Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-02-17 13:52:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

deps: Pin Python dev dependencies and lock hashes to remediate security alert 302 (#4173)

Browse Source 
## Description of Changes

- **What was changed**
- Added `.github/scripts/requirements_dev.in` and an autogenerated,
hash-locked `.github/scripts/requirements_dev.txt` to control Python dev
dependencies via `pip-compile`.
- **Why the change was made**
- To remediate a GitHub code scanning alert by removing vulnerable
transitive ranges and ensuring reproducible installs with vetted
versions and hashes.
- **Any challenges encountered**
- Reconciling version constraints among image/PDF tooling (e.g., Pillow,
pdf2image, OpenCV, WeasyPrint) while keeping wheels available across CI
platforms.
- Ensuring the generated lockfile remains maintainable and can be
refreshed with `pip-compile` when needed.



Closes
#https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/302

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
This commit is contained in:
Ludy
2025-08-24 23:03:12 +02:00
committed by GitHub
parent 73df0ae1a8
commit f5f011f1e0
3 changed files with 648 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile.dev
View File

@@ -34,10 +34,10 @@ ENV SETUPTOOLS_USE_DISTUTILS=local \
TMP=/tmp/stirling-pdf
# Installation der benötigten Python-Pakete
COPY .github/scripts/requirements_dev.txt /tmp/requirements_dev.txt
RUN python3 -m venv --system-site-packages /opt/venv \
&& . /opt/venv/bin/activate \
&& pip install --no-cache-dir --upgrade pip setuptools \
&& pip install --no-cache-dir WeasyPrint pdf2image pillow unoserver opencv-python-headless pre-commit
&& pip install --no-cache-dir --require-hashes -r /tmp/requirements_dev.txt
# Füge den venv-Pfad zur globalen PATH-Variable hinzu, damit die Tools verfügbar sind
ENV PATH="/opt/venv/bin:$PATH"