Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Bump of packaging-21.3 to packaging-22.0 breaks cyclonedx-python

See original GitHub issue
Traceback (most recent call last):
  File "sources/env/bin/cyclonedx-py", line 5, in <module>
    from cyclonedx_py.client import main
  File "sources/env/lib/python3.10/site-packages/cyclonedx_py/client.py", line 37, in <module>
    from .parser.requirements import RequirementsParser
  File "sources/env/lib/python3.10/site-packages/cyclonedx_py/parser/requirements.py", line 31, in <module>
    from pip_requirements_parser import RequirementsFile  # type: ignore
  File "sources/env/lib/python3.10/site-packages/pip_requirements_parser.py", line 73, in <module>
    from packaging.version import LegacyVersion
ImportError: cannot import name 'LegacyVersion' from 'packaging.version' (sources/env/lib/python3.10/site-packages/packaging/version.py)

Issue Analytics

  • State:closed
  • Created 9 months ago
  • Reactions:5
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
jkowalleckcommented, Dec 11, 2022

thank you all for the input and your work.

a fix was released via v3.7.3

0reactions
jkowalleckcommented, Dec 11, 2022

re: https://github.com/CycloneDX/cyclonedx-python/issues/449#issuecomment-1345420178

why upgrade pip-requirements-parser==32.0.0? This project clearly defines:

install_requires = \
['cyclonedx-python-lib>=2.0.0,<4.0.0',
 'packageurl-python>=0.9',
 'pip-requirements-parser>=31.2.0,<32.0.0',
 'setuptools>=47.0.0',
 'toml>=0.10.0,<0.11.0']

This package here is one of many downstream users of pip-requirements-parser. If pip-requirements-parser had errors, then they need to fix their own dependencies in a 31.X.Y release - where they missed their dependency goals. Go to https://github.com/nexB/pip-requirements-parser/issues and ask to the needed backport of the pinning to a new patched version 31.2.1.

anyways, i will try to prep a version that works with pip-requirements-parser: ^32

Read more comments on GitHub >

github_iconTop Results From Across the Web

cyclonedx-python/pyproject.toml at master - GitHub
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects ... https://packaging.python.org/specifications/core-metadata/#metadata-classifier.
Read more >
Software Bill of Materials for next Python release
CycloneDx by OWASP provides excellent tools to construct SBOMs for wide ... Initially, I meant it for Python packaging but since SBOM is ......
Read more >
conda-forge - :: Anaconda.org
A software package for algebraic, geometric and combinatorial problems... 7za, 9.20, LGPL, X, A file archiver with a high compression ratio. 7zip, 19.00 ......
Read more >
cyclonedx-python-lib 0.5.0 - PyPI
A library for producing CycloneDX SBOM (Software Bill of Materials) files. ... Looks at the packaged installed in your current Python environment.
Read more >
NixOS - DistroWatch.com
Nix stores all packages in isolation from each other; as a result there are no /bin, ... activate-linux-unstable-2022-05-22 ... cyclonedx-python-0.4.3
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Documentation for makeBom and makeAggregateBom

Next page

[POETRY] option to omit dev-requirements