lunes-cms icon indicating copy to clipboard operation
lunes-cms copied to clipboard

Published 20 hours ago verified publisher icon digitalfabrik

Pin subdependencies

Open timobrembeck opened this issue 1 year ago • 0 comments

Motivation

At the moment, we only pin direct dependencies. However, we do not enforce any constraints about their sub dependencies, so we could miss security vulnerabilities in them.

Proposed Solution

Follow the same pattern as https://github.com/digitalfabrik/integreat-cms/blob/develop/pyproject.toml to pin the entire dependency tree.

Alternatives

Install dependency manager, e.g. poetry

Depends on:

  • #448

timobrembeck avatar Apr 01 '23 10:04 timobrembeck