Prior to version 0.14.5 hashin would write write down the hashes of PyPI packages in the order they appear in PyPI's JSON response. That means there's a slight chance that two distinct clients/computers/humans might actually get different output when then run hashin Django==2.1.5.
The pull request has a pretty hefty explanation as it demonstrates the fix.
Do note that if the existing order of hashes in a requirements file is not in the "right" order, hashin won't correct it unless any of the hashes are different.
Thanks @SomberNight for patiently pushing for this.
from Planet Python
via read more
No comments:
Post a Comment