dependabot-python 0.151.0 → 0.154.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e1ebd5363f48b8aa6700cf2dfeab4bd2f7b641bbb823a6d0f629f7849ba796a
-  data.tar.gz: 55180e429ff39be0b1ea487067b093e8915499440b49562f26601b3111d0ab3e
+  metadata.gz: 96822f8056b88b0fe714b21adaad60b9ece71112181ac6a6eb88a3900954f8f3
+  data.tar.gz: 89b411f717f6bf73716d8a7fbfbc4eb2d353b2932dab32fb4ac031b3b634ce25
 SHA512:
-  metadata.gz: be2d0d7e8418ead76f5d425ceca90a95de6efb0733d30357ddf0e0245c0fe8c5e89ea0be8d2bf5a8cac442b62b0b96e1efc7f8c7073f00eef211d1cd54e82a87
-  data.tar.gz: 9b2d1eae918fd4bfbf26ad7264d9ae28e9a6dd62cae88e3e617a50ba8a9f8eab16bc46fd7c1ebda99105ebe800040a46c9b5eceedf567754121a3cc5cb9e0723
+  metadata.gz: 1c48907b9bd676958f08be8622af8ffbc75064a65b183436e3fecfbb7893fd4a277c8cf9161eb5e6376abb8194b5e042b9ace6fd79150659a81e9e88ff820f31
+  data.tar.gz: ab4d10ca90948cef155a993b85e5a7e42f7c20a2fd85464f123fb715eb0c16d6f0ad7f81569bceffa6f74ef69dba20238b345812c4c4aeaeb676689441f16b4f

data/helpers/build

@@ -16,10 +16,9 @@ cp -r \
   "$install_dir"
 
 cd "$install_dir"
-PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
-PYENV_VERSION=3.9.4  pyenv exec pip install -r "requirements.txt"
+PYENV_VERSION=3.9.5  pyenv exec pip install -r "requirements.txt"
 
 # Workaround of https://github.com/python-poetry/poetry/issues/3010
 # By default poetry config file is stored under ~/.config/pypoetry
 # and is not bound to any specific Python version
-PYENV_VERSION=3.9.4 pyenv exec poetry config experimental.new-installer false
+PYENV_VERSION=3.9.5 pyenv exec poetry config experimental.new-installer false

data/helpers/requirements.txt

@@ -1,8 +1,8 @@
-pip==20.3.3
-pip-tools==5.5.0
+pip==21.1.2
+pip-tools==6.1.0
 flake8==3.9.2
 hashin==0.15.0
-pipenv==2018.11.26
+pipenv==2021.5.29
 pipfile==0.0.2
 poetry==1.1.6
 wheel==0.36.2

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -170,24 +170,6 @@ module Dependabot
             command,
             allow_unsafe_shell_command: allow_unsafe_shell_command
           )
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          original_error ||= e
-          msg = e.message
-
-          relevant_error =
-            if error_suggests_bad_python_version?(msg) then original_error
-            else e
-            end
-
-          raise relevant_error unless error_suggests_bad_python_version?(msg)
-          raise relevant_error if user_specified_python_version
-          raise relevant_error if python_version == "2.7.18"
-
-          @python_version = "2.7.18"
-          retry
-        ensure
-          @python_version = nil
-          FileUtils.remove_entry(".python-version", true)
         end
 
         def python_env
@@ -205,14 +187,6 @@ module Dependabot
           env
         end
 
-        def error_suggests_bad_python_version?(message)
-          return true if message.include?("UnsupportedPythonVersion")
-          return true if message.include?("not find a version that satisfies")
-
-          message.include?('Command "python setup.py egg_info" failed') ||
-            message.include?("exit status 1: python setup.py egg_info")
-        end
-
         def write_updated_dependency_files
           dependency_files.each do |file|
             path = file.name
@@ -436,7 +410,7 @@ module Dependabot
         def pip_compile_options_from_compiled_file(requirements_file)
           options = ["--output-file=#{requirements_file.name}"]
 
-          options << "--no-index" unless requirements_file.content.include?("index-url http")
+          options << "--no-emit-index-url" unless requirements_file.content.include?("index-url http")
 
           options << "--generate-hashes" if requirements_file.content.include?("--hash=sha")
 

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -264,34 +264,6 @@ module Dependabot
         def run_pipenv_command(command, env: pipenv_env_variables)
           run_command("pyenv local #{python_version}")
           run_command(command, env: env)
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          original_error ||= e
-          msg = e.message
-
-          relevant_error =
-            if error_suggests_bad_python_version?(msg) then original_error
-            else e
-            end
-
-          raise relevant_error unless error_suggests_bad_python_version?(msg)
-          raise relevant_error if python_version.start_with?("2")
-
-          # Clear the existing virtualenv, so that we use the new Python version
-          run_command("pyenv local #{python_version}")
-          run_command("pyenv exec pipenv --rm")
-
-          @python_version = "2.7.18"
-          retry
-        ensure
-          @python_version = nil
-          FileUtils.remove_entry(".python-version", true)
-        end
-
-        def error_suggests_bad_python_version?(message)
-          return true if message.include?("UnsupportedPythonVersion")
-
-          message.include?('Command "python setup.py egg_info" failed') ||
-            message.include?("exit status 1: python setup.py egg_info")
         end
 
         def write_temporary_dependency_files(pipfile_content)

data/lib/dependabot/python/python_versions.rb

@@ -4,25 +4,24 @@ module Dependabot
   module Python
     module PythonVersions
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.9.4 2.7.18
+        3.9.5
       ).freeze
 
       # Due to an OpenSSL issue we can only install the following versions in
       # the Dependabot container.
       SUPPORTED_VERSIONS = %w(
-        3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
-        3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
+        3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
+        3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
         3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
         3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
         3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
-        2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
       ).freeze
 
       # This list gets iterated through to find a valid version, so we have
-      # the two pre-installed versions listed first.
+      # the pre-installed versions listed first.
       SUPPORTED_VERSIONS_TO_ITERATE =
         [
-          *PRE_INSTALLED_PYTHON_VERSIONS.select { |v| v.start_with?("3") },
+          *PRE_INSTALLED_PYTHON_VERSIONS,
           *SUPPORTED_VERSIONS
         ].freeze
     end

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -28,7 +28,8 @@ module Dependabot
           /git clone -q (?<url>[^\s]+).* /.freeze
         GIT_REFERENCE_NOT_FOUND_REGEX =
           /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
-        NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationError: Command errored out with exit status 1"
+        NATIVE_COMPILATION_ERROR =
+          "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
 
         attr_reader :dependency, :dependency_files, :credentials
 
@@ -141,18 +142,18 @@ module Dependabot
             return nil
           end
 
-          if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
-                  named_captures.fetch("url")
-            raise GitDependenciesNotReachable, url
-          end
-
           if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
             name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
                    named_captures.fetch("name")
             raise GitDependencyReferenceNotFound, name
           end
 
+          if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
+                  named_captures.fetch("url")
+            raise GitDependenciesNotReachable, url
+          end
+
           raise
         end
 
@@ -235,35 +236,6 @@ module Dependabot
         def run_pip_compile_command(command)
           run_command("pyenv local #{python_version}")
           run_command(command)
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          original_err ||= e
-          msg = e.message
-
-          relevant_error = choose_relevant_error(original_err, e)
-          raise relevant_error unless error_suggests_bad_python_version?(msg)
-          raise relevant_error if user_specified_python_version
-          raise relevant_error if python_version == "2.7.18"
-
-          @python_version = "2.7.18"
-          retry
-        ensure
-          @python_version = nil
-          FileUtils.remove_entry(".python-version", true)
-        end
-
-        def choose_relevant_error(previous_error, new_error)
-          return previous_error if previous_error == new_error
-
-          # If the previous error was definitely due to using the wrong Python
-          # version, return the new error (which can't be worse)
-          return new_error if error_certainly_bad_python_version?(previous_error.message)
-
-          # Otherwise, if the new error may be due to using the wrong Python
-          # version, return the old error (which can't be worse)
-          return previous_error if error_suggests_bad_python_version?(new_error.message)
-
-          # Otherwise, default to the new error
-          new_error
         end
 
         def python_env
@@ -292,15 +264,6 @@ module Dependabot
           message.include?("SyntaxError")
         end
 
-        def error_suggests_bad_python_version?(message)
-          return true if error_certainly_bad_python_version?(message)
-          return true if message.include?("not find a version that satisfies")
-          return true if message.include?("No matching distribution found")
-
-          message.include?('Command "python setup.py egg_info" failed') ||
-            message.include?("exit status 1: python setup.py egg_info")
-        end
-
         def write_temporary_dependency_files(updated_req: nil,
                                              update_requirement: true)
           dependency_files.each do |file|

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -16,7 +16,6 @@ require "dependabot/python/native_helpers"
 require "dependabot/python/name_normaliser"
 require "dependabot/python/version"
 
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   module Python
     class UpdateChecker
@@ -35,16 +34,14 @@ module Dependabot
         GIT_REFERENCE_NOT_FOUND_REGEX =
           %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m.
           freeze
-        UNSUPPORTED_DEPS = %w(pyobjc).freeze
-        UNSUPPORTED_DEP_REGEX =
-          /"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
-          freeze
-        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\
-                                    "exceptions.InstallationError: "\
-                                    "Command \"python setup.py egg_info\" "\
-                                    "failed with error code 1 in"
+        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out"\
+                                    " with exit status 1: python setup.py egg_info"
+        TRACEBACK = "Traceback (most recent call last):"
         PIPENV_INSTALLATION_ERROR_REGEX =
-          %r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze
+          /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.
+          freeze
+        UNSUPPORTED_DEP_REGEX = /(?:pyobjc)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.freeze
+        PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze
 
         attr_reader :dependency, :dependency_files, :credentials
 
@@ -151,9 +148,19 @@ module Dependabot
             raise DependencyFileNotResolvable, msg
           end
 
-          if error.message.include?("Could not find a version") ||
-             error.message.include?("is not a python version")
-            check_original_requirements_resolvable
+          if error.message.match?(PIPENV_RANGE_WARNING)
+            msg = "Pipenv does not support specifying Python ranges "\
+              "(see https://github.com/pypa/pipenv/issues/1050 for more "\
+              "details)."
+            raise DependencyFileNotResolvable, msg
+          end
+
+          check_original_requirements_resolvable if error.message.include?("Could not find a version")
+
+          if error.message.include?("SyntaxError: invalid syntax")
+            raise DependencyFileNotResolvable,
+                  "SyntaxError while installing dependencies. Is one of the dependencies not Python 3 compatible? "\
+                  "Pip v21 no longer supports Python 2."
           end
 
           if (error.message.include?('Command "python setup.py egg_info"') ||
@@ -221,13 +228,6 @@ module Dependabot
             raise DependencyFileNotResolvable, msg
           end
 
-          if error.message.include?("is not a python version")
-            msg = "Pipenv does not support specifying Python ranges "\
-              "(see https://github.com/pypa/pipenv/issues/1050 for more "\
-              "details)."
-            raise DependencyFileNotResolvable, msg
-          end
-
           if error.message.include?("UnsupportedPythonVersion") &&
              user_specified_python_requirement
             msg = clean_error_message(error.message).
@@ -465,36 +465,6 @@ module Dependabot
         def run_pipenv_command(command, env: pipenv_env_variables)
           run_command("pyenv local #{python_version}")
           run_command(command, env: env)
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          original_error ||= e
-          msg = e.message
-
-          relevant_error =
-            if may_be_using_wrong_python_version?(msg) then original_error
-            else e
-            end
-
-          raise relevant_error unless may_be_using_wrong_python_version?(msg)
-          raise relevant_error if python_version.start_with?("2")
-
-          # Clear the existing virtualenv, so that we use the new Python version
-          run_command("pyenv local #{python_version}")
-          run_command("pyenv exec pipenv --rm")
-
-          @python_version = "2.7.18"
-          retry
-        ensure
-          @python_version = nil
-          FileUtils.remove_entry(".python-version", true)
-        end
-
-        def may_be_using_wrong_python_version?(error_message)
-          return false if user_specified_python_requirement
-          return true if error_message.include?("UnsupportedPythonVersion")
-          return true if error_message.include?("at matches #{dependency.name}")
-
-          error_message.include?('Command "python setup.py egg_info" failed') ||
-            error_message.include?("exit status 1: python setup.py egg_info")
         end
 
         def pipenv_env_variables
@@ -530,4 +500,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.151.0
+  version: 0.154.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-07 00:00:00.000000000 Z
+date: 2021-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.151.0
+        version: 0.154.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.151.0
+        version: 0.154.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement