Problem
pip-audit fails in this environment because it creates a temp venv via venv.EnvBuilder, which ends up using a copied interpreter that starts with /install as its prefix and aborts before ensurepip can run.
Impact
The dependency-update workflow cannot complete the audit step, so automated dependency updates stop before they can check for vulnerabilities or update poetry.lock.
Repo-side workaround
Use hashed poetry export output and run pip-audit --disable-pip so pip-audit skips the copied-interpreter path entirely.
Validation
- Focused unit tests for the audit helper and nox wrapper
POETRY_VIRTUALENVS_IN_PROJECT=true poetry run pytest -q test/unit/util/dependencies/audit_test.py test/unit/nox/_dependencies_test.py
Problem
pip-audit fails in this environment because it creates a temp venv via
venv.EnvBuilder, which ends up using a copied interpreter that starts with/installas its prefix and aborts beforeensurepipcan run.Impact
The dependency-update workflow cannot complete the audit step, so automated dependency updates stop before they can check for vulnerabilities or update
poetry.lock.Repo-side workaround
Use hashed
poetry exportoutput and runpip-audit --disable-pipso pip-audit skips the copied-interpreter path entirely.Validation
POETRY_VIRTUALENVS_IN_PROJECT=true poetry run pytest -q test/unit/util/dependencies/audit_test.py test/unit/nox/_dependencies_test.py