-
### Problem description
Hi,
Just wondering if there any tools for pixi that work like [`pip-audit`](https://github.com/pypa/pip-audit), or if there are plans to integrate such a tool directly int…
-
We switched to `osv-scanner` because of a significant performance regression in `pip-audit`. That regression has now been fixed with the 2.6.0 release, so we should consider switching back.
Low pri…
-
### Pre-submission checks
- [X] I am **not** reporting a new vulnerability or requesting a new vulnerability identifier. These **must** be reported or managed via upstream dependency sources or ser…
-
(This ticket is work in progress)
Pradyun has provided the following output which should cover all output:
https://gist.github.com/pradyunsg/d76a2c4dfe3147b4ebc3aed9b1ce785e
-
Today, the [`pip-audit`](https://pypi.org/project/pip-audit/) tool was released on PyPI. It's a Python tool that uses the Python Packaging Advisory Database (or alternative databases) to check for kno…
-
i was expecting `--exclude-newer` to also downgrade installed packages, is that not the intended behaviour?
```
$ uv pip install --exclude-newer=2024-01-01 jinja2
Resolved 2 packages in 4ms
Inst…
-
### Steps to Reproduce
**Running prolwer using following command:**
```
/usr/local/bin/prowler aws -R arn:$AWSPARTITION:iam::$ACCOUNTID:role/$IAM_CROSS_ACCOUNT_ROLE --compliance aws_well_architec…
-
This issue describes a potential roadmap for the integration of `pip-audit` into `pip` as a `pip audit` subcommand, as well as potential blockers.
This top-level comment will be edited as the roadm…
-
## Bug description
I created a requirements file for my project using `pip-compile`. To get the correct version, I added an extra url for the `torch` installation, resulting in the following comman…
-
**Is your feature request related to a problem? Please describe.**
Yes, having a single CI workflow for multiple repositories we cannot easily ignore vulnerabilities affecting single repository onl…