Remove running pip-audit from CI.

Julian · Julian · commit f22fb8ed485a · 2025-10-12T10:05:01.000+02:00
pip has had a recent CVE, and as a library (and not
an app) it is difficult to run pip-audit in a way that
has value but is segregated from pip-audit's own deps
such that we don't encounter this kind of false positive.
diff --git a/noxfile.py b/noxfile.py
@@ -42,15 +42,6 @@ def tests(session):
     session.run("pytest", "--verbosity=3", "--pythonwarnings=error", env=env)
 
 
-@session()
-def audit(session):
-    """
-    Audit dependencies for vulnerabilities.
-    """
-    session.install("pip-audit", ROOT)
-    session.run("python", "-m", "pip_audit")
-
-
 @session(tags=["build"])
 def build(session):
     """
