search

pypa / gh-action-pip-audit

A GitHub Action for pip-audit
https://github.com/marketplace/actions/gh-action-pip-audit
Apache License 2.0
68 stars 12 forks source link

pip-audit >= 2.5.0 looks to give inconsistent errors about unexpected end of data #35

Closed mmaeng closed 1 year ago

mmaeng commented 1 year ago

Tested with pip-audit 2.5.0, 2.5.1, 2.5.2, random runs fail with the below error message but will succeed on re-run. Reverting to pip-audit==2.4.13 resolved the errors

[Errno 2] No such file or directory: '/tmp/pip-audit-output.txt'
⚠️ pip-audit did not return any output
Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/__main__.py", line 8, in <module>
    audit()
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_cli.py", line 449, in audit
    for spec, vulns in auditor.audit(source):
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_audit.py", line 67, in audit
    for dep, vulns in self._service.query_all(specs):
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_service/interface.py", line 154, in query_all
    for spec in specs:
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_dependency_source/requirement.py", line 113, in collect
    yield from self._collect_from_files([Path(f.name) for f in tmp_files])
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_dependency_source/requirement.py", line 147, in _collect_from_files
    ve.create(ve_dir)
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/venv/__init__.py", line 71, in create
    self.post_setup(context)
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_virtual_env.py", line 124, in post_setup
    run(package_install_cmd, log_stdout=True, state=self._state)
  File "/opt/hostedtoolcache/Python/3.7.16/x64/lib/python3.7/site-packages/pip_audit/_subprocess.py", line 68, in run
    return stdout.decode("utf-8")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe2 in position 4140: unexpected end of data
woodruffw commented 1 year ago

Thanks for the report @mmaeng! This looks like an issue with pip-audit itself, rather than an issue with this GitHub Action.

Could you confirm that and, if so, file an issue here? The templates in that repository will help us triage your issue 🙂

woodruffw commented 1 year ago

This should be addressed upstream with 2.5.3. Thanks again @mmaeng!