dependabot-python 0.125.4 → 0.126.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 49ee7c4f8b233552c4059517cbc4e2f5a9f59c96b0c653193108d08f7203deda
4
- data.tar.gz: e566d0569a126b9aaf6d0691e71925e4cd27c7ee51c0ea7875db5ecc88657332
3
+ metadata.gz: 02be61b09c4b08a5e5c4f05106b29f5c25521a08e82d4c319409bea3f236e780
4
+ data.tar.gz: d655bbbbfb63dc5f8881bafa2cdd1134164137a1c9c21daeef8dde2160692f6d
5
5
  SHA512:
6
- metadata.gz: '05891073c63f8f001bd9aee6cc176640b301589bf77b64c75955f3127ac6112c396a2fefc05a141e6331f1e382b86079bc76d172f9f49f56a7316ab929ad488f'
7
- data.tar.gz: 66cc41df9d682e1ddbca467472c829e8350e109c37b3d703e1e7d7b85f78f1b09f10c13abfec751263cb15ed448093925ab980ac0640e0bfe198dc2044d6a88c
6
+ metadata.gz: 977ac562de11c018e3746c895cd6a63bbb912b59e1905d1995f022c4ec851e6e24e7c9939c0116f30521bf2d1cfae08caace4871a0a3a29f620a783e844b009a
7
+ data.tar.gz: f7950906e2cc5364ec4d1f9b154f909ce58beabe666dad94df8e4fcbf10c0485a5ef6409cdbeb90d2d99269c35521287db1ae5470484e31e9f190d6bc599b187
@@ -1,9 +1,10 @@
1
- pip==20.1.1
2
- pip-tools==5.3.1
1
+ pip==20.3.1
2
+ pip-tools==5.4.0
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.1.4
7
+ wheel==0.36.1
7
8
 
8
9
  # Some dependencies will only install if Cython is present
9
10
  Cython==0.29.21
@@ -116,7 +116,7 @@ module Dependabot
116
116
  end
117
117
 
118
118
  def convert_wildcard(req_string)
119
- # Note: This isn't perfect. It replaces the "!= 1.0.*" case with
119
+ # NOTE: This isn't perfect. It replaces the "!= 1.0.*" case with
120
120
  # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
121
121
  quoted_ops = OPS.keys.sort_by(&:length).reverse.
122
122
  map { |k| Regexp.quote(k) }.join("|")
@@ -27,8 +27,8 @@ module Dependabot
27
27
  GIT_DEPENDENCY_UNREACHABLE_REGEX =
28
28
  /git clone -q (?<url>[^\s]+).* /.freeze
29
29
  GIT_REFERENCE_NOT_FOUND_REGEX =
30
- %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m.
31
- freeze
30
+ /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
31
+ NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationError: Command errored out with exit status 1"
32
32
 
33
33
  attr_reader :dependency, :dependency_files, :credentials
34
34
 
@@ -36,6 +36,7 @@ module Dependabot
36
36
  @dependency = dependency
37
37
  @dependency_files = dependency_files
38
38
  @credentials = credentials
39
+ @build_isolation = true
39
40
  end
40
41
 
41
42
  def latest_resolvable_version(requirement: nil)
@@ -72,7 +73,7 @@ module Dependabot
72
73
  # Shell out to pip-compile.
73
74
  # This is slow, as pip-compile needs to do installs.
74
75
  run_pip_compile_command(
75
- "pyenv exec pip-compile --allow-unsafe "\
76
+ "pyenv exec pip-compile --allow-unsafe -v "\
76
77
  "#{pip_compile_options(filename)} -P #{dependency.name} "\
77
78
  "#{filename}"
78
79
  )
@@ -91,10 +92,22 @@ module Dependabot
91
92
  parse_updated_files
92
93
  end
93
94
  rescue SharedHelpers::HelperSubprocessFailed => e
95
+ retry_count ||= 0
96
+ retry_count += 1
97
+
98
+ if compilation_error?(e) && retry_count <= 1
99
+ @build_isolation = false
100
+ retry
101
+ end
102
+
94
103
  handle_pip_compile_errors(e)
95
104
  end
96
105
  end
97
106
 
107
+ def compilation_error?(error)
108
+ error.message.include?(NATIVE_COMPILATION_ERROR)
109
+ end
110
+
98
111
  # rubocop:disable Metrics/AbcSize
99
112
  def handle_pip_compile_errors(error)
100
113
  if error.message.include?("Could not find a version")
@@ -162,15 +175,16 @@ module Dependabot
162
175
 
163
176
  true
164
177
  rescue SharedHelpers::HelperSubprocessFailed => e
165
- unless e.message.include?("Could not find a version") ||
166
- e.message.include?("UnsupportedConstraint")
167
- raise
178
+ # Pick the error message that includes resolvability errors, this might be the cause from
179
+ # handle_pip_compile_errors (it's unclear if we should always pick the cause here)
180
+ error_message = [e.message, e.cause&.message].compact.find do |msg|
181
+ ["UnsupportedConstraint", "Could not find a version"].any? { |err| msg.include?(err) }
168
182
  end
169
183
 
170
- msg = clean_error_message(e.message)
171
- raise if msg.empty?
184
+ cleaned_message = clean_error_message(error_message || "")
185
+ raise if cleaned_message.empty?
172
186
 
173
- raise DependencyFileNotResolvable, msg
187
+ raise DependencyFileNotResolvable, cleaned_message
174
188
  end
175
189
  end
176
190
  end
@@ -194,7 +208,7 @@ module Dependabot
194
208
  end
195
209
 
196
210
  def pip_compile_options(filename)
197
- options = ["--build-isolation"]
211
+ options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
198
212
  options += pip_compile_index_options
199
213
 
200
214
  if (requirements_file = compiled_file_for_filename(filename))
@@ -365,11 +379,21 @@ module Dependabot
365
379
  NameNormaliser.normalise(name)
366
380
  end
367
381
 
382
+ VERBOSE_ERROR_OUTPUT_LINES = [
383
+ "Traceback",
384
+ "Using indexes:",
385
+ "Current constraints:",
386
+ "Finding the best candidates:",
387
+ "Finding secondary dependencies:",
388
+ "\n",
389
+ " "
390
+ ].freeze
391
+
368
392
  def clean_error_message(message)
369
393
  msg_lines = message.lines
370
394
  msg = msg_lines.
371
395
  take_while { |l| !l.start_with?("During handling of") }.
372
- drop_while { |l| l.start_with?("Traceback", " ") }.
396
+ drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
373
397
  join.strip
374
398
 
375
399
  # Redact any URLs, as they may include credentials
@@ -39,6 +39,12 @@ module Dependabot
39
39
  UNSUPPORTED_DEP_REGEX =
40
40
  /"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
41
41
  freeze
42
+ PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\
43
+ "exceptions.InstallationError: "\
44
+ "Command \"python setup.py egg_info\" "\
45
+ "failed with error code 1 in"
46
+ PIPENV_INSTALLATION_ERROR_REGEX =
47
+ %r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze
42
48
 
43
49
  attr_reader :dependency, :dependency_files, :credentials
44
50
 
@@ -169,7 +175,6 @@ module Dependabot
169
175
  return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
170
176
  end
171
177
 
172
- puts error.message
173
178
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
174
179
  url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
175
180
  named_captures.fetch("url")
@@ -232,6 +237,10 @@ module Dependabot
232
237
  raise DependencyFileNotResolvable, msg
233
238
  end
234
239
 
240
+ # NOTE: Pipenv masks the actualy error, see this issue for updates:
241
+ # https://github.com/pypa/pipenv/issues/2791
242
+ handle_pipenv_installation_error(error.message) if error.message.match?(PIPENV_INSTALLATION_ERROR_REGEX)
243
+
235
244
  # Raise an unhandled error, as this could be a problem with
236
245
  # Dependabot's infrastructure, rather than the Pipfile
237
246
  raise
@@ -257,6 +266,19 @@ module Dependabot
257
266
  msg.gsub(/http.*?(?=\s)/, "<redacted>")
258
267
  end
259
268
 
269
+ def handle_pipenv_installation_error(error_message)
270
+ # Find the dependency that's causing resolution to fail
271
+ dependency_name = error_message.match(PIPENV_INSTALLATION_ERROR_REGEX).named_captures["name"]
272
+ raise unless dependency_name
273
+
274
+ msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system "\
275
+ "dependencies that can't be installed by Dependabot or required installation flags.\n\n"\
276
+ "Error output from running \"pipenv lock\":\n"\
277
+ "#{clean_error_message(error_message)}"
278
+
279
+ raise DependencyFileNotResolvable, msg
280
+ end
281
+
260
282
  def write_temporary_dependency_files(updated_req: nil,
261
283
  update_pipfile: true)
262
284
  dependency_files.each do |file|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.4
4
+ version: 0.126.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-17 00:00:00.000000000 Z
11
+ date: 2020-12-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.4
19
+ version: 0.126.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.4
26
+ version: 0.126.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.93.0
103
+ version: 1.6.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.93.0
110
+ version: 1.6.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.19.0
117
+ version: 0.20.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.19.0
124
+ version: 0.20.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov-console
127
127
  requirement: !ruby/object:Gem::Requirement