ci: pin pip-audit version in dependency audit

liujuanjuan1984 · liujuanjuan1984 · commit 90d9554ee8e2 · 2026-04-27T19:32:50.000+08:00
diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml
@@ -13,6 +13,8 @@ on:
       - '.github/workflows/dependency-audit.yml'
 permissions:
   contents: read
+env:
+  PIP_AUDIT_VERSION: '2.9.0'
 
 jobs:
   runtime-audit:
@@ -39,7 +41,7 @@ jobs:
         id: audit
         continue-on-error: true
         run: |
-          uvx pip-audit -r /tmp/runtime-dependencies.txt --format json -o /tmp/runtime-audit.json
+          uvx --from pip-audit==${PIP_AUDIT_VERSION} pip-audit -r /tmp/runtime-dependencies.txt --format json -o /tmp/runtime-audit.json
       - name: Summarize Runtime Audit
         if: always()
         id: summarize
@@ -117,7 +119,7 @@ jobs:
         id: audit
         continue-on-error: true
         run: |
-          uvx pip-audit -r /tmp/development-dependencies.txt --format json -o /tmp/development-audit.json
+          uvx --from pip-audit==${PIP_AUDIT_VERSION} pip-audit -r /tmp/development-dependencies.txt --format json -o /tmp/development-audit.json
       - name: Summarize Development Audit
         if: always()
         id: summarize
