Describe the bug
There's a cycle between oletools and pcodedmp, as the maintainers would already know, and this is causing an issue when bazel tries to pull these packages using pip_parse. The difference between bazel and pip comes from the fact that pip doesn't enforce acyclic dependency graphs in dependencies as opposed to bazel that can build a DAG only.
Affected tool: bazel
Describe the bug There's a cycle between
oletools
andpcodedmp
, as the maintainers would already know, and this is causing an issue when bazel tries to pull these packages usingpip_parse
. The difference between bazel and pip comes from the fact that pip doesn't enforce acyclic dependency graphs in dependencies as opposed to bazel that can build a DAG only.File/Malware sample to reproduce the bug
How To Reproduce the bug You can create a bazel workspace that pulls
oletools==0.60.1
using pip_parse rule from rules_python.Expected behavior The expected behaviour is that there's no cycle in transitive dependencies of oletools including itself.
Console output / Screenshots n/a
Version information:
Additional context n/a