Skip to content

chore(deps)(deps): update pip-audit requirement from >=2.7.0 to >=2.10.0#155

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-audit-gte-2.10.0
Closed

chore(deps)(deps): update pip-audit requirement from >=2.7.0 to >=2.10.0#155
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-audit-gte-2.10.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Updates the requirements on pip-audit to permit the latest version.

Release notes

Sourced from pip-audit's releases.

v2.10.0

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

  • The minimum version of Python is now 3.10 (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

Changelog

Sourced from pip-audit's changelog.

[2.10.0]

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

  • The minimum version of Python is now 3.10 (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

[2.9.0]

Added

  • pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

[2.8.0]

Added

  • pip-audit now allows some CLI flags to be configured via environment variables (#755)

Changed

  • The default cache locations on macOS and Linux now respect each platform's caching directory idioms (e.g. XDG) (#814)

... (truncated)

Commits
  • dec2165 chore: prep release v2.10.0 (#905)
  • d191a22 Fix CycloneDX vulnerability-component linking (#980) (#981)
  • a3f69b1 dependabot: add cooldowns (#978)
  • 42df1b2 build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#976)
  • d4cbb66 build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#977)
  • 0f2889d build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#975)
  • ad15644 build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#974)
  • 831ca98 build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#972)
  • afeb9ea build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#973)
  • 2969e7c build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 (#971)
  • Additional commits viewable in compare view

@dependabot dependabot Bot requested a review from longieirl as a code owner April 27, 2026 10:47
@dependabot
chore(deps)(deps): update pip-audit requirement from >=2.7.0 to >=2.10.0
1ff905c 
Updates the requirements on [pip-audit](https://github.com/pypa/pip-audit) to permit the latest version.
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.7.0...v2.10.0)

---
updated-dependencies:
- dependency-name: pip-audit
  dependency-version: 2.10.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pip-audit-gte-2.10.0 branch from 7631924 to 1ff905c Compare April 29, 2026 10:14
@longieirl longieirl mentioned this pull request Apr 29, 2026
Merged
2 tasks
@longieirl
Copy link
Copy Markdown
Owner

longieirl commented Apr 29, 2026

Superseded by #161 which consolidates all pending Dependabot bumps into a single commit.

@longieirl longieirl closed this Apr 29, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 29, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/pip-audit-gte-2.10.0 branch April 29, 2026 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@longieirl longieirl Awaiting requested review from longieirl longieirl is a code owner

Assignees

@longieirl longieirl

Labels

automated dependencies python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@longieirl