diff --git a/CHANGELOG.md b/CHANGELOG.md index f582372e..a5fb0ea9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,12 @@ All versions prior to 0.0.9 are untracked. * `pip-audit`'s minimum Python version is now 3.8. +### Fixed + +* Fixed a hang caused by auditing requirements when resolving against + an index that requires authentication, causing `pip` to wait indefinitely + for credentials ([#707](https://github.com/pypa/pip-audit/pull/707)) + ## [2.6.1] ### Fixed diff --git a/pip_audit/_virtual_env.py b/pip_audit/_virtual_env.py index cbd7f79e..acee66ad 100644 --- a/pip_audit/_virtual_env.py +++ b/pip_audit/_virtual_env.py @@ -116,11 +116,14 @@ def post_setup(self, context: SimpleNamespace) -> None: # windows, see GitHub issue #646. # Install our packages + # NOTE(ww): We pass `--no-input` to prevent `pip` from indefinitely + # blocking on user input for repository credentials. package_install_cmd = [ context.env_exe, "-m", "pip", "install", + "--no-input", *self._index_url_args, "--dry-run", "--report", diff --git a/pyproject.toml b/pyproject.toml index ca31f512..2fc4f1a2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,12 @@ dependencies = [ requires-python = ">=3.8" [project.optional-dependencies] -test = ["coverage[toml]", "pretend", "pytest", "pytest-cov"] +test = [ + "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 + "pretend", + "pytest", + "pytest-cov", +] lint = [ # NOTE(ww): ruff is under active development, so we pin conservatively here # and let Dependabot periodically perform this update.