GHSA-58qw-9mgm-455v.json contains last_affected rather than fixed in the affected.ranges.events, but it's been addressed within pip 26.1 via pypa/pip#13867 / pypa/pip#13870. This causes downstream tools such as pip-audit to report no "fixed" version, when one is available.
GHSA-58qw-9mgm-455v.json contains
last_affectedrather thanfixedin theaffected.ranges.events, but it's been addressed within pip 26.1 via pypa/pip#13867 / pypa/pip#13870. This causes downstream tools such as pip-audit to report no "fixed" version, when one is available.