uv audit

.github/workflows/ci.yml

@@ -114,7 +114,7 @@ jobs:
         id: setup-python
         with:
           python-version: ${{ matrix.py-version.semantic }}
-      - name: Run pip-audit
+      - name: Run uv audit
         run: |
           pip install tox-uv
           tox -e audit-${{ matrix.py-version.tox }}

.github/workflows/regular.yml

@@ -104,7 +104,7 @@ jobs:
         id: setup-python
         with:
           python-version: ${{ matrix.py-version.semantic }}
-      - name: Run pip-audit
+      - name: Run uv audit
         run: |
           pip install tox-uv
           tox -e audit-${{ matrix.py-version.tox }}

CONTRIBUTING.md

@@ -117,7 +117,7 @@ If you have questions or problems, simply ask for advice.
 | [pytest](https://docs.pytest.org/)                                                              | testing                                   |
 | [pytest-cov](https://pytest-cov.readthedocs.io/)                                                | measuring test coverage                   |
 | [sphinx](https://www.sphinx-doc.org/)                                                           | generating our documentation              |
-| [pip-audit](https://github.com/pypa/pip-audit)                                                  | detecting vulnerabilities in dependencies |
+| [uv audit](https://docs.astral.sh/uv/reference/cli/#uv-audit)                                   | detecting vulnerabilities in dependencies |
 | [tox](https://tox.wiki/)                                                                        | orchestrating all the above               |
 
 Executing a specific one of these tools is easiest by using the corresponding

pyproject.toml

@@ -56,7 +56,7 @@ Issues = "https://github.com/emdgroup/baybe/issues/"
 
 # AUDIT NOTE: The marked packages are secondary dependencies but their versions are
 # set explicitly because the otherwise installed default versions have been flagged
-# for vulnerabilities by pip-audit
+# for vulnerabilities by uv audit
 
 [project.optional-dependencies]
 extras = [
@@ -86,10 +86,9 @@ dev = [
     "baybe[mypy]",
     "baybe[test]",
     "baybe[benchmarking]",
-    "pip-audit>=2.5.5",
     "setuptools-scm>=7.1.0",
     "tox-uv>=1.7.0",
-    "uv>=0.9.25",
+    "uv>=0.11.2",
 ]
 
 insights = [

tox.ini

@@ -66,25 +66,18 @@ commands =
     mypy
 
 [testenv:audit,audit-py{310,311,312,313}]
-description = Run pip-audit
-extras = dev # audit entire environment
-setenv =
-    # Add pip-audit exceptions here, like:
-    # EXCLUDES=--ignore-vuln EXCEPTION_ID1 --ignore-vuln EXCEPTION_ID2 ...
+description = Run uv audit
+extras = dev  # audit entire environment
 commands =
     python --version
-    pip-audit {env:EXCLUDES:}
+    uv audit
 
 # This is separated from the other audit block because in 3.14 only core deps are tested
 [testenv:audit-py314]
-description = Run pip-audit
-deps = pip-audit
-setenv =
-    # Add pip-audit exceptions here, like:
-    # EXCLUDES=--ignore-vuln EXCEPTION_ID1 --ignore-vuln EXCEPTION_ID2 ...
+description = Run uv audit
 commands =
     python --version
-    pip-audit {env:EXCLUDES:}
+    uv audit
 
 [testenv:docs-py310]
 description = Build documentation, passing posargs to control what should be built