Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-08-29 13:48:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
dependabot/docker/gradle-9.0-jdk21
Stirling-PDF/.github
History
Ludy f5f011f1e0
deps: Pin Python dev dependencies and lock hashes to remediate security alert 302 (#4173) 
## Description of Changes

- **What was changed**
- Added `.github/scripts/requirements_dev.in` and an autogenerated,
hash-locked `.github/scripts/requirements_dev.txt` to control Python dev
dependencies via `pip-compile`.
- **Why the change was made**
- To remediate a GitHub code scanning alert by removing vulnerable
transitive ranges and ensuring reproducible installs with vetted
versions and hashes.
- **Any challenges encountered**
- Reconciling version constraints among image/PDF tooling (e.g., Pillow,
pdf2image, OpenCV, WeasyPrint) while keeping wheels available across CI
platforms.
- Ensuring the generated lockfile remains maintainable and can be
refreshed with `pip-compile` when needed.



Closes
#https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/302

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
2025-08-24 22:03:12 +01:00
..
actions/setup-bot Standardize GitHub App Bot Authentication Across Workflows (#3582) 2025-05-27 12:36:41 +01:00
config chore(ci): include testing/** in file change detection for docker-compose-tests workflow (#4206) 2025-08-21 10:31:25 +01:00
ISSUE_TEMPLATE
scripts deps: Pin Python dev dependencies and lock hashes to remediate security alert 302 (#4173) 2025-08-24 22:03:12 +01:00
workflows build(gradle): include all subprojects in license report generation (#4170) 2025-08-24 21:44:50 +01:00
CODEOWNERS Update CODEOWNERS (#4158) 2025-08-09 15:09:26 +01:00
dependabot.yml
labeler-config-srvaroa.yml chore(labeler): add new 'v2' label and expand matching rules (#4172) 2025-08-11 10:26:57 +01:00
labels.yml chore(labeler): add new 'v2' label and expand matching rules (#4172) 2025-08-11 10:26:57 +01:00
pull_request_template.md docs: restructure documentation paths, update PR template links, and add exception handling guide (#3885) 2025-07-07 09:49:44 +01:00
release.yml Add Devtools labels and update labeler configuration (#3148) 2025-03-10 08:20:04 +00:00