Skip to content

Fix pip-audit failure on Poetry-managed Python builds #847

Description

@tkilias

Problem

pip-audit fails in this environment because it creates a temp venv via venv.EnvBuilder, which ends up using a copied interpreter that starts with /install as its prefix and aborts before ensurepip can run.

Impact

The dependency-update workflow cannot complete the audit step, so automated dependency updates stop before they can check for vulnerabilities or update poetry.lock.

Repo-side workaround

Use hashed poetry export output and run pip-audit --disable-pip so pip-audit skips the copied-interpreter path entirely.

Validation

  • Focused unit tests for the audit helper and nox wrapper
  • POETRY_VIRTUALENVS_IN_PROJECT=true poetry run pytest -q test/unit/util/dependencies/audit_test.py test/unit/nox/_dependencies_test.py

Metadata

Metadata

Assignees

Labels

bugUnwanted / harmful behavior

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions