Mastodon Feed
Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
scy@chaos.social wrote:
So, in the #PHP ecosystem, people can build a package like roave/security-advisories, which has a huge list of "conflict" dependencies.
These don't say "install this as a dependency", but instead "I'm incompatible with that dependency in that version". And the versions listed there are those with known security vulnerabilities, effectively preventing you from installing them, which is good.
Is there something similar in the #Python ecosystem? Is it even possible?
https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json