diff options
author | Stéphane Bidoul <stephane.bidoul@gmail.com> | 2023-04-08 18:57:37 +0200 |
---|---|---|
committer | Stéphane Bidoul <stephane.bidoul@gmail.com> | 2023-04-10 13:21:00 +0200 |
commit | f5f0302516e4adc5b8541832da803784d44b0a0f (patch) | |
tree | 8a361511f2b7b77e5c768e651b5f061b66489f76 /news | |
parent | 0ffc54dca3dd0f64eb9498a37908ae756294da7d (diff) | |
download | pip-f5f0302516e4adc5b8541832da803784d44b0a0f.tar.gz |
Fix --require-hashes trusting link hashes
When a direct URL with hash is provided as a dependency, --require-hash
incorrectly considered the link hash as trusted.
Diffstat (limited to 'news')
-rw-r--r-- | news/11938.bugfix.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/news/11938.bugfix.rst b/news/11938.bugfix.rst new file mode 100644 index 000000000..b299f8e4f --- /dev/null +++ b/news/11938.bugfix.rst @@ -0,0 +1,3 @@ +When package A depends on package B provided as a direct URL dependency including a hash +embedded in the link, the ``--require-hashes`` option did not warn when user supplied hashes +were missing for package B. |