As part of keeping your workflows up-to-date, we recommend that you change your workflow slugs to pypa/gh-action-pip-audit. Once you do that, Dependabot (or whatever other tooling you use) should track updates to the action correctly.
P.S.: I'm filing these issues instead of making PRs, so that you (as maintainers) can confirm the trustworthiness of the change. If you'd prefer me to make a PR instead, give me a ping and I'll do so.
Thanks for using
gh-action-pip-auditin your CI!I'm filing this issue (as an actual human being) to let you know that we recently became a PyPA member project, and correspondingly changed our repo from
trailofbits/gh-action-pip-audittopypa/gh-action-pip-audit.As part of keeping your workflows up-to-date, we recommend that you change your workflow slugs to
pypa/gh-action-pip-audit. Once you do that, Dependabot (or whatever other tooling you use) should track updates to the action correctly.P.S.: I'm filing these issues instead of making PRs, so that you (as maintainers) can confirm the trustworthiness of the change. If you'd prefer me to make a PR instead, give me a ping and I'll do so.