Open dugdug36 opened 3 years ago
Can this be resolved as a matter of high urgency? The vast vast majority of Python packages use those different ways, commonly >=
. But safety
cannot handle that, so useless.
E.g., take this example requirements.txt:
lxml>=4.5.1
lxml 4.5.1 contains a vulnerability but is not flagged by safety
. Only flagged if >=
replaced with ==
Hi @ValueRaider, there is a work in progress related to this; the following minor Safety versions will be able to handle this.
Description
Hello, As you know we have many differents way to put requirements.txt:
~=: Compatible release clause !=: Version exclusion clause <=, >=: Inclusive ordered comparison clause <, >: Exclusive ordered comparison clause flask: without version ===: Arbitrary equality clause. https://www.python.org/dev/peps/pep-0440/#public-version-identifiers
How to manage this kind of practice ? List versions included ?
I tried to list like this :
@Jwomers @mgedmin @benjaminp @maratsh @duncm