fix: pin requirements.txt to known-good versions (#90)

All 6 packages were fully unpinned, allowing a compromised upstream release to silently introduce malicious code on `pip install`. Pin to current stable versions to ensure reproducible, auditable builds. Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-10 10:43:54 +02:00 · 2026-04-25 06:25:30 +08:00
parent 05f0202536
commit 6740288030
1 changed files with 6 additions and 6 deletions
@@ -1,7 +1,7 @@
 # Core dependencies for build_epub.py
-ebooklib
-markdown
-beautifulsoup4
-httpx
-pillow
-tenacity
+ebooklib==0.18
+markdown==3.7
+beautifulsoup4==4.12.3
+httpx==0.28.1
+pillow==11.1.0
+tenacity==9.0.0