Why I finally stopped trusting ‘pip install’

“Pinning versions gives a false sense of security. Putting requests==2.31.0 in a requirements file feels like enough to sleep soundly.” (Wait, keep some first-person for opinion/past mistake). “For years, I thought pinning versions was enough. Put `requests==2.31.