Posts Tagged: pip-compile
-
CVE-2024-XXXXX: SSRF Vulnerability in Requests 2.31.0 and Mitigation Strategies
CVE-2024-XXXXX in requests 2.31.0 enables SSRF via malformed URLs. Mitigation: upgrade to 2.32+, lock dependencies with uv or pip-tools, audit with pip-audit or Safety.
-
How to Pin Transitive Dependencies in requirements.txt to Pass Security Audits
Pin direct + transitive (indirect) dependencies in requirements.txt using pip-tools or uv pip-compile. Pass pip-audit, Safety CLI, Snyk scans with exact versions/hashes. Reproducible, secure Python builds without version drift.
-
uv pip sync: Managing Reproducible Python Environments
uv pip sync synchronizes Python environments exactly to requirements.txt, removing unused packages for reproducibility. Works on system Python without virtualenvs for tools/scripts. Includes setup, usage, lockfiles, benchmarks, comparisons to pip-tools/Poetry.