-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fails to parse data-requires-python with a *
char
#445
Comments
Thanks for the report! This is an interesting one: the error here is coming from |
(At the very least, however, this shouldn't cause a hard failure -- we should produce a warning and possibly just ignore the specifier instead.) |
Yep, definitely localized to >>> from packaging.specifiers import Specifier
>>> Specifier(">=3.5.*")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/william/devel/pip-audit/env/lib/python3.7/site-packages/packaging/specifiers.py", line 234, in __init__
raise InvalidSpecifier(f"Invalid specifier: '{spec}'")
packaging.specifiers.InvalidSpecifier: Invalid specifier: '>=3.5.*'
>>> import packaging
>>> packaging.__version__
'22.0' |
PEP 440 doesn't say it directly, but the language implies that the In particular, a comparison like I'll raise an upstream issue with |
Looks like this is indeed an invalid specifier, and the most recent version of |
|
Based on pypa/packaging#645, I think it's interpreting it as a |
Yep, here's what they do: TL;DR they ignore the |
|
Makes sense, thanks for confirming! It looks like the current behavior is to ignore invalid specifiers (even if it isn't currently triggered for these ones yet), so we'll mimic that for now 🙂 |
We follow `pip`'s lead here and ignore these entirely, treating them as if they don't exist (while also warning the user). Fixes #445. See: pypa/packaging#645 Signed-off-by: William Woodruff <william@trailofbits.com>
* pip_audit, test: handle invalid requires-python specifiers We follow `pip`'s lead here and ignore these entirely, treating them as if they don't exist (while also warning the user). Fixes #445. See: pypa/packaging#645 Signed-off-by: William Woodruff <william@trailofbits.com> * CHANGELOG: record changes Signed-off-by: William Woodruff <william@trailofbits.com> Signed-off-by: William Woodruff <william@trailofbits.com>
Thanks again for reporting @j0ack! Let us know if this is currently blocking your use of |
You're very welcome @woodruffw, I did not think the issue would be resolved only few hours after posting it. I think it will work with the code you merged in #447 Thank you |
@woodruffw is there an expected date as to when the fix for this might be released? |
@krishnasism If this is blocking your use of |
It is definitely blocking my usage. |
@krishnasism we've cut 2.4.11 with the fix; it should be available on PyPI momentarily. Thanks for letting us know! |
@woodruffw @tetsuo-cpp thanks a lot. It works like a charm now! 😄 |
Excellent, glad to hear it! |
Bug description
pip-audit
raises anInvalidSpecifier
error when trying to parse adata-requires-python
key containing a*
from pypi.Seems related to this old issue : #138
Reproduction steps
I found the
nltk
package wich contains this link in its pypi page raising the mentioned error:To reproduce, we only need to launch a
pip-audit
with this dependency.Screenshots and logs
Platform information
The text was updated successfully, but these errors were encountered: