2.9.2 - released 2025-11-19

Changelog

Added new --no-security-blocking flag to disable/configure security blocking (#12617)
Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
Fixed config command not being able to set the new audit settings (#12609)
Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)