InfoWorld

New Python lock file format will specify dependencies

Human-readable and machine-generated lock file will specify what direct and indirect dependencies should be installed into a Python environment. Python’s builders have accepted a proposal to create a ...
ZDNet

More than 75% of all vulnerabilities reside in indirect dependencies

The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components. "Aggregating the numbers from all ...