-
I have received security alert to upgrade Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Since Alternatively if you want to explicitly say you want a minimum version of |
Beta Was this translation helpful? Give feedback.
-
@abn hello, I have a follow-up question. I initially posted it on discord. The origin of my question is mostly the same - I need a dependency graph pinned as much as possible for my prod env, but be able to update (preferably on patch level only) due to safety (bandit complaining about version with known vulnerabilities). IMO the proposed solution is just a workaround and not a good one. Consider a scenario, when How do remedy such scenarios? I think, something like |
Beta Was this translation helpful? Give feedback.
Since
matplotlib
defines it as a lower bound constraint, a simplepoetry update
should do the trick unless something else depends on it too.Alternatively if you want to explicitly say you want a minimum version of
pillow
, you can add it viapoetry add
to your project's main or development dependencies. The former will impact your packaged wheel's metadata, the latter will only impact the lockfile and environments managed by Poetry.