Breaking change on 1.10.0?
Closed this issue · 4 comments
- safety version: 1.10.0, 1.10.1 and 1.10.2
- Python version: 3.9.1
- Operating System: ubuntu-latest
Description
I have many projects using safety for some time now. After upgrading from 1.9.0 to 1.10.0, all pipelines break (also running locally). Also 1.10.2 did not fix the issue.
What I Did
I use a nox session with the command safety check --file=requirements.txt --bare
Error:
nox > Running session safety
nox > Creating virtual environment (virtualenv) using python3.9 in .nox/safety
nox > poetry export --format=requirements.txt --output=.nox/safety/tmp/requirements.txt --dev
nox > pip install --constraint=.nox/safety/tmp/requirements.txt safety
nox > safety check --file=.nox/safety/tmp/requirements.txt --bare
py
nox > Command safety check --file=.nox/safety/tmp/requirements.txt --bare failed with exit code 255
nox > Session safety failed.
Error: Process completed with exit code 1.
Ex. https://github.com/staticdev/irpf-cei/pull/327/checks?check_run_id=1679307781
It is likely to be due to the january update of the safety database (not an issue with the safety package)
You should investigate the underlying packages - possibly py.
Check this PR on my project: hacf-fr/renault-api#127
@epenet I thought it could be something like that. But should´t we see the result instead of just an error code? If is just a new package that is insecure I should see that on the execution logs, right?
If you remove --bare from the safety check, then it will display the details.
The --bare is added to reduce exposure (you don't want the whole world to know what makes your package insecure) but you can remove it temporarily on your local system.
@epenet you are correct, taking off --bare I could see the problem. This is strange, because with --bare I should be able to see unsafe package names. Anyhow I don't have a way to reproduce this non-output case so I am closing this issue (can also be already fixed in latests). Thanks.