-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
safety fails on prompt-toolkit #490
Comments
The full log of the safety run with --debug on Python 3.6 with minimum package levels: |
@andy-maier thank you for reporting this, we are looking into this right away. |
Hi @andy-maier, thank you for this comprehensive issue report. We have identified the issue and are targeting fixing it in the This is a caching mismatch issue on our vulnerability databases (safety may be getting the index database from fresh data and the detailed one from the local disk cache). It happens occasionally. |
Description
We are running "safety check" on our minimum constraints file.
Since today, this fails only on Python 3.6 with our minimum package levels.
Using the "--debug" option of safety, the traceback and error message is as follows:
Link to GIthub Actions workflow run for this issue: https://github.com/zhmcclient/zhmc-ansible-modules/actions/runs/7494205584/job/20401604268?pr=874
The minimum-constraints.txt file does specify the prompt-toolkit package.
This started happening today and it is reproducable. On a second run where I enabled the "--debug" option of safety, it happened on most (but not all) Python versions where we use minimum package levels (Python 3.6, 3.9, 3.11): https://github.com/zhmcclient/zhmc-ansible-modules/actions/runs/7494205584
The full output of that safety command with the --debug option is attached in the comment below.
This did not happen before today. I could not find new releases of Python packages that might be related to this (e.g. safety, prompt-toolkit, click).
A third run where I increased the version of safety to 2.3.4 failed with all Python versions where we use minimum package levels (Python 3.6, 3.7, 3.9, 3.11, and safety 2.3.4) and on Python 3.11 and 3.12 with latest package levels (and safety 2.3.4).
So it got worse with every retry :-(
We cannot use safety 2.3.5 because it pins "packaging" to <22.0.
Just a guess: Is there something wrong with the prompt-toolkit package in the safety database?
What I Did
https://github.com/zhmcclient/zhmc-ansible-modules
repoPACKAGE_LEVEL=minimum make safety
for using the minimum package levels, ormake safety
for using the latest package levels.This runs:
safety --debug check --policy-file .safety-policy.yml -r minimum-constraints.txt --full-report
The text was updated successfully, but these errors were encountered: