chore(deps-dev): bump pip-audit from 2.7.3 to 2.10.0 in /backend by dependabot[bot] · Pull Request #47 · HatmanStack/float

dependabot · 2026-04-19T06:05:35Z

Bumps pip-audit from 2.7.3 to 2.10.0.

Release notes

v2.10.0

Added

pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

The minimum version of Python is now 3.10 (#905)

Fixed

Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

v2.9.0

Added

pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

v2.8.0

Added

pip-audit now allows some CLI flags to be configured via environment variables (#755)

Changed

The default cache locations on macOS and Linux now respect each platform's caching directory idioms (e.g. XDG) (#814)

The minimum version of Python is now 3.9 (#846)

Changelog

Sourced from pip-audit's changelog.

[2.10.0]

Added

pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

The minimum version of Python is now 3.10 (#905)

Fixed

Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

[2.9.0]

Added

pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

[2.8.0]

Added

pip-audit now allows some CLI flags to be configured via environment variables (#755)

Changed

The default cache locations on macOS and Linux now respect each platform's caching directory idioms (e.g. XDG) (#814)

... (truncated)

Commits

dec2165 chore: prep release v2.10.0 (#905)
d191a22 Fix CycloneDX vulnerability-component linking (#980) (#981)
a3f69b1 dependabot: add cooldowns (#978)
42df1b2 build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#976)
d4cbb66 build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#977)
0f2889d build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#975)
ad15644 build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#974)
831ca98 build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#972)
afeb9ea build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#973)
2969e7c build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 (#971)
Additional commits viewable in compare view

HatmanStack · 2026-05-04T19:15:35Z

@dependabot rebase

HatmanStack · 2026-05-17T21:31:35Z

@dependabot rebase

dependabot · 2026-05-17T21:31:38Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-18T14:25:09Z

@dependabot rebase

Bumps [pip-audit](https://github.com/pypa/pip-audit) from 2.7.3 to 2.10.0. - [Release notes](https://github.com/pypa/pip-audit/releases) - [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md) - [Commits](pypa/pip-audit@v2.7.3...v2.10.0) --- updated-dependencies: - dependency-name: pip-audit dependency-version: 2.10.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

HatmanStack · 2026-05-19T14:09:04Z

@dependabot rebase

dependabot · 2026-05-19T14:09:14Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-20T14:05:52Z

@dependabot rebase

dependabot · 2026-05-20T14:05:57Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-22T13:58:33Z

@dependabot rebase

dependabot · 2026-05-22T13:58:38Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-25T14:12:33Z

@dependabot rebase

dependabot · 2026-05-25T14:12:37Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-26T14:13:43Z

@dependabot rebase

dependabot · 2026-05-26T14:13:48Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-27T14:22:09Z

@dependabot rebase

dependabot · 2026-05-27T14:22:15Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

HatmanStack · 2026-05-28T14:28:52Z

@dependabot rebase

dependabot · 2026-05-28T14:28:57Z

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 19, 2026

dependabot Bot force-pushed the dependabot/pip/backend/pip-audit-2.10.0 branch from b12445d to b172576 Compare May 4, 2026 19:20

dependabot Bot force-pushed the dependabot/pip/backend/pip-audit-2.10.0 branch from b172576 to b9bd8de Compare May 18, 2026 14:26

Conversation

dependabot Bot commented on behalf of github Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.10.0

Added

Changed

Fixed

v2.9.0

Added

v2.8.0

Added

Changed

[2.10.0]

Added

Changed

Fixed

[2.9.0]

Added

[2.8.0]

Added

Changed

Uh oh!

HatmanStack commented May 4, 2026

Uh oh!

HatmanStack commented May 17, 2026

Uh oh!

dependabot Bot commented on behalf of github May 17, 2026

Uh oh!

HatmanStack commented May 18, 2026

Uh oh!

HatmanStack commented May 19, 2026

Uh oh!

dependabot Bot commented on behalf of github May 19, 2026

Uh oh!

HatmanStack commented May 20, 2026

Uh oh!

dependabot Bot commented on behalf of github May 20, 2026

Uh oh!

HatmanStack commented May 22, 2026

Uh oh!

dependabot Bot commented on behalf of github May 22, 2026

Uh oh!

HatmanStack commented May 25, 2026

Uh oh!

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

HatmanStack commented May 26, 2026

Uh oh!

dependabot Bot commented on behalf of github May 26, 2026

Uh oh!

HatmanStack commented May 27, 2026

Uh oh!

dependabot Bot commented on behalf of github May 27, 2026

Uh oh!

HatmanStack commented May 28, 2026

Uh oh!

dependabot Bot commented on behalf of github May 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 19, 2026 •

edited

Loading