Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a warning about "dependency confusion" vulnerability #9647

Merged
merged 5 commits into from
Apr 3, 2021

Conversation

vanschelven
Copy link
Contributor

See #9612

@pradyunsg
Copy link
Member

pradyunsg commented Feb 23, 2021

I'm on board for adding this, and in agreement with @uranusjr that we should use the Microsoft whitepaper here.

This'll cause "fun" conflicts with #9474, but I can deal with that. :)

@pradyunsg pradyunsg changed the title Documentation: add a warning about "dependency confusion" vulnerability Add a warning about "dependency confusion" vulnerability Feb 23, 2021
@pradyunsg pradyunsg added the type: docs Documentation related label Feb 23, 2021
news/9647.doc.rst Outdated Show resolved Hide resolved
Co-authored-by: Tzu-ping Chung <uranusjr@gmail.com>
@vanschelven
Copy link
Contributor Author

vanschelven commented Mar 31, 2021

This PR seems to have stalled... anything I can do to move it along?

@BrownTruck
Copy link
Contributor

Hello!

I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the master branch into this pull request or rebase this pull request against master then it will be eligible for code review and hopefully merging!

@BrownTruck BrownTruck added the needs rebase or merge PR has conflicts with current master label Apr 2, 2021
@pypa-bot pypa-bot removed the needs rebase or merge PR has conflicts with current master label Apr 3, 2021
@uranusjr uranusjr merged commit fe27218 into pypa:main Apr 3, 2021
@pradyunsg
Copy link
Member

Thanks @vanschelven, and appreciate the nudge here! :)

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: docs Documentation related
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants