safety-schemas repo? - Githubissues

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

https://safetycli.com/product/safety-cli

MIT License

1.75k stars 150 forks source link

safety-schemas repo? #494

Open dotlambda opened 10 months ago

dotlambda commented 10 months ago

It seems like https://pypi.org/project/safety-schemas/ was only published on PyPI. It would be nice if you could also publish its git repository.

yeisonvargasf commented 10 months ago

@dotlambda, yes, we will publish safety-schemas, despite I can't give you any ETA on that yet, but we will publish it once it is ready to be used/integrated for third party Python tools; at the moment, it lacks enough documentation for external usage.

I'll keep this issue open until we publish the safety-schemas repo.

hugovk commented 8 months ago

packaging 24.0 has been released:

https://pypi.org/project/packaging/24.0/

safety-schemas requires packaging<=23.0: This causes warnings:

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
safety-schemas 0.0.1 requires packaging<=23.0,>=21.0, but you have packaging 23.2 which is incompatible.
safety-schemas 0.0.1 requires pydantic<2.0.0,>=1.10.12, but you have pydantic 2.6.4 which is incompatible.

Please could you update, or better yet, remove the upper version pin? (See https://iscinumpy.dev/post/bound-version-constraints/ for the long version against upper pins.)

Would be nice to update/remove the pydantic, but that might be harder?

nfelt14 commented 1 month ago

It appears that the latest release of safety-schemas is broken on Python 3.8. This means safety is broken on Python 3.8.

dylanpulver commented 1 month ago

It appears that the latest release of safety-schemas is broken on Python 3.8. This means safety is broken on Python 3.8.

Hi @nfelt14, thank you for bringing this to our attention. Do you have any more details you can share on the issue you are facing? We are committed to resolving the issue as fast as we can. Any more details you can share will help us get it resolved faster!

dylanpulver commented 1 month ago

We have temporarily yanked safety-schemas version 0.0.6 to avoid any downtime

nfelt14 commented 1 month ago

We have temporarily yanked safety-schemas version 0.0.6 to avoid any downtime

I don't have the traceback handy, but the crash was caused by using list[] in a dataclass, I believe. Python 3.8 doesn't allow subscripting the builtin types.

dylanpulver commented 1 month ago

@nfelt14 Thank you for these details, it was helpful for us to resolve the issue. Safety-schemas 0.0.8 is now available which should resolve these issues! Please let us know if you face any additional issues.