Posts Tagged: dependency-management
-
CVE-2024-XXXXX: SSRF Vulnerability in Requests 2.31.0 and Mitigation Strategies
CVE-2024-XXXXX in requests 2.31.0 enables SSRF via malformed URLs. Mitigation: upgrade to 2.32+, lock dependencies with uv or pip-tools, audit with pip-audit or Safety.
-
uv pip sync: Managing Reproducible Python Environments
uv pip sync synchronizes Python environments exactly to requirements.txt, removing unused packages for reproducibility. Works on system Python without virtualenvs for tools/scripts. Includes setup, usage, lockfiles, benchmarks, comparisons to pip-tools/Poetry.