When trying the load the vulnerabilities for a project I get the exception pasted below, which I believe is occuring because the Package object requires a version field, but the Snyk API is not returning one.
Traceback (most recent call last):
File "<string>", line 15, in from_dict
File "<string>", line 15, in <listcomp>
File "<string>", line 15, in <listcomp>
File "<string>", line 18, in from_dict
mashumaro.exceptions.MissingField: Field "version" of type str is missing in Package instance
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "...bin/snyk_deps.py", line 93, in <module>
main(sys.argv[1] == "--dry-run" if len(sys.argv) > 1 else False)
File "...bin/snyk_deps.py", line 59, in main
vulns = {(v.package, None if hasattr(v, "version") else None): float(v.cvssScore) if v.cvssScore is not None else None for v in snyk_proj.vulnerabilities}
File "../homebrew/lib/python3.10/site-packages/snyk/models.py", line 641, in vulnerabilities
foo = flat_map(self._aggregated_issue_to_vulnerabily, aggregated_vulns)
File ".../homebrew/lib/python3.10/site-packages/snyk/utils.py", line 18, in flat_map
return list(chain(*mapped))
File ".../homebrew/lib/python3.10/site-packages/snyk/models.py", line 662, in _aggregated_issue_to_vulnerabily
).all()
File ".../homebrew/lib/python3.10/site-packages/snyk/managers.py", line 450, in all
return self.klass.from_dict(resp.json())
File "<string>", line 22, in from_dict
mashumaro.exceptions.InvalidFieldValue: Field "paths" of type List[List[Package]] in IssuePaths has invalid value [[{'name': 'root'}, {'name': 'net.logstash.logback:logstash-logback-encoder', 'version': '4.11'}, {'name': 'com.fasterxml.jackson.core:jackson-databind', 'version': '2.8.9'}]]
Steps To Reproduce
I'm not sure how to reproduce this, I presume need a Snyk project with a particular set of dependencies.
Is there an existing issue for this?
Description of the bug
When trying the load the vulnerabilities for a project I get the exception pasted below, which I believe is occuring because the
Package
object requires a version field, but the Snyk API is not returning one.Steps To Reproduce
I'm not sure how to reproduce this, I presume need a Snyk project with a particular set of dependencies.
Additional Information
No response