All 6 packages were fully unpinned, allowing a compromised upstream release to silently introduce malicious code on `pip install`. Pin to current stable versions to ensure reproducible, auditable builds. Co-authored-by: Claude Code <noreply@anthropic.com>
135 B
135 B