From 23fdb462455cbfb828a41c18aeb29e7a8e88b3d5 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 14 Dec 2023 10:05:19 -0500
Subject: [PATCH 1/3] _virtual_env: add --no-input to all invocations

Closes #706.

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pip_audit/_virtual_env.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pip_audit/_virtual_env.py b/pip_audit/_virtual_env.py
index cbd7f79e..acee66ad 100644
--- a/pip_audit/_virtual_env.py
+++ b/pip_audit/_virtual_env.py
@@ -116,11 +116,14 @@ def post_setup(self, context: SimpleNamespace) -> None:
             # windows, see GitHub issue #646.
 
             # Install our packages
+            # NOTE(ww): We pass `--no-input` to prevent `pip` from indefinitely
+            # blocking on user input for repository credentials.
             package_install_cmd = [
                 context.env_exe,
                 "-m",
                 "pip",
                 "install",
+                "--no-input",
                 *self._index_url_args,
                 "--dry-run",
                 "--report",

From 9d81f67be61517e56efbd5e9b3e3d4676793e15d Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 14 Dec 2023 10:08:52 -0500
Subject: [PATCH 2/3] CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f582372e..a5fb0ea9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,12 @@ All versions prior to 0.0.9 are untracked.
 
 * `pip-audit`'s minimum Python version is now 3.8.
 
+### Fixed
+
+* Fixed a hang caused by auditing requirements when resolving against
+  an index that requires authentication, causing `pip` to wait indefinitely
+  for credentials ([#707](https://github.com/pypa/pip-audit/pull/707))
+
 ## [2.6.1]
 
 ### Fixed

From 663ea4a182bbfa42fbbd8eb675172f53a91333e8 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 14 Dec 2023 11:53:59 -0500
Subject: [PATCH 3/3] pyproject: filter coverage==7.3.2

See https://github.com/nedbat/coveragepy/issues/1713.

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pyproject.toml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index ca31f512..2fc4f1a2 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -42,7 +42,12 @@ dependencies = [
 requires-python = ">=3.8"
 
 [project.optional-dependencies]
-test = ["coverage[toml]", "pretend", "pytest", "pytest-cov"]
+test = [
+    "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713
+    "pretend",
+    "pytest",
+    "pytest-cov",
+]
 lint = [
     # NOTE(ww): ruff is under active development, so we pin conservatively here
     # and let Dependabot periodically perform this update.