Checking projects using Poetry >= 1.5.0 fails

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

https://safetycli.com/product/safety-cli

MIT License

1.66k stars 141 forks source link

Checking projects using Poetry >= 1.5.0 fails #479

Open plaa opened 11 months ago

plaa commented 11 months ago

safety version: 2.3.5
Python version: 3.10.12
Operating System: MacOS Ventura

Description

Safety uses dparse to parse the poetry.lock file. Poetry deprecated and in 1.5.0 removed writing of the category field into the poetry.lock file, while dparse assumes this field to always be present. Thus safety fails with the exception Malformed poetry lock file for any project using Poetry 1.5.0 (released in May) or newer.

dparse issue: https://github.com/pyupio/dparse/issues/67

yeisonvargasf commented 11 months ago

@plaa, thanks for this report; in the coming month, we are releasing a 3.0 Safety version where this issue is addressed.

Corfucinas commented 11 months ago

@plaa, thanks for this report; in the coming month, we are releasing a 3.0 Safety version where this issue is addressed.

Great! I just ran into this same error

jserpapinto commented 7 months ago

We have also run into this issue.. Fix would be much appreciated!