InvenTree

Mirrored_Repos/InvenTree

Fork 0

mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	d99b6ae81b	Bump requests from 2.31.0 to 2.32.1 in /.github (#7282 ) * --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix req --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matthias Mair <code@mjmair.com>	2024-05-22 09:39:02 +10:00
Matthias Mair	83191d3fbf	Improve reproduciblity of image (#7120 ) * hard-pin doc requirements * update docs and commands * hard pin container requirements * check hashes in image build * remove seperate uv install (is in base_requirements) * containers already ships 3.11 - adjust packaging * move build deps to general ci requirements * install yarn using native tools Closes https://github.com/inventree/InvenTree/security/code-scanning/95 Closes https://github.com/inventree/InvenTree/security/code-scanning/96 * merge install steps * adapt install command args to be similar * adapt docs to suggest safer install arg * fix install path * update dependabot settings	2024-04-29 11:04:45 +10:00
Matthias Mair	938c724395	Pin hashes in requirements (#7081 ) * use global pin for requests * unify on yaml for workflo files * format workflow files * pin action versions * fix pinned version * use system venv * switch args * remove uv for now and add setting for pyyaml * use requirements file * also switch on docker flow * generate hashes * added hashes to reqs * add hashes for CI too * add hash checking * require hashes everywhere possible * require hashes where possible in docker	2024-04-23 17:15:52 +10:00

Author

SHA1

Message

Date

dependabot[bot]

d99b6ae81b

Bump requests from 2.31.0 to 2.32.1 in /.github (#7282 )

* ---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>

2024-05-22 09:39:02 +10:00

Matthias Mair

83191d3fbf

Improve reproduciblity of image (#7120 )

* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings

2024-04-29 11:04:45 +10:00

Matthias Mair

938c724395

Pin hashes in requirements (#7081 )

* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* use requirements file

* also switch on docker flow

* generate hashes

* added hashes to reqs

* add hashes for CI too

* add hash checking

* require hashes everywhere possible

* require hashes where possible in docker

2024-04-23 17:15:52 +10:00

3 Commits