pax
fef3c237f1
The previous floors-only scheme would let a future `pip install` pull in any new major release of httpx, Pillow, PySide6, or python-mpv — including ones that loosen safety guarantees we depend on (e.g. Pillow's MAX_IMAGE_PIXELS, httpx's redirect-following defaults). Caps each at the next major version. Lock-file generation is still deferred — see TODO.md for the follow-up (would require adding pip-tools as a new dev dep, out of scope for this branch). Audit-Ref: SECURITY_AUDIT.md finding #9 Severity: Low
25 lines
515 B
TOML
25 lines
515 B
TOML
[build-system]
|
|
requires = ["hatchling"]
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "booru-viewer"
|
|
version = "0.2.5"
|
|
description = "Local booru image browser with Qt6 GUI"
|
|
requires-python = ">=3.11"
|
|
dependencies = [
|
|
"httpx>=0.27,<1.0",
|
|
"Pillow>=10.0,<12.0",
|
|
"PySide6>=6.6,<7.0",
|
|
"python-mpv>=1.0,<2.0",
|
|
]
|
|
|
|
[project.scripts]
|
|
booru-viewer = "booru_viewer.main_gui:main"
|
|
|
|
[tool.hatch.build.targets.wheel]
|
|
packages = ["booru_viewer"]
|
|
|
|
[tool.hatch.build.targets.sdist]
|
|
include = ["booru_viewer"]
|