You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are running "safety check" on our minimum constraints file.
Since today, this fails only on Python 3.6 with our minimum package levels.
Using the "--debug" option of safety, the traceback and error message is as follows:
2024-01-11 20:37:38,176 safety.cli => Unexpected Exception happened: 'prompt-toolkit'
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.6.15/x64/lib/python3.6/site-packages/safety/cli.py", line 146, in check
params=params)
File "/opt/hostedtoolcache/Python/3.6.15/x64/lib/python3.6/site-packages/safety/util.py", line 601, in new_func
return f(*args, **kwargs)
File "/opt/hostedtoolcache/Python/3.6.15/x64/lib/python3.6/site-packages/safety/safety.py", line 336, in check
for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
File "/opt/hostedtoolcache/Python/3.6.15/x64/lib/python3.6/site-packages/safety/safety.py", line 229, in get_vulnerabilities
for entry in db[pkg]:
KeyError: 'prompt-toolkit'
Unhandled exception happened: 'prompt-toolkit'
The minimum-constraints.txt file does specify the prompt-toolkit package.
This started happening today and it is reproducable. On a second run where I enabled the "--debug" option of safety, it happened on most (but not all) Python versions where we use minimum package levels (Python 3.6, 3.9, 3.11): https://github.com/zhmcclient/zhmc-ansible-modules/actions/runs/7494205584
The full output of that safety command with the --debug option is attached in the comment below.
This did not happen before today. I could not find new releases of Python packages that might be related to this (e.g. safety, prompt-toolkit, click).
A third run where I increased the version of safety to 2.3.4 failed with all Python versions where we use minimum package levels (Python 3.6, 3.7, 3.9, 3.11, and safety 2.3.4) and on Python 3.11 and 3.12 with latest package levels (and safety 2.3.4).
So it got worse with every retry :-(
We cannot use safety 2.3.5 because it pins "packaging" to <22.0.
Just a guess: Is there something wrong with the prompt-toolkit package in the safety database?
What I Did
Clone the https://github.com/zhmcclient/zhmc-ansible-modules repo
In a new virtual python env on one of the Python versions mentioned above, run: PACKAGE_LEVEL=minimum make safety for using the minimum package levels, or make safety for using the latest package levels.
This runs: safety --debug check --policy-file .safety-policy.yml -r minimum-constraints.txt --full-report
The text was updated successfully, but these errors were encountered:
Hi @andy-maier, thank you for this comprehensive issue report. We have identified the issue and are targeting fixing it in the 3.0.1 release.
This is a caching mismatch issue on our vulnerability databases (safety may be getting the index database from fresh data and the detailed one from the local disk cache). It happens occasionally.
Description
We are running "safety check" on our minimum constraints file.
Since today, this fails only on Python 3.6 with our minimum package levels.
Using the "--debug" option of safety, the traceback and error message is as follows:
Link to GIthub Actions workflow run for this issue: https://github.com/zhmcclient/zhmc-ansible-modules/actions/runs/7494205584/job/20401604268?pr=874
The minimum-constraints.txt file does specify the prompt-toolkit package.
This started happening today and it is reproducable. On a second run where I enabled the "--debug" option of safety, it happened on most (but not all) Python versions where we use minimum package levels (Python 3.6, 3.9, 3.11): https://github.com/zhmcclient/zhmc-ansible-modules/actions/runs/7494205584
The full output of that safety command with the --debug option is attached in the comment below.
This did not happen before today. I could not find new releases of Python packages that might be related to this (e.g. safety, prompt-toolkit, click).
A third run where I increased the version of safety to 2.3.4 failed with all Python versions where we use minimum package levels (Python 3.6, 3.7, 3.9, 3.11, and safety 2.3.4) and on Python 3.11 and 3.12 with latest package levels (and safety 2.3.4).
So it got worse with every retry :-(
We cannot use safety 2.3.5 because it pins "packaging" to <22.0.
Just a guess: Is there something wrong with the prompt-toolkit package in the safety database?
What I Did
https://github.com/zhmcclient/zhmc-ansible-modules
repoPACKAGE_LEVEL=minimum make safety
for using the minimum package levels, ormake safety
for using the latest package levels.This runs:
safety --debug check --policy-file .safety-policy.yml -r minimum-constraints.txt --full-report
The text was updated successfully, but these errors were encountered: