Log message:
python/wheel.mk: simplify a lot, and switch to 'installer' for installation

This follows the recommended bootstrap method (flit_core, build, installer).

However, installer installs different files than pip, so update PLISTs
for all packages using wheel.mk and bump their PKGREVISIONs.

Log message:
py-pip-audit: updated to 2.6.1

2.6.1

Fixed
* Fixed a crash on Windows caused by `pip-audit`'s use of temporary files

Log message:
py-pip_audit: update to 2.6.0.

## [2.6.0]

### Added

* Added option to skip dependency resolution via `pip` with the `--disable-pip`
  flag. This option can only be used with hashed requirements files or when the
  `--no-deps` flag has been provided
  ([#610](https://github.com/pypa/pip-audit/pull/610))

Log message:
py-pip_audit: update to 2.5.6.

## [2.5.6]

### Fixed

* Fixed a crash caused by incompatible dependency changes
  ([#617](https://github.com/pypa/pip-audit/pull/617))

Log message:
py-pip_audit: update to 2.5.5.

## [2.5.5]

### Fixed

* Fixed a crash caused by auditing requirements files that refer to other
requirements files ([#568](https://github.com/pypa/pip-audit/pull/568))

Log message:
py-pip_audit: update to 2.5.4.

## [2.5.4]

### Changed

* Refactored `index-url` option to not override user pip config by default,
  unless specified ([#565](https://github.com/pypa/pip-audit/pull/565))

### Fixed

* Fixed bug with the `--fix` flag where new requirements were sometimes being
  appended to requirement files instead of patching the existing requirement
  ([#577](https://github.com/pypa/pip-audit/pull/577))

* Fixed a crash caused by auditing requirements files that refer to other
  requirements files ([#568](https://github.com/pypa/pip-audit/pull/568))

## [2.5.3]

### Changed

* Further simplified `pip-audit`'s dependency resolution to remove inconsistent
  behaviour when using hashed requirements or the `--no-deps` flag
  ([#540](https://github.com/pypa/pip-audit/pull/540))

### Fixed

* Fixed a crash caused by invalid UTF-8 sequences in subprocess outputs
  ([#572](https://github.com/pypa/pip-audit/pull/572))

## [2.5.2]

### Fixed

* Fixed a loose dependency constraint for CycloneDX SBOM generation
  ([#558](https://github.com/pypa/pip-audit/pull/558))

Log message:
py-pip_audit: update to 2.5.1.

## [2.5.1]

### Fixed

* Fixed a crash on Windows caused by multiple open file handles to
  input requirements ([#551](https://github.com/pypa/pip-audit/pull/551))

## [2.5.0]

### Changed

* Improved error messaging when a requirements input or indirect dependency
  has an invalid (non-PEP 440) requirements specifier
  ([#507](https://github.com/pypa/pip-audit/pull/507))

* `pip-audit`'s handling of dependency resolution has been significantly
  refactored and simplified ([#523](https://github.com/pypa/pip-audit/pull/523))

### Fixed

* Fixed a potential crash on invalid unicode in subprocess streams
  ([#536](https://github.com/pypa/pip-audit/pull/536))

## [2.4.15]

**YANKED**

### Fixed

* Fixed an issue where hash checking would fail when using third-party indices
  ([#462](https://github.com/pypa/pip-audit/pull/462))

* Fixed the behavior of the `--skip-editable` flag, which had regressed
  with an internal API change
  ([#499](https://github.com/pypa/pip-audit/pull/499))

* Fixed a dependency resolution bug that can potentially be triggered when
  multiple packages have the same subdependency
  ([#488](https://github.com/pypa/pip-audit/pull/488))

Log message:
py-pip-audit: updated to 2.4.14

2.4.14

Fixed

* Fixed a dependency resolution failure caused by incorrect handling of
  a PEP 440 edge case around prerelease versions

2.4.13

Fixed

* Added a lower bound on `packaging` to ensure that non-normalized versions
  are handled correctly

2.4.12

Fixed

* Fixed `pip-audit`'s virtual environment creation and upgrade behavior,
  preventing spurious vulnerability reports

* Users are now warned if a `pip-audit` invocation is ambiguous, e.g.
  if they've installed `pip-audit` globally but are asking for an audit
  of a loaded virtual environment

2.4.11

Fixed

* Fixed a crash triggered when a package specifies an invalid version
  specifier for its `requires-python` version

2.4.10

Fixed

* Fixed a crash triggered when no vulnerabilities are found with some
  configurations

2.4.9

Fixed

* The `--output` flag will no longer produce an empty file in the event
  of a failure within `pip-audit` itself, making it easier to distinguish
  between audit failures being reported by `pip-audit` and `pip-audit`'s
  own errors

* Removed pin on `packaging` now that our dependency pins it for us

2.4.8

Fixed

* Pin maximum version of `packaging` dependency to avoid installing the new
  22.0 version which is incompatible with `pip-requirements-parser`

Log message:
py-pip-audit: updated to 2.4.7

2.4.7

Fixed

* Fixed a timestamp parsing bug that occurred with some vulnerability
  reports provided by the OSV service

Log message:
py-pip-audit: updated to 2.4.6

2.4.6

Fixed

* Fixed an incorrect interaction between `--desc=auto` and `--format=json`;
  `--desc=auto` now includes the description in the generated JSON report,
  as intended

* Fixed a bug in dependency resolution with third-party indices where
  relative URLs were not resolved correctly

2.4.5

ixed

* Fixed an issue where audits done with the PyPI vulnerability service (the
  default) were not correctly filtered by "withdrawn" status; \ 
"withdrawn"
  vulnerabilities are now excluded

* Fixed an issue where audits done with the OSV vulnerability service (`-s osv`)
  were not correctly filtered by "withdrawn" status; \ 
"withdrawn" vulnerabilities
  are now excluded

* Fixed `pip-audit`'s handling of URL-style requirements in `--no-deps` mode
  (URL requirements are now treated as skipped, rather than producing
  an error due to a lack of pinning)