#750: Updated dependency pip-audit

.github/actions/security-issues/action.yml

@@ -39,7 +39,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==6.1.0
+        pip install exasol-toolbox==6.1.1
 
     - name: Create Security Issue Report
       shell: bash

doc/changes/changes_6.1.1.md

@@ -0,0 +1,32 @@
+# 6.1.1 - 2026-03-18
+
+## Summary
+
+## Security Issues
+
+* #748: Updated dependency to `black`
+
+## Refactorings
+
+* #752: Updated upload-artifact from v6 to v7 and download-artifact from v7 to v8
+* #750: Updated dependency `pip-audit`
+
+## Dependency Updates
+
+### `main`
+
+* Updated dependency `bandit:1.9.3` to `1.9.4`
+* Updated dependency `black:25.12.0` to `26.3.1`
+* Updated dependency `coverage:7.13.1` to `7.13.4`
+* Updated dependency `import-linter:2.9` to `2.11`
+* Updated dependency `nox:2025.11.12` to `2026.2.9`
+* Updated dependency `pip-audit:2.9.0` to `2.10.0`
+* Updated dependency `pip-licenses:5.5.0` to `5.5.1`
+* Updated dependency `pylint:4.0.4` to `4.0.5`
+* Updated dependency `ruff:0.14.13` to `0.14.14`
+* Updated dependency `sphinxcontrib-mermaid:2.0.0` to `2.0.1`
+* Updated dependency `typer:0.21.1` to `0.24.1`
+
+### `dev`
+
+* Updated dependency `cookiecutter:2.6.0` to `2.7.1`

doc/changes/unreleased.md

@@ -1,11 +1,3 @@
 # Unreleased
 
 ## Summary
-
-## Security Issues
-
-* #748: Updated dependency to `black`
-
-## Refactoring
-
-* #752: Updated upload-artifact from v6 to v7 and download-artifact from v7 to v8

exasol/toolbox/nox/_dependencies.py

@@ -35,7 +35,7 @@ def audit(session: Session) -> None:
     try:
         vulnerabilities = Vulnerabilities.load_from_pip_audit(working_directory=Path())
     except PipAuditException as e:
-        session.error(e.return_code, e.stdout, e.stderr)
+        session.error(e.returncode, e.stdout, e.stderr)
 
     security_issue_dict = vulnerabilities.security_issue_dict
     print(json.dumps(security_issue_dict, indent=2))

exasol/toolbox/util/dependencies/audit.py

@@ -27,16 +27,18 @@
 )
 
 
+PipAuditEntry = dict[str, str | list[str] | tuple[str, ...]]
+
+
 @dataclass
 class PipAuditException(Exception):
-    return_code: int
+    returncode: int
     stdout: str
     stderr: str
 
-    def __init__(self, subprocess_output: subprocess.CompletedProcess) -> None:
-        self.return_code = subprocess_output.returncode
-        self.stdout = subprocess_output.stdout
-        self.stderr = subprocess_output.stderr
+    @classmethod
+    def from_subprocess(cls, proc: subprocess.CompletedProcess) -> PipAuditException:
+        return cls(proc.returncode, proc.stdout, proc.stderr)
 
 
 class VulnerabilitySource(str, Enum):
@@ -102,7 +104,7 @@ def reference_links(self) -> tuple[str, ...]:
         )
 
     @property
-    def security_issue_entry(self) -> dict[str, str | list[str] | tuple[str, ...]]:
+    def security_issue_entry(self) -> PipAuditEntry:
         return {
             "name": self.package.name,
             "version": str(self.package.version),
@@ -132,10 +134,20 @@ def subsection_for_changelog_summary(self) -> str:
         """
         Create a subsection to be included in the Summary section of a versioned changelog.
         """
-        links_join = "\n* ".join(sorted(self.reference_links))
-        references_subsection = f"\n#### References:\n\n* {links_join}\n\n "
-        subsection = f"### {self.vulnerability_id} in {self.package.coordinates}\n\n{self.description}\n{references_subsection}"
-        return cleandoc(subsection.strip())
+        indent = " " * 12
+        references = f"\n{indent}".join(
+            f"* {link}" for link in sorted(self.reference_links)
+        )
+        description = self.description.replace("\n", f"\n{indent}")
+        return cleandoc(f"""
+            ### {self.vulnerability_id} in {self.package.coordinates}
+
+            {description}
+
+            #### References
+
+            {references}
+            """)
 
 
 def audit_poetry_files(working_directory: Path) -> str:
@@ -159,7 +171,7 @@ def audit_poetry_files(working_directory: Path) -> str:
         cwd=working_directory,
     )  # nosec
     if output.returncode != 0:
-        raise PipAuditException(subprocess_output=output)
+        raise PipAuditException.from_subprocess(output)
 
     with tempfile.TemporaryDirectory() as path:
         tmpdir = Path(path)
@@ -179,7 +191,7 @@ def audit_poetry_files(working_directory: Path) -> str:
         # they both map to returncode = 1, so we have our own logic to raise errors
         # for the case of 2) and not 1).
         if not search(PIP_AUDIT_VULNERABILITY_PATTERN, output.stderr.strip()):
-            raise PipAuditException(subprocess_output=output)
+            raise PipAuditException.from_subprocess(output)
     return output.stdout
 
 
@@ -215,7 +227,7 @@ def load_from_pip_audit(cls, working_directory: Path) -> Vulnerabilities:
         return Vulnerabilities(vulnerabilities=vulnerabilities)
 
     @property
-    def security_issue_dict(self) -> list[dict[str, str | list[str] | tuple[str, ...]]]:
+    def security_issue_dict(self) -> list[PipAuditEntry]:
         return [
             vulnerability.security_issue_entry for vulnerability in self.vulnerabilities
         ]

project-template/cookiecutter.json

@@ -9,7 +9,7 @@
   "author_email": "opensource@exasol.com",
   "project_short_tag": "",
   "python_version_min": "3.10",
-  "exasol_toolbox_version_range": ">=6.1.0,<7",
+  "exasol_toolbox_version_range": ">=6.1.1,<7",
   "license_year": "{% now 'utc', '%Y' %}",
   "__repo_name_slug": "{{cookiecutter.package_name}}",
   "__package_name_slug": "{{cookiecutter.package_name}}",

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "exasol-toolbox"
-version = "6.1.0"
+version = "6.1.1"
 description = "Your one-stop solution for managing all standard tasks and core workflows of your Python project."
 authors = [
     { name = "Nicola Coretti", email = "nicola.coretti@exasol.com" },
@@ -38,7 +38,7 @@ dependencies = [
     "mypy>=0.971",
     "myst-parser>=2.0.0,<4",
     "nox>=2022.8.7",
-    "pip-audit>=2.7.3,<2.10.0", # see issue https://github.com/exasol/python-toolbox/issues/750
+    "pip-audit>=2.10,<3",
     "pip-licenses>=5.0.0,<6",
     "pluggy>=1.5.0,<2",
     "pre-commit>=4,<5",

test/conftest.py

@@ -8,7 +8,10 @@
     Issue,
     _issues_as_json_str,
 )
-from exasol.toolbox.util.dependencies.audit import Vulnerability
+from exasol.toolbox.util.dependencies.audit import (
+    PipAuditEntry,
+    Vulnerability,
+)
 
 
 class SampleVulnerability:
@@ -24,11 +27,11 @@ class SampleVulnerability:
     )
 
     @property
-    def pip_audit_vuln_entry(self) -> dict[str, str | list[str]]:
+    def pip_audit_vuln_entry(self) -> PipAuditEntry:
         return {
-            "id": self.vulnerability_id,
+            "id": self.cve_id,
             "fix_versions": [self.fix_version],
-            "aliases": [self.cve_id],
+            "aliases": [self.vulnerability_id],
             "description": self.description,
         }
 
@@ -59,7 +62,7 @@ def nox_dependencies_audit(self) -> str:
         return json.dumps([self.security_issue_entry], indent=2) + "\n"
 
     @property
-    def security_issue_entry(self) -> dict[str, str | list[str] | tuple[str, ...]]:
+    def security_issue_entry(self) -> PipAuditEntry:
         return {
             "name": self.package_name,
             "version": self.version,

test/integration/conftest.py

@@ -1,10 +1,26 @@
 import subprocess
+from pathlib import Path
 
 import pytest
 
+from exasol.toolbox.config import BaseConfig
+
 
 @pytest.fixture(scope="session")
 def poetry_path() -> str:
     result = subprocess.run(["which", "poetry"], capture_output=True, text=True)
     poetry_path = result.stdout.strip()
     return poetry_path
+
+
+@pytest.fixture(scope="session")
+def ptb_minimum_python_version() -> str:
+    """
+    Some integration tests create a sample poetry project and need to
+    specify its minimum python version in property "requires-python" in file
+    pyproject.toml.
+
+    This fixture returns a value including all python versions supported by
+    the PTB.
+    """
+    return BaseConfig(root_path=Path(), project_name="toolbox").minimum_python_version