Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pip_audit, test: handle invalid requires-python specifiers #447

Merged
merged 2 commits into from
Dec 22, 2022

Conversation

woodruffw
Copy link
Member

We follow pip's lead here and ignore these entirely, treating them as if they don't exist (while also warning the user).

Fixes #445.

See: pypa/packaging#645

Signed-off-by: William Woodruff william@trailofbits.com

We follow `pip`'s lead here and ignore these entirely, treating
them as if they don't exist (while also warning the user).

Fixes #445.

See: pypa/packaging#645

Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw added the component:dep-sources Dependency sources label Dec 22, 2022
@woodruffw woodruffw requested review from di and tetsuo-cpp December 22, 2022 17:55
@woodruffw woodruffw self-assigned this Dec 22, 2022
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
Copy link
Member Author

Example output:

$ pip-audit -r <(echo 'nltk')
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
WARNING:pip_audit._dependency_source.resolvelib.pypi_provider:invalid specifier set for Python version: >=3.5.*
No known vulnerabilities found

...that's a little verbose for the same message over and over again, so I could add some more context (like the candidate being attempted maybe?).

@woodruffw woodruffw merged commit eef643f into main Dec 22, 2022
@woodruffw woodruffw deleted the ww/ignore-invalid-specifiers branch December 22, 2022 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component:dep-sources Dependency sources
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fails to parse data-requires-python with a * char
2 participants