Is your feature request related to a problem? Please describe.
We'd like to more easily bump the versions for packages that have CVEs in them to streamline our vulnerability management. It's so much easier to upgrade the version and run some tests to validate functionality vs creating a security exception and proving our implementation isn't vulnerable to the specific CVE.
An example is CVE-2026-23528 (for Dask)
Describe the solution you'd like
Loosen the version constraints that are applied to allow newer versions more easily.
Describe alternatives you've considered
Open to suggestions.
Additional context
We're using latest 2.4.3 on a custom Linux base image
Is your feature request related to a problem? Please describe.
We'd like to more easily bump the versions for packages that have CVEs in them to streamline our vulnerability management. It's so much easier to upgrade the version and run some tests to validate functionality vs creating a security exception and proving our implementation isn't vulnerable to the specific CVE.
An example is CVE-2026-23528 (for Dask)
Describe the solution you'd like
Loosen the version constraints that are applied to allow newer versions more easily.
Describe alternatives you've considered
Open to suggestions.
Additional context
We're using latest 2.4.3 on a custom Linux base image