Closed MKapustin closed 1 week ago
@MKapustin : Thanks for your contribution! The author(s) have been notified to review your proposed change.
@ramiMSFT
Can you review the proposed changes?
When the changes are ready for publication, add a #sign-off
comment to signal that the PR is ready for the review team to merge.
@MicrosoftDocs/public-repo-pr-review-team
@MKapustin Thanks for your contribution!
Using
--extra-index-url
makes you vulnerable to dependency confusion attacks because it checks the PyPi repository for the package before it checks the custom repository. Thus it's better to use examples with--index-url
in docs instead, to avoid users thoughtlessly copying the snippet with possible vulnerabilities.