dependabot-python 0.125.6 → 0.127.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +3 -2
  3. data/lib/dependabot/python/requirement.rb +1 -1
  4. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +28 -5
  5. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -1
  6. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e7961c9171af4382c7e680aae485124295f7cec0e7b49fa8d25028a65c092c6f
4
- data.tar.gz: b84f1b200e407f41fadf21404107ce43adb4524381cca644eea380a5e9adef23
3
+ metadata.gz: 3588d18ba10f4fd3167a3628feacb61a99373e1e9672ccc19e56636d5f7abcd5
4
+ data.tar.gz: 2b019b8cca8dd3cc9591f0ed6a7aa1969c053094b47151b100382b26e460dd05
5
5
  SHA512:
6
- metadata.gz: b811806ef5e299be4c9fffc2efbb247e5501b54b2f7486d6448c2ab858b38e7dda0922557e4c76973abfccedf2864f0a85142027556970541a6402c38faa20f4
7
- data.tar.gz: 436d03634257d3da1440f1cc5b92b797c305e4e730e6ba3c469f4e8f0f0a48567fc7aea2aa3d77c74d5d929173082a4b7d10e06383c7469e2dc7def5bce85199
6
+ metadata.gz: 2b4f8ff91fcc256b3469e251de2da3325818ac03ce84748a415460dcf74174107c5b9103ac2a54c40f84cee1c2cad0d0ea8d0f4df1fa88c3b04ded4958a649e3
7
+ data.tar.gz: 8899592e97f4fdb858c92b5b858a22278ef58d81ee96af5d06ef85cf34b9023cfd2375cbebdaf343772044ce1d68d276630d7f546118a8f7cb3c7f9918959bda
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,10 @@
1
- pip==20.1.1
2
- pip-tools==5.3.1
1
+ pip==20.3.1
2
+ pip-tools==5.4.0
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.1.4
7
+ wheel==0.36.2
7
8
 
8
9
  # Some dependencies will only install if Cython is present
9
10
  Cython==0.29.21
data/lib/dependabot/python/requirement.rb CHANGED
@@ -116,7 +116,7 @@ module Dependabot
116
116
  end
117
117
 
118
118
  def convert_wildcard(req_string)
119
- # Note: This isn't perfect. It replaces the "!= 1.0.*" case with
119
+ # NOTE: This isn't perfect. It replaces the "!= 1.0.*" case with
120
120
  # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
121
121
  quoted_ops = OPS.keys.sort_by(&:length).reverse.
122
122
  map { |k| Regexp.quote(k) }.join("|")
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -27,8 +27,8 @@ module Dependabot
27
27
  GIT_DEPENDENCY_UNREACHABLE_REGEX =
28
28
  /git clone -q (?<url>[^\s]+).* /.freeze
29
29
  GIT_REFERENCE_NOT_FOUND_REGEX =
30
- %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m.
31
- freeze
30
+ /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
31
+ NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationError: Command errored out with exit status 1"
32
32
 
33
33
  attr_reader :dependency, :dependency_files, :credentials
34
34
 
@@ -36,6 +36,7 @@ module Dependabot
36
36
  @dependency = dependency
37
37
  @dependency_files = dependency_files
38
38
  @credentials = credentials
39
+ @build_isolation = true
39
40
  end
40
41
 
41
42
  def latest_resolvable_version(requirement: nil)
@@ -72,7 +73,7 @@ module Dependabot
72
73
  # Shell out to pip-compile.
73
74
  # This is slow, as pip-compile needs to do installs.
74
75
  run_pip_compile_command(
75
- "pyenv exec pip-compile --allow-unsafe "\
76
+ "pyenv exec pip-compile --allow-unsafe -v "\
76
77
  "#{pip_compile_options(filename)} -P #{dependency.name} "\
77
78
  "#{filename}"
78
79
  )
@@ -91,10 +92,22 @@ module Dependabot
91
92
  parse_updated_files
92
93
  end
93
94
  rescue SharedHelpers::HelperSubprocessFailed => e
95
+ retry_count ||= 0
96
+ retry_count += 1
97
+
98
+ if compilation_error?(e) && retry_count <= 1
99
+ @build_isolation = false
100
+ retry
101
+ end
102
+
94
103
  handle_pip_compile_errors(e)
95
104
  end
96
105
  end
97
106
 
107
+ def compilation_error?(error)
108
+ error.message.include?(NATIVE_COMPILATION_ERROR)
109
+ end
110
+
98
111
  # rubocop:disable Metrics/AbcSize
99
112
  def handle_pip_compile_errors(error)
100
113
  if error.message.include?("Could not find a version")
@@ -195,7 +208,7 @@ module Dependabot
195
208
  end
196
209
 
197
210
  def pip_compile_options(filename)
198
- options = ["--build-isolation"]
211
+ options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
199
212
  options += pip_compile_index_options
200
213
 
201
214
  if (requirements_file = compiled_file_for_filename(filename))
@@ -366,11 +379,21 @@ module Dependabot
366
379
  NameNormaliser.normalise(name)
367
380
  end
368
381
 
382
+ VERBOSE_ERROR_OUTPUT_LINES = [
383
+ "Traceback",
384
+ "Using indexes:",
385
+ "Current constraints:",
386
+ "Finding the best candidates:",
387
+ "Finding secondary dependencies:",
388
+ "\n",
389
+ " "
390
+ ].freeze
391
+
369
392
  def clean_error_message(message)
370
393
  msg_lines = message.lines
371
394
  msg = msg_lines.
372
395
  take_while { |l| !l.start_with?("During handling of") }.
373
- drop_while { |l| l.start_with?("Traceback", " ") }.
396
+ drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
374
397
  join.strip
375
398
 
376
399
  # Redact any URLs, as they may include credentials
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -39,6 +39,12 @@ module Dependabot
39
39
  UNSUPPORTED_DEP_REGEX =
40
40
  /"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
41
41
  freeze
42
+ PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\
43
+ "exceptions.InstallationError: "\
44
+ "Command \"python setup.py egg_info\" "\
45
+ "failed with error code 1 in"
46
+ PIPENV_INSTALLATION_ERROR_REGEX =
47
+ %r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze
42
48
 
43
49
  attr_reader :dependency, :dependency_files, :credentials
44
50
 
@@ -169,7 +175,6 @@ module Dependabot
169
175
  return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
170
176
  end
171
177
 
172
- puts error.message
173
178
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
174
179
  url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
175
180
  named_captures.fetch("url")
@@ -232,6 +237,10 @@ module Dependabot
232
237
  raise DependencyFileNotResolvable, msg
233
238
  end
234
239
 
240
+ # NOTE: Pipenv masks the actualy error, see this issue for updates:
241
+ # https://github.com/pypa/pipenv/issues/2791
242
+ handle_pipenv_installation_error(error.message) if error.message.match?(PIPENV_INSTALLATION_ERROR_REGEX)
243
+
235
244
  # Raise an unhandled error, as this could be a problem with
236
245
  # Dependabot's infrastructure, rather than the Pipfile
237
246
  raise
@@ -257,6 +266,19 @@ module Dependabot
257
266
  msg.gsub(/http.*?(?=\s)/, "<redacted>")
258
267
  end
259
268
 
269
+ def handle_pipenv_installation_error(error_message)
270
+ # Find the dependency that's causing resolution to fail
271
+ dependency_name = error_message.match(PIPENV_INSTALLATION_ERROR_REGEX).named_captures["name"]
272
+ raise unless dependency_name
273
+
274
+ msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system "\
275
+ "dependencies that can't be installed by Dependabot or required installation flags.\n\n"\
276
+ "Error output from running \"pipenv lock\":\n"\
277
+ "#{clean_error_message(error_message)}"
278
+
279
+ raise DependencyFileNotResolvable, msg
280
+ end
281
+
260
282
  def write_temporary_dependency_files(updated_req: nil,
261
283
  update_pipfile: true)
262
284
  dependency_files.each do |file|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.6
4
+ version: 0.127.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-27 00:00:00.000000000 Z
11
+ date: 2020-12-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.6
19
+ version: 0.127.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.6
26
+ version: 0.127.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.93.0
103
+ version: 1.6.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.93.0
110
+ version: 1.6.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.19.0
117
+ version: 0.20.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.19.0
124
+ version: 0.20.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov-console
127
127
  requirement: !ruby/object:Gem::Requirement