-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Handle editable pip installs #2731
Commits on Mar 13, 2023
-
fix: Handle editable pip install
Editable pip installs (-e) should be considered secure if the package is installed from a local source or a remote source (VCS install) but pinned by commit hash. To keep the behaviour we have for normal pip installs, we need to guarantee the package dependencies are pinned by hash too. For normal pip installs, we verify that by using --require-hashes flag. Unfortunately, --require-hashes flag is not compatible with editable installs, so we use --no-deps flag to verify the dependencies are not installed since we can't verify if they are pinned. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 0f8c92d - Browse repository at this point
Copy the full SHA 0f8c92dView commit details -
test: Editable pip install in GHA
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for e4668bc - Browse repository at this point
Copy the full SHA e4668bcView commit details -
test: Editable pip install in Dockerfile
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 50def92 - Browse repository at this point
Copy the full SHA 50def92View commit details -
test: Editable pip install in shell script
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 172f367 - Browse repository at this point
Copy the full SHA 172f367View commit details -
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for bca00ac - Browse repository at this point
Copy the full SHA bca00acView commit details -
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for e3f146a - Browse repository at this point
Copy the full SHA e3f146aView commit details -
docs: Add pip editable install references in comments
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 3fb4c49 - Browse repository at this point
Copy the full SHA 3fb4c49View commit details -
fix: Handle multiple packages in editable pip install
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for c3de87b - Browse repository at this point
Copy the full SHA c3de87bView commit details -
test: Multi editable pip install in GHA
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 23617ab - Browse repository at this point
Copy the full SHA 23617abView commit details -
test: Multi editable pip install in Dockerfile
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 78b548d - Browse repository at this point
Copy the full SHA 78b548dView commit details -
test: Multi editable pip install in shell script
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Configuration menu - View commit details
-
Copy full SHA for 6a2c051 - Browse repository at this point
Copy the full SHA 6a2c051View commit details -
Configuration menu - View commit details
-
Copy full SHA for baae4da - Browse repository at this point
Copy the full SHA baae4daView commit details