Open q0w opened 1 year ago
Thanks for the report @q0w -- like #564, this sounds like a bug, so we'd appreciate it if you'd use the bug template.
Updated
Thanks! Assigning @tetsuo-cpp for triage.
Thanks for reporting this @q0w! We should definitely support updating hashes with --fix
.
@di We discussed this issue briefly yesterday. I can confirm that we've never supported this before so this isn't a 2.5.x regression. I think it's still worth making this one a priority though.
Bug description
pip-audit
--fix
does not update package hashesReproduction steps
Expected behavior
pip-audit
--fix
updates not only package versions but also package hashes.Screenshots and logs
before
after
Platform information
pip-audit
version (pip-audit -V
): pip-audit 2.5.4python -V
orpython3 -V
): Python 3.10.10pip
version (pip -V
orpip3 -V
): pip 23.0.1Additional context