https://github.com/exasol/python-toolbox/actions/runs/26383375619
Problem
Run set -o pipefail
Using version ^1.10.0 for poetry-plugin-export
Updating dependencies
Resolving dependencies...
No dependencies to install or update
Writing lock file
nox > Running session dependency:audit
nox > Session dependency:audit was successful in 22 seconds.
[]
jq: parse error: Invalid numeric literal at line 1, column 4
Error: Process completed with exit code 5.
Locally running the command:
[arsc@hw4562]~/Code/python-toolbox% poetry run -- nox -s dependency:audit 2>&1 | tee vulnerabilities.json
nox > Running session dependency:audit
nox > Session dependency:audit was successful in 6 seconds.
[]
[arsc@hw4562]~/Code/python-toolbox% LENGTH=$(jq 'length' vulnerabilities.json)
jq: parse error: Invalid numeric literal at line 1, column 4
[arsc@hw4562]~/Code/python-toolbox% more vulnerabilities.json
nox > Running session dependency:audit
nox > Session dependency:audit was successful in 6 seconds.
[]
Solution
When empty:
[arsc@hw4562]~/Code/python-toolbox% poetry run -- nox -s dependency:audit 2>&1 | tee /dev/stderr | sed -n '/^\[/,$p' > vulnerabilities.json
nox > Running session dependency:audit
nox > Session dependency:audit was successful in a second.
[]
[arsc@hw4562]~/Code/python-toolbox% more vulnerabilities.jso
[]
After introducing a pytest vulnerability:
[arsc@hw4562]~/Code/python-toolbox% poetry run -- nox -s dependency:audit 2>&1 | tee /dev/stderr | sed -n '/^\[/,$p' > vulnerabilities.json
nox > Running session dependency:audit
nox > Session dependency:audit was successful in a second.
[
{
"name": "pytest",
"version": "8.4.2",
"refs": [
"CVE-2025-71176",
"GHSA-6w46-j5rx-g56g"
],
"description": "pytest through 9.0.2 on UNIX relies on directories with the `/tmp/pytest-of-{user}` name pattern, which allows local users to cause a denial of service or possibly gain privileges.",
"coordinates": "pytest:8.4.2",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-71176",
"https://github.com/advisories/GHSA-6w46-j5rx-g56g"
]
}
]
[arsc@hw4562]~/Code/python-toolbox% more vulnerabilities.json
[
{
"name": "pytest",
"version": "8.4.2",
"refs": [
"CVE-2025-71176",
"GHSA-6w46-j5rx-g56g"
],
"description": "pytest through 9.0.2 on UNIX relies on directories with the `/tmp/pytest-of-{user}` name pattern
, which allows local users to cause a denial of service or possibly gain privileges.",
"coordinates": "pytest:8.4.2",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-71176",
"https://github.com/advisories/GHSA-6w46-j5rx-g56g"
]
}
]
https://github.com/exasol/python-toolbox/actions/runs/26383375619
Problem
Locally running the command:
Solution
When empty:
After introducing a pytest vulnerability: