From 65780f2d1af3641f7722b5649357439b86f1b868 Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@gmail.com>
Date: Mon, 29 Dec 2025 23:32:59 +1000
Subject: [PATCH] [CI] Add pre-commit hook `pip-audit`

https://github.com/pypa/pip-audit

"Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them"

https://github.com/pypa/pip-audit?tab=readme-ov-file#pre-commit-support

Also used on the Apache Trusted Tooling Release repo:

https://github.com/apache/tooling-trusted-releases/blob/23b3bc5adce730835e0b7d218e14d7e90db13e0e/.pre-commit-config.yaml#L100
---
 .pre-commit-config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 246687331ff..8c44276bd24 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -271,6 +271,12 @@ repos:
       - id: black-jupyter
         name: run black-jupyter
         description: format Python files and Jupyter Notebooks with black
+  - repo: https://github.com/pypa/pip-audit
+    rev: v2.10.0
+    hooks:
+      - id: pip-audit
+        name: run pip-audit
+        description: audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
   - repo: https://github.com/pre-commit/mirrors-clang-format
     rev: v21.1.7
     hooks: