Skip to content

chore(deps-dev): update pip-audit requirement from <3.0.0,>=2.4.4 to >=2.10.1,<3.0.0#1206

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/pip-audit-gte-2.10.1-and-lt-3.0.0
Open

chore(deps-dev): update pip-audit requirement from <3.0.0,>=2.4.4 to >=2.10.1,<3.0.0#1206
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/pip-audit-gte-2.10.1-and-lt-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on pip-audit to permit the latest version.

Release notes

Sourced from pip-audit's releases.

v2.10.1

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)
Changelog

Sourced from pip-audit's changelog.

[2.10.1]

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)

[2.10.0]

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

  • The minimum version of Python is now 3.10 (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

[2.9.0]

Added

  • pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

[2.8.0]

Added

... (truncated)

Commits
  • 8894eb8 Merge pull request #1056 from pypa/copilot/release-2101
  • 1c625b7 Update version in README.md to 2.10.1
  • fd2094b Prep 2.10.1 release
  • 58d2488 build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (#1052)
  • 8df9420 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#1044)
  • 3f618d3 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1053)
  • 4849132 Restrict OIDC token to publish job (#1050)
  • c1eb69a Fix KeyError when OSV affected entry omits optional ranges field (#1046)
  • 68de07f Merge pull request #1054 from pypa/fix/1047
  • ef31c9e Formatting fixes
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 17, 2026
@dependabot dependabot Bot requested review from behnazh and jenstroeger as code owners June 17, 2026 08:52
@jenstroeger

jenstroeger commented Jun 18, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot
chore(deps-dev): update pip-audit requirement
977de24 
Updates the requirements on [pip-audit](https://github.com/pypa/pip-audit) to permit the latest version.
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.4.4...v2.10.1)

---
updated-dependencies:
- dependency-name: pip-audit
  dependency-version: 2.10.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/main/pip-audit-gte-2.10.1-and-lt-3.0.0 branch from 2f03ac4 to 977de24 Compare June 18, 2026 03:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jenstroeger jenstroeger Awaiting requested review from jenstroeger jenstroeger is a code owner
@behnazh behnazh Awaiting requested review from behnazh behnazh is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jenstroeger