Naive parsing of python's requirements.txt

[lcarva]

What happened?

Given this requirements.txt file, both the stack and the component commands incorrectly report version mismatches, e.g.:

Error: Can't continue with analysis - versions mismatch for dependency name 
aiohappyeyeballs (manifest version=2.6.1 \, installed version=2.6.1).

Notice the extra \ in the manifest version. Relevant snippet from the requirements.txt file:

aiohappyeyeballs==2.6.1 \
    --hash=sha256:c3f9d0113123803ccadfdf3f0faa505bc78e6a72d1cc4806cbd719826e943558 \
    --hash=sha256:f349ba8f4b75cb25c99c5c2d84e997e485204d2902a9597802b0371f09331fb8

In this case, the version should be parsed as 2.6.1.

I regenerated the file to omit the hashes, and thus the extraneous \ value from the line. It got past most of the dependencies, until it hit this line in the requirements.txt file:

async-timeout==5.0.1 ; python_full_version < '3.11'
    # via aiohttp

Yielding this error:

Can't continue with analysis - versions mismatch for dependency name 
async-timeout (manifest version=5.0.1 ; python_full_version < '3.11', installed version=5.0.1)

Notice the manifest version is detected as: 5.0.1 ; python_full_version < '3.11'

Please provide runtime information.

0.2.4-ea.5

Relevant log output

How can this issue be reproduced?

No response

[lcarva]

A simple fix could be to take the detected version, split by white-space, and pick the first part. That should probably work in all cases.