pypa: TypeError: string indices must be integers, not 'str'

[brondsem]

Not sure if this is a skjold or pypa data issue, but running this command gives the following error. Just started recently

echo 'aiohttp-session==2.12.0' | skjold audit -s pypa -f requirements.txt -
triggers

Traceback (most recent call last):
  File "py311venv/bin/skjold", line 8, in <module>
    sys.exit(cli())
             ^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/decorators.py", line 84, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/skjold/cli.py", line 186, in audit_
    findings = audit(config, packages, ignore=ignore)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/skjold/tasks.py", line 221, in audit
    if source.has_security_advisory_for(dependency):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/skjold/sources/pypa.py", line 65, in has_security_advisory_for
    return dependency.canonical_name in self.advisories.keys()
                                        ^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/skjold/core.py", line 123, in advisories
    self.populate_from_cache()
  File "py311venv/lib/python3.11/site-packages/skjold/sources/pypa.py", line 44, in populate_from_cache
    advisories = OSVSecurityAdvisory.using(doc)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "py311venv/lib/python3.11/site-packages/skjold/sources/osv.py", line 60, in using
    "name": affected_package["package"]["name"].strip(),
            ~~~~~~~~~~~~~~~~^^^^^^^^^^^
TypeError: string indices must be integers, not 'str'

I tried to debug a bit and it looked like affected_package was just a string "package" which seemed weird.

[twu]

👋 Thanks for reporting this. Could be a schema change or just a hickup. I will try to take a look at this and revisit #169 this weekend if time permits.

[twu]

@brondsem 👋 Sorry for the late reply. I'm not able to reproduce this locally, so this either was a hickup or might be a borked cache file (.skjold_cache/pypa.cache). Is this still happening? If so, you try removing the pypa.cache file and try again? Thank you :)

[brondsem]

It is working fine now. I did try removing the cache file when I first got the error, but anyway, all good now!