Allow pypa/gh-action-pip-audit

[tisonkun]

Request for adding a new GitHub Action to the allow list

Overview

This is currently used in https://github.com/apache/libcloud/tree/trunk/.github/actions and I think it's a pypa official action that we can trust.

Name of action: pypa/gh-action-pip-audit

URL of action: https://github.com/pypa/gh-action-pip-audit

Version to pin to (hash only):

Following the other pypa actions listed below, I choose:

  release/v1*:
    expires_at: 2025-08-01
    keep: true

Permissions

I think the read permission is enough.

Related Actions

This should be like pypa/gh-action-pypi-publish but only for verifying, not publishing.

Checklist

You should be able to check most of these boxes for an action to be considered for review.
Please check all boxes that currently apply:

• The action is listed in the GitHub Actions Marketplace
• The action is not already on the list of approved actions
• The action has a sufficient number of contributors or has contributors within the ASF community
• The action has a clearly defined license
• The action is actively developed or maintained
• The action has CI/unit tests configured

[dfoulks1]

Hi there! I'm happy to merge this provided two things are fixed:
a) we need to pin to a commit hash rather than v1
b) The expiration date needs to be something in the future.

If you would take care of those I'll get this merged in.

[tisonkun]

@dfoulks1 Updated. Hopefully this is the correct format.