dependabot-python 0.160.0 → 0.162.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/lib/dependabot/python/file_parser/poetry_files_parser.rb +26 -16
  4. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +10 -1
  5. data/lib/dependabot/python/python_versions.rb +3 -3
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: efccedc287dfb35ca74be16cd3510e9c328ef66815f0b69376426d18f8abacbf
4
- data.tar.gz: 19b54cc583987fd14d9e8e6ba4a7d8b6fcfab8979cbf2893bb631c48ff84c808
3
+ metadata.gz: a68b3ad8560b0bfba2c04ac116159ea28a9dc3009f2d27213cb7b00adac87b2a
4
+ data.tar.gz: ede45edab4b38123fcdc856fc7f1eabc125ba5ffd5b0cad309d39b8dcb770c91
5
5
  SHA512:
6
- metadata.gz: ab80a99556215eaa2c4981ef0424c432fe91917a4207ad3b8dad62aa6c2fedb7287673ae6abc23f80fe59ac8b6d9a0eddbce0be67647fdeb35f3092d764af63b
7
- data.tar.gz: ab6f92abd351e92bf7d36a74c4014c0a48e09d5d4c4341282c389cd5d82a6bd40680203d2e347751675e1f87759370757855741eff65ea48ed24b1466f1722e1
6
+ metadata.gz: d0d9737ee371902eff0912dbac6a73aaeec6287cb5d85611d5c8f75887611c4ec8273175e3f01607eff6489e2264c40d3bd413af30c7790df4756124f1da99ed
7
+ data.tar.gz: 5e0b31390c059a412d090c544932a039ae26ab2547a33987cc23fc6234051b8106969ea8835478bb6dab303e601c68f7422547c35dcf75932eb1170c06ba844c
data/helpers/build CHANGED
@@ -16,9 +16,9 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=3.9.6 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=3.9.7 pyenv exec pip install -r "requirements.txt"
20
20
 
21
21
  # Workaround of https://github.com/python-poetry/poetry/issues/3010
22
22
  # By default poetry config file is stored under ~/.config/pypoetry
23
23
  # and is not bound to any specific Python version
24
- PYENV_VERSION=3.9.6 pyenv exec poetry config experimental.new-installer false
24
+ PYENV_VERSION=3.9.7 pyenv exec poetry config experimental.new-installer false
data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED
@@ -43,28 +43,38 @@ module Dependabot
43
43
 
44
44
  deps_hash.each do |name, req|
45
45
  next if normalise(name) == "python"
46
- next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
47
-
48
- check_requirements(req)
49
-
50
- dependencies <<
51
- Dependency.new(
52
- name: normalise(name),
53
- version: version_from_lockfile(name),
54
- requirements: [{
55
- requirement: req.is_a?(String) ? req : req["version"],
56
- file: pyproject.name,
57
- source: nil,
58
- groups: [type]
59
- }],
60
- package_manager: "pip"
61
- )
46
+
47
+ requirements = parse_requirements_from(req, type)
48
+ next if requirements.empty?
49
+
50
+ dependencies << Dependency.new(
51
+ name: normalise(name),
52
+ version: version_from_lockfile(name),
53
+ requirements: requirements,
54
+ package_manager: "pip"
55
+ )
62
56
  end
63
57
  end
64
58
 
65
59
  dependencies
66
60
  end
67
61
 
62
+ # @param req can be an Array, Hash or String that represents the constraints for a dependency
63
+ def parse_requirements_from(req, type)
64
+ [req].flatten.compact.map do |requirement|
65
+ next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
66
+
67
+ check_requirements(requirement)
68
+
69
+ {
70
+ requirement: requirement.is_a?(String) ? requirement : requirement["version"],
71
+ file: pyproject.name,
72
+ source: nil,
73
+ groups: [type]
74
+ }
75
+ end.compact
76
+ end
77
+
68
78
  # Create a DependencySet where each element has no requirement. Any
69
79
  # requirements will be added when combining the DependencySet with
70
80
  # other DependencySets.
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -22,6 +22,7 @@ module Dependabot
22
22
  require_relative "setup_file_sanitizer"
23
23
 
24
24
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
25
+ INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
25
26
  WARNINGS = /\s*# WARNING:.*\Z/m.freeze
26
27
  UNSAFE_NOTE =
27
28
  /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
154
155
 
155
156
  return stdout if process.success?
156
157
 
158
+ handle_pip_errors(stdout, command, time_taken, process.to_s)
159
+ end
160
+
161
+ def handle_pip_errors(stdout, command, time_taken, exit_value)
162
+ if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
163
+ raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
164
+ end
165
+
157
166
  raise SharedHelpers::HelperSubprocessFailed.new(
158
167
  message: stdout,
159
168
  error_context: {
160
169
  command: command,
161
170
  time_taken: time_taken,
162
- process_exit_value: process.to_s
171
+ process_exit_value: exit_value
163
172
  }
164
173
  )
165
174
  end
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,14 +4,14 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.9.6
7
+ 3.9.7
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.9.6 3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
14
- 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
14
+ 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
15
15
  3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
16
16
  3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
17
17
  3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.160.0
4
+ version: 0.162.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-18 00:00:00.000000000 Z
11
+ date: 2021-09-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.160.0
19
+ version: 0.162.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.160.0
26
+ version: 0.162.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement