Excluding a dependency in pip-audit

I have a pipenv project that is using the Trend Micro deepsecurity dependency. Up until recently, this was available on pypi, but Trend has since removed it. They require one to download the SDK and install it manually. Not a horrible issue, as I unzip the package and pip install it.

pip freeze|grep deep                                     1 ✘  4s  portal-bVWoHG0U  

deep-security-api @ file:///Users/paul/src/smartronix/portal/ds_temp

Unfortunately, this causes heartburn for pip-audit:

> pip-audit                                                     ✔  5s  portal-

Traceback (most recent call last):                    
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_cli.py", line 370, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_audit.py", line 66, in audit
    for dep, vulns in self._service.query_all(specs):
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_service/interface.py", line 143, in query_all
    yield self.query(spec)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_service/pypi.py", line 58, in query
    response: requests.Response = self.session.get(url=url, timeout=self.timeout)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 542, in get
    return self.request('GET', url, **kwargs)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 529, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 667, in send
    history = [resp for resp in gen]
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 667, in <listcomp>
    history = [resp for resp in gen]
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 166, in resolve_redirects
    raise TooManyRedirects('Exceeded {} redirects.'.format(self.max_redirects), response=resp)
requests.exceptions.TooManyRedirects: Exceeded 30 redirects.

The reason for this (as fully documented below) is that pypi used to know about deep security, but has it no longer and provides a confusing response. I'd like to simply exclude this dependency but can't see how to do it.

Verbose pip-audit run

pip-audit -v                                                

DEBUG:pip_audit._cli:parsed arguments: Namespace(cache_dir=None, desc=<VulnerabilityDescriptionChoice.Auto: 'auto'>, dry_run=False, extra_index_urls=[], fix=False, format=<OutputFormatChoice.Columns: 'columns'>, index_url='https://pypi.org/simple', local=False, output=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>, paths=[], progress_spinner=<ProgressSpinnerChoice.On: 'on'>, project_path=None, require_hashes=False, requirements=None, skip_editable=False, strict=False, timeout=15, verbose=True, vulnerability_service=<VulnerabilityServiceChoice.Pypi: 'pypi'>)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/alembic/1.7.7/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): pypi.org:443
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/alembic/1.7.7/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/aniso8601/9.0.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/aniso8601/9.0.1/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/apscheduler/3.9.1/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/APScheduler/3.9.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/APScheduler/3.9.1/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/astroid/2.6.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/astroid/2.6.6/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/atomicwrites/1.4.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/atomicwrites/1.4.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/attrs/21.4.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/attrs/21.4.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/autopep8/1.6.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/autopep8/1.6.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-common/1.1.28/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-common/1.1.28/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-core/1.24.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-core/1.24.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-identity/1.11.0b1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-identity/1.11.0b1/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-compute/26.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-compute/26.1.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-core/1.3.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-core/1.3.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-loganalytics/13.0.0b4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-loganalytics/13.0.0b4/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-recoveryservices/2.0.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-recoveryservices/2.0.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-recoveryservicesbackup/4.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-recoveryservicesbackup/4.2.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-mgmt-resource/21.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-mgmt-resource/21.1.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/azure-monitor-query/1.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/azure-monitor-query/1.0.2/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/backports-zoneinfo/0.2.1/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/backports.zoneinfo/0.2.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/backports.zoneinfo/0.2.1/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/bcrypt/3.2.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/bcrypt/3.2.2/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/black/22.3.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/black/22.3.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/boto3/1.22.13/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/boto3/1.22.13/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/botocore/1.25.13/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/botocore/1.25.13/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cachecontrol/0.12.11/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/CacheControl/0.12.11/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/CacheControl/0.12.11/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/certifi/2021.10.8/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/certifi/2021.10.8/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cffi/1.15.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7238
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/cffi/1.15.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cfgv/3.3.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/cfgv/3.3.1/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/charset-normalizer/2.0.12/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/charset-normalizer/2.0.12/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/click/8.1.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/click/8.1.3/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/coverage/6.3.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/coverage/6.3.3/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cryptography/37.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/cryptography/37.0.2/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cyclonedx-python-lib/2.3.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 7237
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/cyclonedx-python-lib/2.3.0/json HTTP/1.1" 304 0
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json/" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-security-api/12.0.466/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
Traceback (most recent call last):
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_cli.py", line 370, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_audit.py", line 66, in audit
    for dep, vulns in self._service.query_all(specs):
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_service/interface.py", line 143, in query_all
    yield self.query(spec)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/pip_audit/_service/pypi.py", line 58, in query
    response: requests.Response = self.session.get(url=url, timeout=self.timeout)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 542, in get
    return self.request('GET', url, **kwargs)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 529, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 667, in send
    history = [resp for resp in gen]
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 667, in <listcomp>
    history = [resp for resp in gen]
  File "/Users/paul/.local/share/virtualenvs/portal-bVWoHG0U/lib/python3.7/site-packages/requests/sessions.py", line 166, in resolve_redirects
    raise TooManyRedirects('Exceeded {} redirects.'.format(self.max_redirects), response=resp)
requests.exceptions.TooManyRedirects: Exceeded 30 redirects.

I never did find a real solution to the problem, but I did make this workaround; just delete deepsecurity! For reference, here is the script that I use in my CI pipeline

set -e
# Remove trend deep security, as it causes pip-audit to fail
pipenv run pip uninstall -y deep-security-api
pipenv run pip-audit