search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Safety does not recognize patch version with asterisk #441

Closed carlosdorneles-mb closed 1 year ago

carlosdorneles-mb commented 1 year ago

Description

In my requirements I use an asterisk (*) in the patch version of the packages. After the last safety-check update the package is not recognizing the patch and returning an error.

What I Did

In my requirements I have the following dependencies:

Django==4.1.*
celery[amqp]==5.2.*

When running the safety-check I get the following error:

❯ safety check --full-report -r requirements/base.txt
Unhandled exception happened: Invalid version: '5.2.*'
Jwomers commented 1 year ago

@carlosdorneles-mb thank you for reporting this. We are discussing internally the best way forward and are working on a fix right away.

yeisonvargasf commented 1 year ago

Hi @carlosdorneles-mb, thank you for reporting this issue; we decided, for now, to use "packaging" versions in >=21.0,<22.0.

We'll make more updates to use new packaging versions in the subsequent minor Safety releases.

I'm closing this because 2.3.5 will work as expected.