Skip to content

Releases: pypa/pip-audit

Release 2.4.0

30 Jun 18:30
@woodruffw woodruffw
v2.4.0
a52240f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.4.0

[2.4.0]

Added

  • Output formats: pip-audit now supports a Markdown format
    (--format=markdown) which renders results as a set of Markdown tables.
    (#312)
Assets 2
Loading

Release v2.3.4

24 Jun 17:01
@github-actions github-actions
v2.3.4
5764de8
Compare
Choose a tag to compare
Release v2.3.4 
version: v2.3.4
Assets 2
Loading

Release v2.3.3

15 Jun 15:37
@github-actions github-actions
v2.3.3
7915cae
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.3.3

Changed

  • CLI: pip-audit now warns on the combination of -s osv and
    --require-hashes, notifying users that only the PyPI service
    can fully verify hashes
    (#298)

Fixed

  • CLI/Dependency sources: --cache-dir=... and other flags that affect
    dependency resolver behavior now work correctly when auditing a
    pyproject.toml dependency source
    (#300)
Assets 2
Loading

Release v2.3.2

14 Jun 14:09
@github-actions github-actions
v2.3.2
8ad77ea
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.3.2

Changed

  • CLI: pip-audit's progress spinner has been refactored to make it
    faster and more responsive
    (#283)

  • CLI, Vulnerability sources: the error message used to report
    connection failures to vulnerability sources was improved
    (#287)

  • Vulnerability sources: the OSV service is now more resilient
    to schema changes (#288)

  • Vulnerability sources: the PyPI service provides a better
    error message during some cases of service degradation
    (#294)

Fixed

  • Vulnerability sources: a bug stemming from an incorrect assumption
    about OSV's schema guarantees was fixed
    (#284)

  • Caching: pip-audit now respects pip's PIP_NO_CACHE_DIR
    and will not attempt to use the pip cache if present
    (#290)

Assets 2
Loading

Release v2.3.1

24 May 14:24
@github-actions github-actions
v2.3.1
cad4be1
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.3.1

2.3.1 - 2022-05-24

Fixed

  • CLI: A bug causing the terminal's cursor to disappear on some versions of CPython was fixed (#280)
Assets 2
Loading

Release v2.3.0

18 May 14:56
@github-actions github-actions
v2.3.0
a3fe3ef
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.3.0

2.3.0 - 2022-05-18

Added

CLI: The --ignore-vuln option has been added, allowing users to specify vulnerability IDs to ignore during the final report (#275)

CLI: The --no-deps flag has been added, allowing users to skip dependency resolution entirely when pip-audit is used in requirements mode (#255)

Assets 2
Loading

Release v2.2.1

02 May 22:30
@github-actions github-actions
v2.2.1
62bf7a6
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.2.1 
CHANGELOG: 2.2.1
Assets 2
Loading

Release v2.2.0

02 May 17:33
@github-actions github-actions
v2.2.0
dbc56b3
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.2.0

2.2.0 - 2022-05-02

Added

  • CLI: The --output option has been added, allowing users to specify
    a file to write output to. The default behavior of writing to stdout
    is unchanged (#262)

Fixed

  • Vulnerability sources: A bug caused by insufficient version normalization
    was fixed (#263)
Assets 2
Loading

Release v2.1.1

29 Mar 14:19
@github-actions github-actions
v2.1.1
28b29d0
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.1.1

2.1.1 - 2022-03-29

Fixed

  • Dependency sources: A bug caused by ambiguous parses of source distribution
    files was fixed (#249)
Assets 2
Loading

Release v2.1.0

11 Mar 15:51
@github-actions github-actions
v2.1.0
9c1d2be
This commit was signed with the committer’s verified signature. The key has expired.
woodruffw William Woodruff
GPG key ID: 70F70A3979DDCED3
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.1.0

2.1.0 - 2022-03-11

Added

  • CLI: The --skip-editable flag has been added, allowing users to skip local packages or parsed requirements (via -r) that are marked as editable (#244)

  • CLI: pip-audit can audit projects that list their dependencies in pyproject.toml files, via pip-audit <dir> (#246)

Assets 2
Loading