Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supplying vulnerability-based constraints to the resolution process #1805

Closed
fridex opened this issue Jan 31, 2023 · 1 comment
Closed

Supplying vulnerability-based constraints to the resolution process #1805

fridex opened this issue Jan 31, 2023 · 1 comment
Labels
question User question

Comments

@fridex
Copy link

fridex commented Jan 31, 2023

What's the problem this feature will solve?

We have proposed including vulnerability information in the resolution process Python upstream. Unfortunately, the pip community does not seem to be open to include such feature directly in pip.

Before possibly introducing another tool, we would like to raise this feature also here. There is a small prototype, pipctl (using pip-tools), that can resolve application dependencies without known vulnerabilities, or allowing only acceptable ones. Would pip-tools community be interested in such a feature directly in pip-tools codebase?

Describe the solution you'd like

See pipctl prototype that can resolve application dependencies respecting vulnerabilities.
@atugushev atugushev added the question User question label Mar 21, 2023
@fridex
Copy link
Author

fridex commented Apr 14, 2023

It looks like there is no interest. Closing.

@fridex fridex closed this as completed Apr 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question User question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fridex @atugushev