dependabot-python 0.159.2 → 0.162.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '08c75666c7cde1fc641052cd06bce7125563273cfb0e86a77de1d4456eee3154'
4
- data.tar.gz: 0c79609678f043e41a66a2ef70a9b4bcf4699956dea0dc877428f4f15759c787
3
+ metadata.gz: da6c3e736ee8f02776fedf5695346709bac95b3097c10d2dde5bc5a6d905f676
4
+ data.tar.gz: 87f853c530208503b2d323c521ec91dbc634ed3595b714332052d4cd1083530e
5
5
  SHA512:
6
- metadata.gz: eb79111bc3936380555b28198f5444fa6fc97f86e3130869eb9d0baab7a16de23d47f76c09e59efafea0cdd79976d762d7c9be96fc53c32e095c6d77af9c78df
7
- data.tar.gz: 98b1be70f8675522156e438cee860437d3a64cef52c1ac2a313a9ffa1b407671eceb26c9c2d10f2c22f85761ece12b1c358a9fa21a3a3081dc69a7cd0ed0f4ca
6
+ metadata.gz: 800369a7807ec5847859c5b0632cd406d63f99b3e107b93d2b6a4cdb493b73272277e2cdef59d5ddc937482f84f1eceae4c24a816e8783cc3598489f6415d4af
7
+ data.tar.gz: 1c101bf1009882f6500c46c42ba2de3587fa0271a76d321881a4d36330c5875904af742a4b3426a8b6e0fc70f8e41f594eced1618547063c93ef0a6fba248912
@@ -43,28 +43,38 @@ module Dependabot
43
43
 
44
44
  deps_hash.each do |name, req|
45
45
  next if normalise(name) == "python"
46
- next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
47
-
48
- check_requirements(req)
49
-
50
- dependencies <<
51
- Dependency.new(
52
- name: normalise(name),
53
- version: version_from_lockfile(name),
54
- requirements: [{
55
- requirement: req.is_a?(String) ? req : req["version"],
56
- file: pyproject.name,
57
- source: nil,
58
- groups: [type]
59
- }],
60
- package_manager: "pip"
61
- )
46
+
47
+ requirements = parse_requirements_from(req, type)
48
+ next if requirements.empty?
49
+
50
+ dependencies << Dependency.new(
51
+ name: normalise(name),
52
+ version: version_from_lockfile(name),
53
+ requirements: requirements,
54
+ package_manager: "pip"
55
+ )
62
56
  end
63
57
  end
64
58
 
65
59
  dependencies
66
60
  end
67
61
 
62
+ # @param req can be an Array, Hash or String that represents the constraints for a dependency
63
+ def parse_requirements_from(req, type)
64
+ [req].flatten.compact.map do |requirement|
65
+ next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
66
+
67
+ check_requirements(requirement)
68
+
69
+ {
70
+ requirement: requirement.is_a?(String) ? requirement : requirement["version"],
71
+ file: pyproject.name,
72
+ source: nil,
73
+ groups: [type]
74
+ }
75
+ end.compact
76
+ end
77
+
68
78
  # Create a DependencySet where each element has no requirement. Any
69
79
  # requirements will be added when combining the DependencySet with
70
80
  # other DependencySets.
@@ -22,6 +22,7 @@ module Dependabot
22
22
  require_relative "setup_file_sanitizer"
23
23
 
24
24
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
25
+ INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
25
26
  WARNINGS = /\s*# WARNING:.*\Z/m.freeze
26
27
  UNSAFE_NOTE =
27
28
  /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
154
155
 
155
156
  return stdout if process.success?
156
157
 
158
+ handle_pip_errors(stdout, command, time_taken, process.to_s)
159
+ end
160
+
161
+ def handle_pip_errors(stdout, command, time_taken, exit_value)
162
+ if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
163
+ raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
164
+ end
165
+
157
166
  raise SharedHelpers::HelperSubprocessFailed.new(
158
167
  message: stdout,
159
168
  error_context: {
160
169
  command: command,
161
170
  time_taken: time_taken,
162
- process_exit_value: process.to_s
171
+ process_exit_value: exit_value
163
172
  }
164
173
  )
165
174
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.159.2
4
+ version: 0.162.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-17 00:00:00.000000000 Z
11
+ date: 2021-09-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.159.2
19
+ version: 0.162.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.159.2
26
+ version: 0.162.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement