Exclude transitive dependency from requirements.txt #355
Description
Hi,
Context:
I am new to Python coding.
numpy version 1.21.5 has a security vulnerability numpy/numpy#18993.
This dependency is a transitive dependency not a direct dependency. We are sure that in our code we are not using any functionality that requires this
transitive dependency.
Request:
Is there any way to configure the requirement.txt to exclude transitive dependency ?
I see the issue is fixed in version 1.22.0* ---- unfortunately this is not in a stable release yet -- what is the time line for version 1.22.0 to become stable?
Please any help is really appreciated. Please do respond.