Closed staticdev closed 3 years ago
epenet
commented
3 years ago It is likely to be due to the january update of the safety database (not an issue with the safety package)
You should investigate the underlying packages - possibly py.
Check this PR on my project: https://github.com/hacf-fr/renault-api/pull/127
staticdev
commented
3 years ago @epenet I thought it could be something like that. But should´t we see the result instead of just an error code? If is just a new package that is insecure I should see that on the execution logs, right?
epenet
commented
3 years ago If you remove --bare from the safety check, then it will display the details.
The --bare is added to reduce exposure (you don't want the whole world to know what makes your package insecure) but you can remove it temporarily on your local system.
staticdev
commented
3 years ago @epenet you are correct, taking off --bare I could see the problem. This is strange, because with --bare I should be able to see unsafe package names. Anyhow I don't have a way to reproduce this non-output case so I am closing this issue (can also be already fixed in latests). Thanks.
Description
I have many projects using safety for some time now. After upgrading from 1.9.0 to 1.10.0, all pipelines break (also running locally). Also 1.10.2 did not fix the issue.
What I Did
I use a nox session with the command
safety check --file=requirements.txt --bareError:
Ex. https://github.com/staticdev/irpf-cei/pull/327/checks?check_run_id=1679307781