dependabot-python 0.125.4 → 0.126.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02be61b09c4b08a5e5c4f05106b29f5c25521a08e82d4c319409bea3f236e780
|
|
4
|
+
data.tar.gz: d655bbbbfb63dc5f8881bafa2cdd1134164137a1c9c21daeef8dde2160692f6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 977ac562de11c018e3746c895cd6a63bbb912b59e1905d1995f022c4ec851e6e24e7c9939c0116f30521bf2d1cfae08caace4871a0a3a29f620a783e844b009a
|
|
7
|
+
data.tar.gz: f7950906e2cc5364ec4d1f9b154f909ce58beabe666dad94df8e4fcbf10c0485a5ef6409cdbeb90d2d99269c35521287db1ae5470484e31e9f190d6bc599b187
|
data/helpers/requirements.txt
CHANGED
|
@@ -116,7 +116,7 @@ module Dependabot
|
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
def convert_wildcard(req_string)
|
|
119
|
-
#
|
|
119
|
+
# NOTE: This isn't perfect. It replaces the "!= 1.0.*" case with
|
|
120
120
|
# "!= 1.0.0". There's no way to model this correctly in Ruby :'(
|
|
121
121
|
quoted_ops = OPS.keys.sort_by(&:length).reverse.
|
|
122
122
|
map { |k| Regexp.quote(k) }.join("|")
|
|
@@ -27,8 +27,8 @@ module Dependabot
|
|
|
27
27
|
GIT_DEPENDENCY_UNREACHABLE_REGEX =
|
|
28
28
|
/git clone -q (?<url>[^\s]+).* /.freeze
|
|
29
29
|
GIT_REFERENCE_NOT_FOUND_REGEX =
|
|
30
|
-
|
|
31
|
-
|
|
30
|
+
/egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
|
|
31
|
+
NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationError: Command errored out with exit status 1"
|
|
32
32
|
|
|
33
33
|
attr_reader :dependency, :dependency_files, :credentials
|
|
34
34
|
|
|
@@ -36,6 +36,7 @@ module Dependabot
|
|
|
36
36
|
@dependency = dependency
|
|
37
37
|
@dependency_files = dependency_files
|
|
38
38
|
@credentials = credentials
|
|
39
|
+
@build_isolation = true
|
|
39
40
|
end
|
|
40
41
|
|
|
41
42
|
def latest_resolvable_version(requirement: nil)
|
|
@@ -72,7 +73,7 @@ module Dependabot
|
|
|
72
73
|
# Shell out to pip-compile.
|
|
73
74
|
# This is slow, as pip-compile needs to do installs.
|
|
74
75
|
run_pip_compile_command(
|
|
75
|
-
"pyenv exec pip-compile --allow-unsafe "\
|
|
76
|
+
"pyenv exec pip-compile --allow-unsafe -v "\
|
|
76
77
|
"#{pip_compile_options(filename)} -P #{dependency.name} "\
|
|
77
78
|
"#{filename}"
|
|
78
79
|
)
|
|
@@ -91,10 +92,22 @@ module Dependabot
|
|
|
91
92
|
parse_updated_files
|
|
92
93
|
end
|
|
93
94
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
95
|
+
retry_count ||= 0
|
|
96
|
+
retry_count += 1
|
|
97
|
+
|
|
98
|
+
if compilation_error?(e) && retry_count <= 1
|
|
99
|
+
@build_isolation = false
|
|
100
|
+
retry
|
|
101
|
+
end
|
|
102
|
+
|
|
94
103
|
handle_pip_compile_errors(e)
|
|
95
104
|
end
|
|
96
105
|
end
|
|
97
106
|
|
|
107
|
+
def compilation_error?(error)
|
|
108
|
+
error.message.include?(NATIVE_COMPILATION_ERROR)
|
|
109
|
+
end
|
|
110
|
+
|
|
98
111
|
# rubocop:disable Metrics/AbcSize
|
|
99
112
|
def handle_pip_compile_errors(error)
|
|
100
113
|
if error.message.include?("Could not find a version")
|
|
@@ -162,15 +175,16 @@ module Dependabot
|
|
|
162
175
|
|
|
163
176
|
true
|
|
164
177
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
178
|
+
# Pick the error message that includes resolvability errors, this might be the cause from
|
|
179
|
+
# handle_pip_compile_errors (it's unclear if we should always pick the cause here)
|
|
180
|
+
error_message = [e.message, e.cause&.message].compact.find do |msg|
|
|
181
|
+
["UnsupportedConstraint", "Could not find a version"].any? { |err| msg.include?(err) }
|
|
168
182
|
end
|
|
169
183
|
|
|
170
|
-
|
|
171
|
-
raise if
|
|
184
|
+
cleaned_message = clean_error_message(error_message || "")
|
|
185
|
+
raise if cleaned_message.empty?
|
|
172
186
|
|
|
173
|
-
raise DependencyFileNotResolvable,
|
|
187
|
+
raise DependencyFileNotResolvable, cleaned_message
|
|
174
188
|
end
|
|
175
189
|
end
|
|
176
190
|
end
|
|
@@ -194,7 +208,7 @@ module Dependabot
|
|
|
194
208
|
end
|
|
195
209
|
|
|
196
210
|
def pip_compile_options(filename)
|
|
197
|
-
options = ["--build-isolation"]
|
|
211
|
+
options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
|
|
198
212
|
options += pip_compile_index_options
|
|
199
213
|
|
|
200
214
|
if (requirements_file = compiled_file_for_filename(filename))
|
|
@@ -365,11 +379,21 @@ module Dependabot
|
|
|
365
379
|
NameNormaliser.normalise(name)
|
|
366
380
|
end
|
|
367
381
|
|
|
382
|
+
VERBOSE_ERROR_OUTPUT_LINES = [
|
|
383
|
+
"Traceback",
|
|
384
|
+
"Using indexes:",
|
|
385
|
+
"Current constraints:",
|
|
386
|
+
"Finding the best candidates:",
|
|
387
|
+
"Finding secondary dependencies:",
|
|
388
|
+
"\n",
|
|
389
|
+
" "
|
|
390
|
+
].freeze
|
|
391
|
+
|
|
368
392
|
def clean_error_message(message)
|
|
369
393
|
msg_lines = message.lines
|
|
370
394
|
msg = msg_lines.
|
|
371
395
|
take_while { |l| !l.start_with?("During handling of") }.
|
|
372
|
-
drop_while { |l| l.start_with?(
|
|
396
|
+
drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
|
|
373
397
|
join.strip
|
|
374
398
|
|
|
375
399
|
# Redact any URLs, as they may include credentials
|
|
@@ -39,6 +39,12 @@ module Dependabot
|
|
|
39
39
|
UNSUPPORTED_DEP_REGEX =
|
|
40
40
|
/"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
|
|
41
41
|
freeze
|
|
42
|
+
PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\
|
|
43
|
+
"exceptions.InstallationError: "\
|
|
44
|
+
"Command \"python setup.py egg_info\" "\
|
|
45
|
+
"failed with error code 1 in"
|
|
46
|
+
PIPENV_INSTALLATION_ERROR_REGEX =
|
|
47
|
+
%r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze
|
|
42
48
|
|
|
43
49
|
attr_reader :dependency, :dependency_files, :credentials
|
|
44
50
|
|
|
@@ -169,7 +175,6 @@ module Dependabot
|
|
|
169
175
|
return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
|
|
170
176
|
end
|
|
171
177
|
|
|
172
|
-
puts error.message
|
|
173
178
|
if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
|
|
174
179
|
url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
|
|
175
180
|
named_captures.fetch("url")
|
|
@@ -232,6 +237,10 @@ module Dependabot
|
|
|
232
237
|
raise DependencyFileNotResolvable, msg
|
|
233
238
|
end
|
|
234
239
|
|
|
240
|
+
# NOTE: Pipenv masks the actualy error, see this issue for updates:
|
|
241
|
+
# https://github.com/pypa/pipenv/issues/2791
|
|
242
|
+
handle_pipenv_installation_error(error.message) if error.message.match?(PIPENV_INSTALLATION_ERROR_REGEX)
|
|
243
|
+
|
|
235
244
|
# Raise an unhandled error, as this could be a problem with
|
|
236
245
|
# Dependabot's infrastructure, rather than the Pipfile
|
|
237
246
|
raise
|
|
@@ -257,6 +266,19 @@ module Dependabot
|
|
|
257
266
|
msg.gsub(/http.*?(?=\s)/, "<redacted>")
|
|
258
267
|
end
|
|
259
268
|
|
|
269
|
+
def handle_pipenv_installation_error(error_message)
|
|
270
|
+
# Find the dependency that's causing resolution to fail
|
|
271
|
+
dependency_name = error_message.match(PIPENV_INSTALLATION_ERROR_REGEX).named_captures["name"]
|
|
272
|
+
raise unless dependency_name
|
|
273
|
+
|
|
274
|
+
msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system "\
|
|
275
|
+
"dependencies that can't be installed by Dependabot or required installation flags.\n\n"\
|
|
276
|
+
"Error output from running \"pipenv lock\":\n"\
|
|
277
|
+
"#{clean_error_message(error_message)}"
|
|
278
|
+
|
|
279
|
+
raise DependencyFileNotResolvable, msg
|
|
280
|
+
end
|
|
281
|
+
|
|
260
282
|
def write_temporary_dependency_files(updated_req: nil,
|
|
261
283
|
update_pipfile: true)
|
|
262
284
|
dependency_files.each do |file|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.126.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.126.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.126.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 1.6.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 1.6.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.20.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.20.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov-console
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|