python: cooldown for new dependencies in pip_compile
- ID
ef6c8a4- date
2026-03-31 19:26:19+00:00- author
Alex Chan <alex@alexwlchan.net>- parent
fb355cf- message
python: cooldown for new dependencies in pip_compile- changed files
1 file, 15 additions, 1 deletion
Changed files
python/pip_compile (1460) → python/pip_compile (1879)
diff --git a/python/pip_compile b/python/pip_compile
index bb19739..aefaefc 100755
--- a/python/pip_compile
+++ b/python/pip_compile
@@ -27,7 +27,21 @@ def compile_requirements_file(in_file: str, *, upgrade: bool, no_cache: bool) ->
return
# Construct the `uv pip compile` command.
- cmd = ["uv", "pip", "compile", in_file, "--output-file", txt_file]
+ cmd = [
+ "uv",
+ "pip",
+ "compile",
+ in_file,
+ f"--output-file={txt_file}",
+ #
+ # Exclude dependencies which are less than 7 days old; this is
+ # a mitigation against supply chain attacks and installing
+ # recently-published malicious code on my computer.
+ "--exclude-newer=P7D",
+ #
+ # Allow installing new versions of my own packages
+ "--exclude-newer-package", "alexwlchan-chives=false",
+ ]
if upgrade:
cmd.append("--upgrade")