Pin all pip dependencies for Homu #686
Merged
Commits on Jun 1, 2017
-
New versions of requests that were just released removed the bundled `cacert.pem` file, causing Homu to be unable to post comments. Pin requests and all other Homu dependencies to avoid future problems, now that we are using `upgrade=True` to ensure Homu gets updated.
-
Use `safety` to check for vulnerable Python packages
Since we are pinning the Python package dependencies for Homu, we need to make sure to upgrade those dependencies when they have vulnerabilities. Use the `safety` CLI tool from https://pyup.io/safety/ for this.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.