Log Message:
py-pip_audit: update to 2.5.4.

## [2.5.4]

### Changed

* Refactored `index-url` option to not override user pip config by default,
  unless specified ([#565](https://github.com/pypa/pip-audit/pull/565))

### Fixed

* Fixed bug with the `--fix` flag where new requirements were sometimes being
  appended to requirement files instead of patching the existing requirement
  ([#577](https://github.com/pypa/pip-audit/pull/577))

* Fixed a crash caused by auditing requirements files that refer to other
  requirements files ([#568](https://github.com/pypa/pip-audit/pull/568))

## [2.5.3]

### Changed

* Further simplified `pip-audit`'s dependency resolution to remove inconsistent
  behaviour when using hashed requirements or the `--no-deps` flag
  ([#540](https://github.com/pypa/pip-audit/pull/540))

### Fixed

* Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs
  ([#572](https://github.com/pypa/pip-audit/pull/572))

## [2.5.2]

### Fixed

* Fixed a loose dependency constraint for CycloneDX SBOM generation
  ([#558](https://github.com/pypa/pip-audit/pull/558))