Closed
Description
openedon May 6, 2023
In a requirements.txt file, a dependency may be written like:
boto3==1.26.121 --hash=sha256:f87d694c351eba1dfd19b5bef5892a1047e7adb09c57c2c00049de209a8ab55d
This specifies both the package version as well as the packages hash. However, Parse mishandles this and generates:
lockfile.PackageDetails{
Name:"boto3",
Version:"1.26.121 --hash=sha256:f87d694c351eba1dfd19b5bef5892a1047e7adb09c57c2c00049de209a8ab55d",
Commit:"",
Ecosystem:"PyPI",
CompareAs:"PyPI"
}
Note how Version just contains the remainder of the line, not merely the version portion.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
