-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version strings that don't conform to PEP 440 cause a failed audit #138
Labels
Comments
CC: @disconnect3d |
tetsuo-cpp
added
bug
Something isn't working
component:dep-sources
Dependency sources
and removed
bug-candidate
Might be a bug.
labels
Nov 25, 2021
does #139 also address python itself having a version like the stack trace looks different:
|
above crash happens with pip-audit 1.0.0, which seems to include #139 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug description
If
pip-audit
tries to audit an environment that contains a package with a version string that doesn't conform to PEP 440, it will fail like so:This can happen if some Python packages weren't installed from PyPI. In this case, the
python-apt
package that comes bundled with Ubuntu has a version string that contains the actual Ubuntu distribution version.Reproduction steps
pip-audit
without any arguments.Expected behavior
Instead of failing on an invalid version string, it'd be better to log a warning and continue on with the audit similar to how we handle things here.
Platform information
pip-audit
version (pip-audit -V
): 0.07python -V
orpython3 -V
): N/Apip
version (pip -V
orpip3 -V
): N/AThe text was updated successfully, but these errors were encountered: