Safety does not recognize patch version with asterisk

Question

Safety does not recognize patch version with asterisk

carlosdorneles-mb opened this issue 2 years ago · 2 comments

safety version: 2.3.4
Python version: 3.10.8
Operating System: macOS

Description

In my requirements I use an asterisk (*) in the patch version of the packages. After the last safety-check update the package is not recognizing the patch and returning an error.

What I Did

In my requirements I have the following dependencies:

Django==4.1.*
celery[amqp]==5.2.*

When running the safety-check I get the following error:

❯ safety check --full-report -r requirements/base.txt
Unhandled exception happened: Invalid version: '5.2.*'

Answer 1 · 2022-12-08T03:54:51.000Z

@carlosdorneles-mb thank you for reporting this. We are discussing internally the best way forward and are working on a fix right away.

Answer 2 · 2022-12-08T19:12:38.000Z

Hi @carlosdorneles-mb, thank you for reporting this issue; we decided, for now, to use "packaging" versions in >=21.0,<22.0.

We'll make more updates to use new packaging versions in the subsequent minor Safety releases.

I'm closing this because 2.3.5 will work as expected.