Alex Cameron

I'm going to make a separate issue to begin generating API docs like we do for `pip-audit`.

I'm going to prepare a PR for verifying bundles.

Please let me know if you have any interest in getting this in and I'm happy to resolve any merge conflicts.

Thanks for reporting this @q0w! I believe this is caused by https://github.com/nexB/pip-requirements-parser/issues/4 and will require a fix there. Unfortunately, I haven't gotten around to fixing this yet.

Thanks for reporting this @q0w! We should definitely support updating hashes with `--fix`.

@di We discussed this issue briefly yesterday. I can confirm that we've never supported this before so this isn't a 2.5.x regression. I think it's still worth making this one...

@jleightcap This one would be also be good if you have time.

@woodruffw Yep that's correct, this should be fixed with #540.

> @tetsuo-cpp pip-audit v2.5.3 fails now with `--no-deps --fix`. note: `--no-deps` is provided because of [pypa/pip#9644](https://github.com/pypa/pip/issues/9644) Hmm, that's because the `--fix` codepath doesn't use `pip` but instead parses the requirements...

I'm going to re-open this so we can address the `--fix` side of things too.