From 3ec0668b535c60422b090abac8ff0f1be9b4fb68 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 22 May 2023 18:55:02 -0400
Subject: [PATCH 1/3] pyproject: temporarily add my fork

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pyproject.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index c4fb58ce..5c687052 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -27,7 +27,7 @@ classifiers = [
     "Topic :: Security",
 ]
 dependencies = [
-    "CacheControl[filecache]>=0.12.10",
+    "CacheControl[filecache] @ git+https://github.com/woodruffw-forks/cachecontrol",
     # NOTE(ww): Release 2.5.0 is broken, subsequent 2.5.x releases fix it.
     # See: https://github.com/CycloneDX/cyclonedx-python-lib/issues/245
     "cyclonedx-python-lib ~= 2.0, != 2.5.0",
@@ -38,7 +38,7 @@ dependencies = [
     # NOTE(ww): urllib3 2.0 and higher are incompatible with CacheControl;
     # we prevent its use by using a version of requests that uses urllib3 < 2.0.
     # See: https://github.com/psf/requests/issues/6437
-    "requests<2.30",
+    "requests",
     "rich>=12.4",
     "toml>=0.10",
 ]

From 20cbaa5472d99bd0f895ae6c17464ff6bb15f134 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 22 May 2023 19:38:18 -0400
Subject: [PATCH 2/3] pyproject: don't use my fork

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pyproject.toml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 5c687052..f1817b23 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -27,7 +27,7 @@ classifiers = [
     "Topic :: Security",
 ]
 dependencies = [
-    "CacheControl[filecache] @ git+https://github.com/woodruffw-forks/cachecontrol",
+    "CacheControl[filecache] >= 0.12.0",
     # NOTE(ww): Release 2.5.0 is broken, subsequent 2.5.x releases fix it.
     # See: https://github.com/CycloneDX/cyclonedx-python-lib/issues/245
     "cyclonedx-python-lib ~= 2.0, != 2.5.0",
@@ -35,10 +35,11 @@ dependencies = [
     "packaging>=23.0.0",                     # https://github.com/pypa/pip-audit/issues/464
     "pip-api>=0.0.28",
     "pip-requirements-parser>=32.0.0",
-    # NOTE(ww): urllib3 2.0 and higher are incompatible with CacheControl;
-    # we prevent its use by using a version of requests that uses urllib3 < 2.0.
-    # See: https://github.com/psf/requests/issues/6437
-    "requests",
+    "requests >= 2.31.0",
+    # NOTE(ww): We constrain this subdepency because of CacheControl's incompatibility
+    # with urllib3 ~= 2.0 by way of requests.
+    # See: https://github.com/ionrock/cachecontrol/issues/292
+    "urllib3 ~= 1.26",
     "rich>=12.4",
     "toml>=0.10",
 ]

From 0bdbc788d87896bd81ffd8cacece4078afae4497 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 22 May 2023 19:43:38 -0400
Subject: [PATCH 3/3] CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9a019662..15ea98bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,11 @@ All versions prior to 0.0.9 are untracked.
 
 ## [Unreleased]
 
+### Fixed
+
+* Fixed a crash caused by incompatible dependency changes
+  ([#617](https://github.com/pypa/pip-audit/pull/617))
+
 ## [2.5.5]
 
 ### Fixed