From eaaf348882d827d2a5236468c2fef4f04075ddf1 Mon Sep 17 00:00:00 2001 From: Daniel Trunley Date: Wed, 10 Feb 2021 14:29:09 +0000 Subject: [PATCH] fix: bump python plugin version to include multiple fixes for Poetry Bumps the python plugin to include the following fixes: - Stop parser from trying to look up packages not propagated to the lockfile (wheel, distributed, pip, setuptools) - Stop parser from failing when unable to locate dependency in lockfile and to instead log a warning. This could be because of python requirements allowing it in the manifest but not actually installing it and adding a lockfile entry or because of how Poetry treats the use of underscores and hyphens when installing packages - Reversed PR that introduced swapping underscores in manifest for hyphens in lockfile. This was due to a misunderstanding of how Poetry worked and is remediated by the above. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index bbacc9555b..9861cacdb0 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "snyk-nuget-plugin": "1.20.0", "snyk-php-plugin": "1.9.2", "snyk-policy": "1.14.1", - "snyk-python-plugin": "1.19.2", + "snyk-python-plugin": "1.19.3", "snyk-resolve": "1.0.1", "snyk-resolve-deps": "4.7.2", "snyk-sbt-plugin": "2.11.0",