docs(ordered_pip): explain how to use the ordered-pip plugin

[VassilisVassiliadis]

Resolves #613

[DRL-NextGen]

Checks Summary

Last run: 2026-03-27T11:49:26.571Z

Mend Unified Agent vulnerability scan found 2 vulnerabilities:

Severity	Identifier	Package	Details	Fix
🔷 Medium	CVE-2026-25645	requests-2.32.5-py3-none-any.whl	Requests is a HTTP library. Prior to version 2.33.0, the "requests.utils.extract_zipped_paths()" uti... Requests is a HTTP library. Prior to version 2.33.0, the "requests.utils.extract_zipped_paths()" utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call "extract_zipped_paths()" directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set "TMPDIR" in their environment to a directory with restricted write access.	Upgrade to version https://github.com/psf/requests.git - v2.33.0
🔸 Low	CVE-2026-4539	pygments-2.19.2-py3-none-any.whl	A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function A... A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.	Not Available