4.0.2 re-introduced pip as a dependency. However, it specifies pip 25.3. pip 26.x is the latest version. Using version 25.3 causes conflicts in my dependency graph as well as triggering security vulnerability alerts as described by https://cwe.mitre.org/data/definitions/22.html and reported in CVE-2026-1703
4.0.2 re-introduced pip as a dependency. However, it specifies pip 25.3. pip 26.x is the latest version. Using version 25.3 causes conflicts in my dependency graph as well as triggering security vulnerability alerts as described by https://cwe.mitre.org/data/definitions/22.html and reported in CVE-2026-1703