diff options
author | Stéphane Bidoul <stephane.bidoul@gmail.com> | 2023-04-10 16:43:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-10 16:43:51 +0200 |
commit | 5d4a974b60b37acdaeaea457196366678b0624a3 (patch) | |
tree | 5bf0f217a5882b710f80757a6a9b8eba3fe624dd /news | |
parent | 62e932ad2889f370e47aeae010b5e2a23a194d38 (diff) | |
parent | 453a5a7e0738c9c0453a3a23db4ef74e9e4e41d7 (diff) | |
download | pip-5d4a974b60b37acdaeaea457196366678b0624a3.tar.gz |
Merge pull request #11938 from sbidoul/fix-direct-url-hash-trusted-sbi
Don't trust link hash in direct URL dependencies
Diffstat (limited to 'news')
-rw-r--r-- | news/11938.bugfix.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/news/11938.bugfix.rst b/news/11938.bugfix.rst new file mode 100644 index 000000000..b299f8e4f --- /dev/null +++ b/news/11938.bugfix.rst @@ -0,0 +1,3 @@ +When package A depends on package B provided as a direct URL dependency including a hash +embedded in the link, the ``--require-hashes`` option did not warn when user supplied hashes +were missing for package B. |