Pin library versions in Pipfile

This will ensure pipenv lock command does not update package versions unless explicitly specified in the Pipfile. Since we have automatic security checks for vulnerabilities in python libraries, this will ensure more consistency when building and testing our packages, and avoid drift in our requirements.txt and Pipfile.lock files.
freedomofpress · Nov 13, 2018 · 0986522 · 0986522
1 parent c600bc4
commit 0986522
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/Pipfile b/Pipfile
@@ -7,10 +7,10 @@ verify_ssl = true
 python_version = "3.5"
 
 [packages]
-furl = "*"
-pyyaml = "*"
-requests = "*"
-werkzeug = "*"
+furl = "==2.0.0"
+pyyaml = "==3.13"
+requests = "==2.20.0"
+werkzeug = "==0.14.1"
 
 [dev-packages]
-vcrpy = "*"
+vcrpy = "==2.0.1"
diff --git a/Pipfile.lock b/Pipfile.lock