gemnasium-python gets "ImportError: cannot import name 'get_installed_distributions'" on pip>=21.3
Summary
Using template: Security/Dependency-Scanning.gitlab-ci.ym
in project .gitlab-ci.yml
file fails to run due to attempting to use outdated pip
function get_installed_distributions()
.
Steps to reproduce
- Add
template: Security/Dependency-Scanning.gitlab-ci.yml
to yourinclude
section in your.gitlab-ci.yml
file. - Have an item similar to
python3 -m pip install --upgrade pip
inbefore_script
or elsewhere that means that you will have the most recent version ofpip
installed. - Have pipeline run.
Example Project
service.listenbrainz is where the bug was observed.
What is the current bug behavior?
Job fails.
What is the expected correct behavior?
Job doesn’t fail.
Relevant logs and/or screenshots
See https://gitlab.com/Freso/service.listenbrainz/-/jobs/1672852657 for log.
Output of checks
This bug happens on GitLab.com
Possible fixes
Update the used version of pipdeptree
to 2.2.0 which includes the fix for old pip
call.
Edited by Olivier Gonzalez