Open sondrelg opened 3 years ago
Hi!
I'm using Safety with poetry which we run in our CI pipeline like this:
bash -c 'poetry export -f requirements.txt --without-hashes | safety check --stdin
This has worked fine, until today where I'm now seeing this warning output by safety:
safety
Warning: unpinned requirement 'shapely' found in <stdin>, unable to check.
This seems to be explained by the output of the poetry export producing this:
sentry-sdk==<version> shapely @ https://files.pythonhosted.org/packages/42/f3/0e1bc2c4f15e05e30c6b99322b9ddaa2babb3f43bc7df2698efdc1553439/Shapely-<version>.tar.gz shopifyapi==<version>
Would it be possible to support version inference from links to pypi-hosted wheels like this?
Here is an example list of files 🙂
For context: we have to install shapely this way because poetry does not yet support installation with the --no-binary flag (relevant issue)
--no-binary
Description
Hi!
I'm using Safety with poetry which we run in our CI pipeline like this:
This has worked fine, until today where I'm now seeing this warning output by
safety
:This seems to be explained by the output of the poetry export producing this:
Feature request
Would it be possible to support version inference from links to pypi-hosted wheels like this?
Here is an example list of files 🙂
For context: we have to install shapely this way because poetry does not yet support installation with the
--no-binary
flag (relevant issue)