Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Really rapid firing here aren't I. This is a silly question: Is there any way to explicitly allow a dependency conflict. I'm trying to use a package that wants `protobuf&lt;3.18`. There were some important security vulnerabilities fixed since that we have to restrict to `protobuf&gt;3.19` in our repo. Result is there is no way for me to add the package to my project. The risk of not being able to resolve dependencies is that the project may not work, but I'm fairly confident it will with some tickets I've seen. So, I'm wondering if it's possible to ignore this dependency mismatch while I wait for an upstream fix? The only alternative I can think is to fork the dependency and bump it myself, but that seems like a large undertaking.

<https://pantsbuild.slack.com/archives/C046T6T9U/p1670951228617049?thread_ts=1670951228.617049&amp;cid=C046T6T9U|https://pantsbuild.slack.com/archives/C046T6T9U/p1670951228617049?thread_ts=1670951228.617049&amp;cid=C046T6T9U>

Not too large if you fork and flip your requirement to a vcs one.