sbp commented on issue #621: URL: https://github.com/apache/tooling-trusted-releases/issues/621#issuecomment-3884284395
Resolved by 6de01e2c58d329d5121f4470458c4e291e60d2fe, which makes `pip-audit` focus on just our dependencies and not the environment in which it is running. In `pre-commit` it's still downloading an old version of `pip` and this cannot be configured by the user. This has the consequence that `pip-audit` now reports the CVE behind #644 instead, so I had to replace the original ignore with another one. This still counts as progress. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
