-
|
Is there any reason to have this pin installing all new Cryptography releases: Line 27 in dedf67b They had a significant major version release recently which broke my application. Looks like they bunged up the version tag as well :) https://pypi.org/project/cryptography/#history Something like 'cryptography ~= 2.3' would seem to work better... |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yes we prefer to use the latest cryptography so we do not have to monitor all security release and hard bump what you should use. So a pin to a specific version of cryptography is not something we'll consider. |
Beta Was this translation helpful? Give feedback.
-
|
Hmm yea patch level increases would grab security updates. |
Beta Was this translation helpful? Give feedback.
Yes we prefer to use the latest cryptography so we do not have to monitor all security release and hard bump what you should use.
We try to set as minimum the bare minimum required, and we raise it whenever we start using a feature that requires a newer version of cryptography,
So a pin to a specific version of cryptography is not something we'll consider.