Posts Tagged: uv
-
CVE-2024-XXXXX: SSRF Vulnerability in Requests 2.31.0 and Mitigation Strategies
CVE-2024-XXXXX in requests 2.31.0 enables SSRF via malformed URLs. Mitigation: upgrade to 2.32+, lock dependencies with uv or pip-tools, audit with pip-audit or Safety.
-
Dependency Management (pip, uv, poetry, requirements.txt)
Master Python dependency management: Compare pip with requirements.txt, Poetry for locked reproducible environments, and ultrafast uv resolver/installer. Best practices, comparisons, and migration guides for 2026 Python projects.
-
How to Fix Vulnerable Dependency Errors in requirements.txt for PCI DSS Compliance
PCI DSS compliance Python: Fix vulnerable dependencies in requirements.txt. Step-by-step guide using pip-audit, safety CLI, pip-tools/uv locking. Quarterly scans, exact pinning, hashes for Req 6.2.3 audits. Pass vulnerability scans – requirements.txt security best practices 2026.
-
How to Pin Transitive Dependencies in requirements.txt to Pass Security Audits
Pin direct + transitive (indirect) dependencies in requirements.txt using pip-tools or uv pip-compile. Pass pip-audit, Safety CLI, Snyk scans with exact versions/hashes. Reproducible, secure Python builds without version drift.
-
pip-tools vs poetry vs uv: Which Tool Handles Conflicting setuptools Versions Best?
pip-tools vs Poetry vs uv comparison for conflicting setuptools versions: Benchmarks, resolution strategies, and which Python dependency manager prevents build failures in complex environments.
-
Reducing Docker Image Size from 1.2GB to 145MB for Python FastAPI Applications
Reduce FastAPI Docker images from 1.2 GB to 145 MB using Alpine multistage builds and uv. Includes benchmarks, production Dockerfile, .dockerignore, and pitfalls.
-
uv pip sync: Managing Reproducible Python Environments
uv pip sync synchronizes Python environments exactly to requirements.txt, removing unused packages for reproducibility. Works on system Python without virtualenvs for tools/scripts. Includes setup, usage, lockfiles, benchmarks, comparisons to pip-tools/Poetry.