Comment by inglor
2 hours ago
We mitigate this attack with the very uninspiring "wait 24h before dep upgrades" solution which is luckily already supported in uv.
2 hours ago
We mitigate this attack with the very uninspiring "wait 24h before dep upgrades" solution which is luckily already supported in uv.
Yeah, but uvx has this thing where it can automatically build the latest environment, and pull the latest (unpinned) version, right?