-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requirements parsing error on some non-normalized spellings in version selection #464
Comments
Thanks for the report! That error (which isn't great -- sorry about that) probably indicates that the underlying Could you re-run your workflow with debugging enabled, i.e.: - name: Run pip-audit
uses: pypa/gh-action-pip-audit@v1.0.4
with:
inputs: requirements-dev.txt
ignore-vulns: PYSEC-2021-427
internal-be-careful-debug: true and share the output from that? |
This is the full traceback with debugging enabled:
|
Hmm, that's a strange one -- it looks like Two things:
|
Looks like a bug in packaging, I filed pypa/packaging#653. In the interim @tserg, you can change that requirement to |
(Since this isn't necessarily an issue with the action, this should probably get moved to pypa/pip-audit instead.) |
Agreed, moving it. |
Looks like we'll be able to resolve once |
Thanks both! Unfortunately, it's not within our control so we will wait for the fix. |
Looks like 23.0 was cut yesterday, so I'll create a bump PR in a moment. |
#471 has the bump. |
This has been cut with |
This issue was migrated from
gh-action-pip-audit
, since the bug being reported isn't in the action itself.Upstream tracking: pypa/packaging#653
Running the following .yml file results in the following error. I am currently trying to troubleshoot an error flagged by
pip-audit
forsetuptools
in the CI environment, and it is likely thatsetuptools
is getting flagged bypip-audit
still, before running into this error.The text was updated successfully, but these errors were encountered: