Closed pfmoore closed 4 years ago
pradyunsg
commented
4 years ago I guess, it's as active as pipenv is. :)
Seriously though, I've view pipenv as a stop-gap solution to pip actually solving the requirements.txt is both "user input" and "lockfile" problem with a "Requirements 2.0". I think I'm gonna start hitting that problem, once the resolver is out.
pradyunsg
commented
4 years ago FWIW, those security vulnerabilities are in examples/Pipfile.lock, so they're not exactly "real". :)
pfmoore
commented
4 years ago It would be nice if they could be addressed "somehow", though, so I don't get spammed with vulnerability reports. Personally, I don't know what to do about them (short of trying to work out how to fix them myself...)
rmax
commented
4 years ago PR #127 updates the examples lock file.
pradyunsg
commented
4 years ago Okay, closing this! Thanks @rmax! ^>^
I'm seeing security vulnerability alerts for it that and the last commit was 18 months ago. Is this still being used, or should it be archived somehow?
As a PyPA project, I think it should at a minimum be keeping up with security alerts.