-
## Bug description
When running pip-audit with `--requirement -` does not read the requirements from stdin like `--requirement /dev/stdin` does but instead raises an exception `pip_requirements_par…
-
```
(cryptography) ~/p/cryptography ❯❯❯ uv --version
uv 0.1.13
```
We have a mixed Python+Rust codebase. Our dev process involves running `pip install .`, which I'm attempting to migrate to `uv …
-
## Bug description
pip-audit `--fix` does not update package hashes
## Reproduction steps
```shell
echo "redis==4.4.3" > requirements.in
pip-compile -q --allow-unsafe --generate-hashes --re…
-
## Bug description
Fix (--fix) adds a fixed dependency in files where there is no original one.
## Reproduction steps
```shell
echo httpx==0.13.3 > a.in
echo astpretty > b.in
pip-compile a.i…
-
Raised by @esultanik.
We need to think a bit more about if/how we'd like to do this, but in terms of user experience: some users might find it confusing that running `pip-audit` (i.e. bare, auditin…
-
**Is your feature request related to a problem? Please describe.**
The current suggested pre-commit hook [here](https://github.com/trailofbits/pip-audit#pre-commit-support) will run on every commit…
-
Our main commands, especially pip-compile, should have a json output format that can be in downstream applications such as auditing, dependabot-like application and our own testing.
-
Breakout from #73.
-
## Bug description
When running pip-audit with some requirements files, it fails to complete because bogus requirement `pkg_resources==0.0.0` is introduced by pypi_provider. E.g. `resolvelib.resolver…
-
As of version 22.2, `pip` supports two new flags on `pip install`: `--dry-run` to perform a "dry run" of the installation steps, and `--report` to generate a JSON-formatted installation report.
It'…