You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#349 demonstrates a need for this: when we call pip install some-sdist.tar.gz internally, it might fail if the distribution itself is broken or has an unreliable build system.
At the moment, we surface that with an uncontrolled exception, which makes the error appear as if it's within pip-audit and not the project's build:
Traceback (most recent call last):
File "/app/.local/bin/pip-audit", line 8, in <module>
sys.exit(audit())
File "/app/.local/lib/python3.10/site-packages/pip_audit/_cli.py", line 428, in audit
for (spec, vulns) in auditor.audit(source):
File "/app/.local/lib/python3.10/site-packages/pip_audit/_audit.py", line 66, in audit
for dep, vulns in self._service.query_all(specs):
File "/app/.local/lib/python3.10/site-packages/pip_audit/_service/interface.py", line 148, in query_all
for spec in specs:
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/requirement.py", line 120, in collect
for _, dep in self._collect_cached_deps(filename, reqs):
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/requirement.py", line 320, in _collect_cached_deps
for req, resolved_deps in self._resolver.resolve_all(iter(req_values)):
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/interface.py", line 87, in resolve_all
yield (req, self.resolve(req))
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/resolvelib.py", line 75, in resolve
result = self.resolver.resolve([req])
File "/app/.local/lib/python3.10/site-packages/resolvelib/resolvers.py", line 481, in resolve
state = resolution.resolve(requirements, max_rounds=max_rounds)
File "/app/.local/lib/python3.10/site-packages/resolvelib/resolvers.py", line 373, in resolve
failure_causes = self._attempt_to_pin_criterion(name)
File "/app/.local/lib/python3.10/site-packages/resolvelib/resolvers.py", line 213, in _attempt_to_pin_criterion
criteria = self._get_updated_criteria(candidate)
File "/app/.local/lib/python3.10/site-packages/resolvelib/resolvers.py", line 203, in _get_updated_criteria
for requirement in self._p.get_dependencies(candidate=candidate):
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 370, in get_dependencies
return candidate.dependencies
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 120, in dependencies
self._dependencies = list(self._get_dependencies())
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 102, in _get_dependencies
deps: List[str] = self.metadata.get_all("Requires-Dist", [])
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 95, in metadata
self._metadata = self._get_metadata_for_sdist()
File "/app/.local/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 163, in _get_metadata_for_sdist
ve.create(ve_dir)
File "/usr/local/lib/python3.10/venv/__init__.py", line 78, in create
self.post_setup(context)
File "/app/.local/lib/python3.10/site-packages/pip_audit/_virtual_env.py", line 106, in post_setup
raise VirtualEnvError(f"Failed to install packages: {package_install_cmd}") from cpe
pip_audit._virtual_env.VirtualEnvError: Failed to install packages: ['/tmp/tmp3dhmfebg/bin/python', '-m', 'pip', 'install', '/tmp/tmpoec42g0s/uwsgi-2.0.20.tar.gz']
We should tweak this to surface the build's underlying error, along with some guidance suggesting that the error is probably not pip-audit's fault and should be reported downstream instead.
The text was updated successfully, but these errors were encountered:
#349 demonstrates a need for this: when we call
pip install some-sdist.tar.gz
internally, it might fail if the distribution itself is broken or has an unreliable build system.At the moment, we surface that with an uncontrolled exception, which makes the error appear as if it's within
pip-audit
and not the project's build:We should tweak this to surface the build's underlying error, along with some guidance suggesting that the error is probably not
pip-audit
's fault and should be reported downstream instead.The text was updated successfully, but these errors were encountered: