in hash-checking mode caused by a
  change to the PyPI JSON API
  (#318)