boilerplate-language / boilerplate-python

Template for python
https://kannkyo.github.io/boilerplate-python/html/
MIT License
0 stars 1 forks source link

Fix code scanning alert - Pinned-Dependencies (pip) #39

Open kannkyo opened 2 years ago

kannkyo commented 2 years ago

Tracking issue for:

kannkyo commented 2 years ago

コマンドラインでハッシュしているすると、エラーになる。

$ pip install -U --require-hashes flake8==4.0.1 \ --hash=sha256:479b1304f72536a55948cb40a32dce8bb0ffe3501e26eaf292c7e60eb5e0428d

Defaulting to user installation because normal site-packages is not writeable
ERROR: Invalid requirement: '--hash=sha256:479b1304f72536a55948cb40a32dce8bb0ffe3501e26eaf292c7e60eb5e0428d'
Hint: = is not a valid operator. Did you mean == ?
WARNING: There was an error checking the latest version of pip.
kannkyo commented 2 years ago

マニュアル的には、requriements.txtを書かないとダメっぽい。

https://pip.pypa.io/en/latest/topics/secure-installs/#hash-checking-mode