v2.7.3

Fixed

• Improved handling of temporary files on Windows
  (#757)

• Fixed a subprocess deadlock on Windows
  (#756)

v2.7.2

Fixed

• pip-audit now invokes pip with --keyring-provider=subprocess,
  partially fixing a regression that was introduced with another authentication
  fix in 2.6.2. This allows the interior pip to use keyring to perform
  third-party index authentication.

Full Changelog: v2.7.1...v2.7.2

v2.7.1

Fixed

• Improved the error returned to users when their default temporary
  directory lacks execute permissions
  (#737)

v2.7.0

Added

• pip-audit now includes vulnerability aliases when --format=json is used,
  and also includes them in other output formats if specified by adding the
  flag --aliases

v2.6.3

Fixed

• Removed a misleading warning message that resulted in user confusion
  (#719)

v2.6.2

Changed

• pip-audit's minimum Python version is now 3.8.

Fixed

• Fixed a hang caused by auditing requirements when resolving against
  an index that requires authentication, causing pip to wait indefinitely
  for credentials (#707)

v2.6.1

Fixed

• Fixed a crash on Windows caused by pip-audit's use of temporary files
  (#647)

v2.6.0

Added

• Added option to skip dependency resolution via pip with the --disable-pip
  flag. This option can only be used with hashed requirements files or when the
  --no-deps flag has been provided
  (#610)

v2.5.6

Fixed

• Fixed a crash caused by incompatible dependency changes
  (#617)

v2.5.5

Fixed

• Fixed a crash caused by incompatible dependency changes
  (#605)