steveriggins, 23 days ago So yeah you can pin a #swift package manager package to a reference, but that doesn’t pin any dependencies it has. How are people locking down the entire SPM tree for security purposes?
So yeah you can pin a #swift package manager package to a reference, but that doesn’t pin any dependencies it has.
How are people locking down the entire SPM tree for security purposes?
finestructure, 23 days ago @steveriggins Commit your Package.resolved and compile with --disable-automatic-resolution. This will make the build break if there's drift between what the manifest specifies and what resolved has locked in.
@steveriggins Commit your Package.resolved and compile with --disable-automatic-resolution. This will make the build break if there's drift between what the manifest specifies and what resolved has locked in.
--disable-automatic-resolution
resolved
Add comment