azure-devops-docs icon indicating copy to clipboard operation
azure-devops-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Replace --extra-index-url with --index-url in docs

Open MKapustin opened this issue 10 months ago • 2 comments

Using --extra-index-url makes you vulnerable to dependency confusion attacks because it checks the PyPi repository for the package before it checks the custom repository. Thus it's better to use examples with --index-url in docs instead, to avoid users thoughtlessly copying the snippet with possible vulnerabilities.

MKapustin avatar Apr 15 '24 10:04 MKapustin

@MKapustin : Thanks for your contribution! The author(s) have been notified to review your proposed change.

prmerger-automator[bot] avatar Apr 15 '24 10:04 prmerger-automator[bot]

@ramiMSFT

Can you review the proposed changes?

When the changes are ready for publication, add a #sign-off comment to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged" @MicrosoftDocs/public-repo-pr-review-team

Court72 avatar Apr 15 '24 16:04 Court72

@MKapustin Thanks for your contribution!

#sign-off

ramiMSFT avatar May 08 '24 21:05 ramiMSFT