From 8e8490976cefb150b67b30e56badeb838081c8d5 Mon Sep 17 00:00:00 2001 From: Gavin D'souza Date: Mon, 7 Jun 2021 14:10:49 +0530 Subject: [PATCH] fix: Remove frappe from boilerplate requirements.txt Remove frappe from new app boilerplates to avoid possible supply chain attacks. Don't make pip fetch frappe from PyPI --- frappe/utils/boilerplate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/utils/boilerplate.py b/frappe/utils/boilerplate.py index 92150b79cf..e80410393d 100755 --- a/frappe/utils/boilerplate.py +++ b/frappe/utils/boilerplate.py @@ -70,7 +70,7 @@ def make_boilerplate(dest, app_name): f.write(frappe.as_unicode(setup_template.format(**hooks))) with open(os.path.join(dest, hooks.app_name, "requirements.txt"), "w") as f: - f.write("frappe") + f.write("# frappe -- https://github.com/frappe/frappe is installed via 'bench init'") with open(os.path.join(dest, hooks.app_name, "README.md"), "w") as f: f.write(frappe.as_unicode("## {0}\n\n{1}\n\n#### License\n\n{2}".format(hooks.app_title,