Release 3.0.0 requirement pydantic<2.0 breaks our project

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

https://safetycli.com/product/safety-cli

MIT License

1.66k stars 141 forks source link

Release 3.0.0 requirement pydantic<2.0 breaks our project #504

Open bfilipov opened 4 months ago

bfilipov commented 4 months ago

Since release 3.0.0 there is the following dependency for safety: pydantic>=1.10.12,<2.0

That makes it backward incompatible for our project, since we are currently using the latest release of pydantic - 2.6.1

adiroiban commented 3 months ago

Another problem with 3.1.0 release. It depends on dparse>=0.6.4b0 but 0.6.4 was not released yet ... with beta released in Oct 2023 :(

Zeckie commented 3 weeks ago

Is there any reason why safety needs to be in the same venv as the rest of the project?

Installing in a separate venv will mean that it can have separate set of dependencies from the main project (but also that there is now an additional venv to manage).