This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new fb14bd9 Document how to resolve a known problem with pip-audit
fb14bd9 is described below
commit fb14bd91bf4f1f3e1c95dc8dcd2944bab690d935
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Jan 23 18:40:15 2026 +0000
Document how to resolve a known problem with pip-audit
---
CONTRIBUTING.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 43a4b8a..fb6b11b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -76,7 +76,7 @@ For detailed ASF policies, commit message guidelines, and
security consideration
sh tests/run-unit.sh # Required: unit tests
```
- All checks and tests must pass locally before submitting.
+ All checks and tests must pass locally before submitting. If `pip-audit` is
reporting false positive CVEs, try running `uv run --frozen pre-commit clean`
first.
4. **Commit** with a clear message (see [commit style](#commit-message-style)
below)
@@ -168,6 +168,8 @@ sh tests/run-playwright.sh
make check-light
```
+Run `uv run --frozen pre-commit clean` if `pip-audit` reports false positive
CVEs during checks.
+
## ASF requirements
### Contributor License Agreement
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
