What's Changed
- 🐛 fix(periodic-update): refuse unverified HTTPS to PyPI by default by @gaborbernat in #3122
- 🐛 fix(zipapp): enforce ROOT containment with Path.relative_to by @gaborbernat in #3121
- 🐛 fix(seed): validate distribution and version before pip download by @gaborbernat in #3120
- 🐛 fix(seed): verify sha256 of bundled wheels on load by @gaborbernat in #3119
- 🐛 fix(seed): validate wheel zip entries before extraction by @gaborbernat in #3118
Full Changelog: 21.2.3...21.2.4