Remove running pip-audit from CI.

Julian · Julian · commit e590e84c7cd0 · 2025-10-25T21:20:22.000-04:00
pip has had a recent CVE, and as a library (and not
an app) it is difficult to run pip-audit in a way that
has value but is segregated from pip-audit's own deps
such that we don't encounter this kind of false positive.

Downstream applications should themselves run pip-audit
as it is more suited for being run by applications rather
than libraries.
diff --git a/noxfile.py b/noxfile.py
@@ -40,15 +40,6 @@ def tests(session):
     session.run("pytest", *session.posargs, PACKAGE)
 
 
-@session()
-def audit(session):
-    """
-    Audit dependencies for vulnerabilities.
-    """
-    session.install("pip-audit", ROOT)
-    session.run("python", "-m", "pip_audit")
-
-
 @session(tags=["build"])
 def build(session):
     """
