Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Crash on `package @ git+...` dependencies
See original GitHub issueBug description
Using package @ git+... dependencies crashes pip-audit with a traceback, when I’d expect it to output the usual report with those packages listed by name and skip-reason if unauditable.
Reproduction steps
# Some packages exist, and all is well
shed == 0.10.5
# Others *don't* exist or can't be fetched, that's reported nicely
this_might_exist_off_pypi == 0.0.1
# But if you have this awful kind of dep, you'll get a traceback!
hypothesis @ git+https://github.com/HypothesisWorks/hypothesis.git@bb6b55ad8d#subdirectory=hypothesis-python
pip-audit --no-deps -r requirements.txt
Platform information
- OS name and version: macOS Monterey
pip-auditversion (pip-audit -V):pip-audit 2.4.4- Python version (
python -Vorpython3 -V):Python 3.10.6 pipversion (pip -Vorpip3 -V):pip 22.3
Issue Analytics
- State:
- Created a year ago
- Comments:14 (12 by maintainers)
Top Results From Across the Web
SwiftPM cannot resolve package dependencies and crashes ...
Hello! When I add a specific dependency to my Package.swift (GitHub - hectr/swift-http-client: [wip] Declarative HTTP endpoints for Swift) ...
Read more >Running 'swift build' crashes with segmentation fault when ...
Running 'swift build' crashes with segmentation fault when dependency name equals project's name ; import PackageDescription let ; Package( name: ...
Read more >Git dependencies - Unity - Manual
Git dependencies. When the Package Manager fetches a package from a Git repository, it adds the package locally to your project.
Read more >Package management basics - Learn web development | MDN
In addition, package managers handle duplicate dependencies ... or lock certain packages), GitHub also offers a package registry service, ...
Read more >Editing a package dependency as a local package
Overview · Check out your package dependency's source code from its Git repository. · Open your app's Xcode project or workspace. · Select...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I just confirmed that
pip install --no-deps -r requirements.txtdoes install a VCS dependency but skips its subdependencies, so https://github.com/pypa/pip-audit/issues/382#issuecomment-1297260688 is probably the closest appropriate behavior here. I’ll adjust the PR.Did some digging here, and it looks like this error only happens with
--no-deps. I think that’s why @di couldn’t repro it.In particular, it looks like it happens because
--no-depsrequires every dependency to be fully pinned, but the URL-style requirement you’re providing doesn’t include a version specification.In other words, this:
should be this:
…however, that still fails with the same error, which makes me think it might be a bug in our requirements parser. Will continue looking.