_virtual_env: add --no-input to all invocations (#707)

* _virtual_env: add --no-input to all invocations

Closes #706.

Signed-off-by: William Woodruff <william@trailofbits.com>

* CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>

* pyproject: filter coverage==7.3.2

See nedbat/coveragepy#1713.

Signed-off-by: William Woodruff <william@trailofbits.com>

---------

Signed-off-by: William Woodruff <william@trailofbits.com>

CHANGELOG.md

@@ -12,6 +12,12 @@ All versions prior to 0.0.9 are untracked.
 
 * `pip-audit`'s minimum Python version is now 3.8.
 
+### Fixed
+
+* Fixed a hang caused by auditing requirements when resolving against
+  an index that requires authentication, causing `pip` to wait indefinitely
+  for credentials ([#707](https://github.com/pypa/pip-audit/pull/707))
+
 ## [2.6.1]
 
 ### Fixed

pip_audit/_virtual_env.py

@@ -116,11 +116,14 @@ def post_setup(self, context: SimpleNamespace) -> None:
             # windows, see GitHub issue #646.
 
             # Install our packages
+            # NOTE(ww): We pass `--no-input` to prevent `pip` from indefinitely
+            # blocking on user input for repository credentials.
             package_install_cmd = [
                 context.env_exe,
                 "-m",
                 "pip",
                 "install",
+                "--no-input",
                 *self._index_url_args,
                 "--dry-run",
                 "--report",

pyproject.toml

@@ -42,7 +42,12 @@ dependencies = [
 requires-python = ">=3.8"
 
 [project.optional-dependencies]
-test = ["coverage[toml]", "pretend", "pytest", "pytest-cov"]
+test = [
+    "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713
+    "pretend",
+    "pytest",
+    "pytest-cov",
+]
 lint = [
     # NOTE(ww): ruff is under active development, so we pin conservatively here
     # and let Dependabot periodically perform this update.